Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • Please log in to reply



    New Member

  • Member
  • Pip
  • 7 posts
A window keeps poping up to a website called traffic vortal and a bunch of other one's. It keeps changing over and over. I get a script error aswell everytime it changes pages. i've tryed using all the spyware progs that i know of and nothing works. I have Hijackthis and i'm just not sure what to do with it. Can someone please help me?
  • 0




    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Double click hijkackthis

Choose do a System scan and save logfile
notepad will open with some text in it.
Copy and paste it here using the add/reply button

Edited by loophole, 02 October 2006 - 09:32 PM.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is my log file from hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 6:40:33 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tlegault\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: start.lnk = C:\WINDOWS\system32\sdcc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145577232812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts

Please run a scan with HijackThis and check the following lines for removal:

O4 - Startup: start.lnk = C:\WINDOWS\system32\sdcc.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After the reboot

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply with a new hijack log
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
YOU ARE A GOD!! I love you... i just couldn't figure this one out. You sir... are my friend! Thank you all!
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts
Thankyou for the kind words but can you do this

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Edited by loophole, 03 October 2006 - 08:24 PM.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I'm not exactly sure what this prog does... could you explain what i'm doing here?

Again.. thank you!

blank - 06-10-03 23:59:35.64 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\blank\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))

2006-10-03 21:02 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-03 21:02 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-05 23:41 56 -r-hs---- C:\WINDOWS\system32\17C9EBE5DE.sys
2006-09-05 23:38 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-04 19:14 3,959,168 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-04 19:14 3,640,608 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-03 23:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 21:06 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-03 21:03 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-03 21:03 -------- d-------- C:\Program Files\Symantec
2006-10-03 19:51 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-10-03 19:34 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-02 21:41 -------- d-------- C:\Program Files\Bazooka Scanner
2006-10-02 21:33 -------- d-------- C:\Program Files\Trend Micro
2006-10-02 19:28 -------- d-------- C:\Program Files\SatelliteTVforPC
2006-10-02 18:06 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Google
2006-10-02 18:05 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-20 17:11 -------- d---s---- C:\Documents and Settings\tlegault\Application Data\Microsoft
2006-09-20 16:49 -------- d-------- C:\Program Files\Microsoft Games
2006-09-19 16:42 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-09-14 17:55 -------- d-------- C:\Program Files\Adobe
2006-09-14 17:53 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Adobe
2006-09-12 23:40 -------- d-------- C:\Program Files\BitComet
2006-09-11 21:49 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Skype
2006-09-10 01:33 -------- d-------- C:\Program Files\MSN Messenger
2006-09-06 17:06 -------- d-------- C:\Program Files\Common Files
2006-09-06 17:03 -------- d-------- C:\Program Files\Microsoft Works
2006-09-06 17:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-05 23:45 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Corel
2006-09-05 23:41 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-05 23:35 -------- d-------- C:\Program Files\WordPerfect Office X3 Installer
2006-09-05 23:28 -------- d-------- C:\Program Files\MySecretFolder XP
2006-09-04 19:23 -------- d-------- C:\Program Files\QuickTime
2006-09-04 19:19 -------- d-------- C:\Program Files\iTunes
2006-09-02 13:22 -------- d-------- C:\Program Files\Project64 1.6
2006-08-28 23:18 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Real
2006-08-28 23:02 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-28 22:55 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-27 01:52 -------- d-------- C:\Documents and Settings\tlegault\Application Data\Ahead
2006-08-26 23:32 -------- d-------- C:\Program Files\DVD Decrypter
2006-08-26 23:31 -------- d-------- C:\Program Files\DVDFab Decrypter
2006-08-26 23:31 -------- d-------- C:\Program Files\DVD Shrink
2006-08-26 23:26 -------- d-------- C:\Program Files\Nero
2006-08-26 23:19 -------- d-------- C:\Program Files\Ahead
2006-08-26 23:15 156 --a------ C:\CONFIG.SYS
2006-08-26 23:15 119 --a------ C:\AUTOEXEC.BAT
2006-08-22 06:24 -------- d-------- C:\Program Files\LimeWire
2006-08-21 23:15 -------- d-------- C:\Documents and Settings\tlegault\Application Data\AdobeUM
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 16:50 -------- d-------- C:\Program Files\Java
2006-08-12 22:51 -------- d-------- C:\Program Files\Internet Explorer
2006-08-12 16:25 -------- d-------- C:\Program Files\EA GAMES
2006-08-11 20:58 -------- d-------- C:\Program Files\iPod
2006-08-06 02:15 -------- d-------- C:\Program Files\VentSrv
2006-08-06 02:15 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-04 16:25 592402 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-05 20:02 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-07-03 23:40 620180 --a------ C:\WINDOWS\system32\divx.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"WeatherEye"="C:\\Program Files\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AceGain LiveUpdate"="C:\\Program Files\\AceGain\\LiveUpdate\\LiveUpdate.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""





[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName"="My Current Home Page"








securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: Wed 10/04/2006 0:00:39.09
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts

could you explain what i'm doing here

This tool does so many things its hard to explain. But in your case I wanted to see what files had been created in the last 30 days since I havent seen this infection too much. It also shows me some registry areas that malware commonly uses etc. its a great tool

Can you do this for me

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • Click on the submit button
  • Please post the results in your next reply.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Actualy i can't do that for you. This .sys file does not exist. 17C9EBE5DE.sys Is this a problem?
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Not sure if its a problem, just want to be sure

try this and then try the jotti directions

Show hidden files and folders
  • Click start >>> control panel
  • click the tools tab and then click folder options
  • Click view
  • tick the show hidden files and folders radio button
  • Uncheck hide extensions for known file types
  • Uncheck hide protected operating system files
  • Click Apply then Ok

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well... it's still not there. Not really sure what to say.
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts
OK, not a big deal

Can you run this scan to finish up

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
HAHAHahaha... i suck! My browser isn't supported. I'm using firefox.
  • 0



    Malware Expert

  • Retired Staff
  • 9,798 posts

Can you use IE to run the scan?
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP