Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware killing me

Started by cabowabo , Aug 13 2006 06:56 AM

  • Please log in to reply

#1
cabowabo
Posted 13 August 2006 - 06:56 AM

cabowabo

    Member

  • Member
  • PipPip
  • 43 posts
i have used you guys before, and now i need help again, i have several things i cannot get rid of.
i need help
one is something called search assistant, and one is 180 solutions, plus now my computer is making some weird noises, like its trying to shut down, but it doesnt, only making those noises
thank you
cabo




Logfile of HijackThis v1.99.1
Scan saved at 7:46:16 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet

Files\Content.IE5\YMQXXDCU\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://bibleresource...m/bible_kjv.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.emachines.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-

A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-

9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media

Reader\shwiconem.exe
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2

\mimboot.exe
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808]

"C:\WINDOWS\Downloaded Program

Files\UWFX5RS_0001_0808NetInstaller.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program

Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program

Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0

-k
O4 - HKLM\..\Run: [SpywareBot] C:\Program

Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [qzzo] C:\PROGRA~1\COMMON~1\qzzo\qzzom.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft

Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpywareBot] C:\Program

Files\spywarebot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-

8C13714ED485} - C:\Documents and Settings\All Users\Start

Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-

91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start

Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-

12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

(file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-

9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-

800749B94EED} - C:\Program

Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849

-800749B94EED} - C:\Program

Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office

Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}

(InstallerBehaviorFactory Class) -

https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E}

(EGamesPlugin Class) - https://www.e-

games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX

Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.micros...n/x86/client/mu

web_site.cab?1144196004066
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove

Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj

Class) -

https://rtc3.webresp...p/TLIEFlash.CAB
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} -

http://pictures06.ai...f/AOLUPF.en-US-

AIM.9.5.1.8.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown

Installer ActiveX Control) -

http://download.toon...5.28/ttinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32

\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) -

Authentium, Inc. - c:\program

files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. -

C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner -

C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32

\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd)

- Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%

ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP