Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i guess im suppose to post it this way:-p

Started by czarly12 , Feb 09 2005 01:25 PM

  • Please log in to reply

#1
czarly12
Posted 09 February 2005 - 01:25 PM

czarly12

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.0
Scan saved at 2:05:38 PM, on 2/9/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\TSYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\CREATIVE\SHARED FILES\CAMTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ELITELWA32.EXE
C:\WINDOWS\SYSTEM\OWFZYU.EXE
C:\WINDOWS\SYSTEM\NZDKNCNL.EXE
C:\WINDOWS\SSSASASB32.EXE
C:\WINDOWS\SHCH.EXE
C:\WINDOWS\SYSTEM\ATOCKBOX.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WILODBC.EXE
C:\WINDOWS\PACKAGER.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O2 - BHO: (no name) - {50A5ACAD-141C-4F94-B694-B24A8AE51C71} - C:\PROGRAM FILES\YAB8BH0H\YAB8BH0H.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALPLAYER\tsystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [saie] c:\windows\system\saie.exe
O4 - HKLM\..\Run: [YAB8BH0H] \Progra~1\YAB8BH0H\YAB8BH0H.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\WTGGIS.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdtl.exe
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITELWA32.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\OWFZYU.exe
O4 - HKLM\..\Run: [nzdkncnl] c:\windows\system\nzdkncnl.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\Run: [lwx] C:\WINDOWS\lwx.exe
O4 - HKLM\..\Run: [sssasasb32] C:\WINDOWS\sssasasb32.exe
O4 - HKLM\..\Run: [oezclc] C:\WINDOWS\SYSTEM\oezclc.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [ibhflc] C:\WINDOWS\SYSTEM\ibhflc.exe
O4 - HKLM\..\Run: [q36i36O] ATOCKBOX.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [b0psRWi7S] WILODBC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
  • 0

Advertisements

#2
admin
Posted 09 February 2005 - 04:50 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Welcome to Geeks to Go czarly12. Did you follow the recomendations here?
  • 0

#3
czarly12
Posted 09 February 2005 - 09:06 PM

czarly12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
yes, I ran spybot it gives error messages, but it says it deleted some problems but not all of them... i also keep gettin pop ups, and when i try to open internet explore it just closes it.. im using mozilla right now and its working fine.. i dont know what to do !!!
  • 0

#4
admin
Posted 10 February 2005 - 12:12 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

HijackThis is current; running from a temporary folder Please save Hijack This in a permanent folder (i.e. C:HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O2 - BHO: (no name) - {50A5ACAD-141C-4F94-B694-B24A8AE51C71} - C:\PROGRAM FILES\YAB8BH0H\YAB8BH0H.dll (file missing)
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [saie] c:\windows\system\saie.exe
O4 - HKLM\..\Run: [YAB8BH0H] \Progra~1\YAB8BH0H\YAB8BH0H.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\WTGGIS.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdtl.exe
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITELWA32.EXE
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\OWFZYU.exe
O4 - HKLM\..\Run: [nzdkncnl] c:\windows\system\nzdkncnl.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\Run: [lwx] C:\WINDOWS\lwx.exe
O4 - HKLM\..\Run: [sssasasb32] C:\WINDOWS\sssasasb32.exe
O4 - HKLM\..\Run: [oezclc] C:\WINDOWS\SYSTEM\oezclc.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [ibhflc] C:\WINDOWS\SYSTEM\ibhflc.exe
O4 - HKLM\..\Run: [q36i36O] ATOCKBOX.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [b0psRWi7S] WILODBC.EXE

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Be sure you're able to view hidden files, and remove the following files/folders (if found):

C:\PROGRAM FILES\VIEWPOINT <- this folder
C:\WINDOWS\SYSTEM\ELITELWA32.EXE
C:\WINDOWS\SYSTEM\OWFZYU.EXE
C:\WINDOWS\SYSTEM\NZDKNCNL.EXE
C:\WINDOWS\SSSASASB32.EXE
C:\WINDOWS\SHCH.EXE
C:\WINDOWS\SYSTEM\ATOCKBOX.EXE
C:\PROGRAM FILES\AUTOUPDATE <- this folder
C:\WINDOWS\SYSTEM\WSXSVC <- this folder
C:\WINDOWS\SYSTEM\WILODBC.EXE
C:\WINDOWS\PACKAGER.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\PROGRAM FILES\SURFSIDEKICK 2 <- this folder
C:\PROGRAM FILES\YAB8BH0H <- this folder
C:\WINDOWS\ZSERV.DLL
C:\PROGRAM FILES\WILDTANGENT <- this folder
c:\windows\system\saie.exe
C:\WINDOWS\SYSTEM\WTGGIS.exe
C:\WINDOWS\SYSTEM\winupdtl.exe
C:\WINDOWS\lwx.exe
C:\WINDOWS\SYSTEM\oezclc.exe
C:\WINDOWS\SYSTEM\ibhflc.exe
C:\WINDOWS\SYSTEM\ATOCKBOX.EXE
C:\WINDOWS\FARMMEXT.exe
C:\WINDOWS\SYSTEM\WILODBC.EXE

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#5
czarly12
Posted 11 February 2005 - 01:48 PM

czarly12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
so i did what you told me to do and deleted most of those files... but some of them i couldnt fine like the surfsidekick 2, wildtanget TAB8BH0H... and some other ones.. but heres the log that i have after scanning...
thank you !!!!


Logfile of HijackThis v1.99.0
Scan saved at 2:44:09 PM, on 2/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\CREATIVE\SHARED FILES\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [q36i36O] ATOCKBOX.EXE
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITELWA32.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP