Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cannot even install avg! no .exe's


  • Please log in to reply

#1
sweft

sweft

    Member

  • Member
  • PipPipPip
  • 123 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:15:17 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\CROSOF~1\spool32.exe
C:\WINDOWS\system32\??mbols\m?iexec.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R3 - URLSearchHook: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\CROSOF~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Eoraqw] C:\WINDOWS\system32\??mbols\m?iexec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements


#2
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hi, I would like to take a look at this log for you
and will get back you you as soon as I can.

Thank You.
  • 0

#3
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
sweft :whistling:

Copy and Paste this post into a new text document

Step 1

You must place HiJack this into it's own folder,
If we ever need to restore any Item then this folder will safely store all entries
and enable us to then use the Back-up feature that Hijack This offers

If you want to keep the HijackThis program on the Desktop, right click an empty area, select New > Folder, name the folder HijackThis (or whatever you wish), and place the HijackThis.exe file in it.
Do this BEFORE you proceed!


Step 2

Please now go to: http://virusscan.jotti.org/
At the top select the Browse button then navigate to this File and Submit it to be scanned.
C:\WINDOWS\system32\zickp.dll
can you please Copy & Paste the scan result in your next reply


Step 3

Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

Double click combofix.exe.

When finished, it shall produce a log for you. .

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Step 4

Re-Open HijackThis
Click "Open the Misc Tools" section.
Click "Open Uninstall Manager"...
Click "Save list"... and save it to your Desktop.
Copy and paste the file "uninstall_list.txt" into your next reply.

Please Re-scan with HijackThis and post

1/ The new HijackThis log
2/ The Jotti result
3/ the combofix log
4/ The uninstall_list.txt

Thank you
  • 0

#4
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
File: zickp.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 2c208db37ad5da43287fe05fe64a39e2
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT

Scanner results
Scan taken on 10 Feb 2007 21:02:41 (GMT)
AntiVir Found ADSPY/PurityScan.AK.161 adware
ArcaVir Found Adware.Purityscan.Ak
Avast Found Win32:Agent-RY
AVG Antivirus Found Generic.TKQ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak (4, 1, 400)
Fortinet Found Adware/Purityscan
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32 Found a variant of Win32/Adware.PurityScan application
Norman Virus Control Found W32/PurityScan.dam
VirusBuster Found nothing
VBA32 Found AdWare.Win32.PurityScan.ak

Statistics
Last file scanned at least one scanner reported something about: wise.exe (MD5: 1984814a6471a3dbf7ea6d1f471e3389), detected by:

Scanner Malware name
AntiVir TR/Crypt.XPACK.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Generic.Malware.GSI!Fdld.BCAA4D74
ClamAV X
Dr.Web WIN.IRC.WORM.Virus
F-Prot Antivirus Possibly a new variant of W32/CrazyCrunch-based!Maximus
F-Secure Anti-Virus Backdoor.Win32.Wisdoor.ar
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Wisdoor.ar
NOD32 a variant of Win32/Wisdoor
Norman Virus Control Sandbox: W32/Malware
VirusBuster X
VBA32 X

"Owner" - 07-02-07 15:14:47 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\f4j20e1oeh.dll
C:\WINDOWS\system32\guard.tmp


Granting SeDebugPrivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\a.exe
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\DOCUME~1\NETWOR~1\Application Data\NetMon
C:\DOCUME~1\Owner\Application Data\SearchToolbarCorp
C:\Program Files\Batty2
C:\Program Files\cmfibula
C:\Program Files\CMFibula
C:\Program Files\Cowabanga
C:\Program Files\Deskbar
C:\Program Files\Network Monitor
C:\Program Files\OIN Search
C:\Program Files\Outerinfo
C:\Program Files\outlook
C:\Program Files\TheSearchAccelerator
C:\Program Files\winupdates
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Owner
C:\qoobox\purity\DOCUME~1\Owner\Application Data
C:\qoobox\purity\DOCUME~1\Owner\My Documents
C:\qoobox\purity\DOCUME~1\Owner\Application Data\ASEMBL~1
C:\qoobox\purity\DOCUME~1\Owner\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\PPPATC~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\ati2evxx.exe
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0000
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0001
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0002
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0003
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0004
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0005
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0006
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\ECURIT~1
C:\qoobox\purity\Program Files\Common Files\PPATCH~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1\spool32.exe
C:\qoobox\purity\WINDOWS\SMBOLS~1
C:\qoobox\purity\WINDOWS\system32\MBOLS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\MBOLS~1\m?iexec.exe


((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


2007-02-07 00:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-06 22:24 <DIR> d-------- C:\WINDOWS\pss
2007-01-28 22:13 <DIR> d-------- C:\Downloads
2007-01-28 18:35 <DIR> d-------- C:\Program Files\BitTorrent
2007-01-28 18:35 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\BitTorrent
2007-01-27 14:28 60,416 --a------ C:\WINDOWS\system32\zickp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-04 18:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\bittorrent
2007-01-31 23:21 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-01-31 23:21 -------- d-------- C:\Program Files\yahoo!
2007-01-31 23:18 -------- d-------- C:\Program Files\java
2007-01-31 23:09 -------- d-------- C:\Program Files\kodak
2007-01-31 23:07 -------- d-------- C:\Program Files\limewire
2007-01-31 12:26 -------- d-------- C:\Program Files\quicktime
2007-01-27 14:28 2 --a------ C:\WINDOWS\system32\wnsapiit.exe
2007-01-22 00:35 -------- d---s---- C:\Documents and Settings\Owner\Application Data\microsoft
2007-01-08 13:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\walgreens
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-07 11:21 -------- d-------- C:\Program Files\google
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Tbsa"="\"C:\\PROGRA~1\\COMMON~1\\CROSOF~1\\spool32.exe\" -vt yazr"
"Eoraqw"="C:\\WINDOWS\\system32\\??mbols\\m?iexec.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ac84341-5880-11db-ac2f-806d6172696f}]
Shell\AutoRun\command D:\Launch.exe


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-07 15:27:23



Logfile of HijackThis v1.99.1
Scan saved at 15:32, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R3 - URLSearchHook: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\CROSOF~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Eoraqw] C:\WINDOWS\system32\??mbols\m?iexec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



Adobe Flash Player 9 ActiveX
BitTorrent 5.0.5
Broadcom 802.11 Driver
Conexant AC-Link Audio
HijackThis 1.99.1
HP Help and Support
Intel® Extreme Graphics 2 Driver
iTunes
MSXML 4.0 SP2 (KB927978)
MySpaceIM
OIN Search
Outerinfo
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
SoftV92 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Install Manager
Yahoo! Messenger
Zone Deluxe Games

Edited by sweft, 10 February 2007 - 03:34 PM.

  • 0

#5
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
sweft

Copy and Paste this post into a new text document

Step 1

Go to Start | Control Panel | Add/Remove Programs and Uninstall:

OIN Search
Outerinfo


Scan with HijackThis again and place a checkmark in the boxes before the following entries:

R3 - URLSearchHook: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\CROSOF~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Eoraqw] C:\WINDOWS\system32\??mbols\m?iexec.exe

Close any Explorer windows which may be open and click the "Fix Checked" button.


Step 2

Double-click on My Computer, Double-click on Local Disk
and navigate to then Right Click on and Delete this Bold entry

C:\WINDOWS\system32\zickp.dll

----------------------

Please Reboot your System then Re-scan with HijackThis and post the new log.

Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP