Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP PLZ.

Started by Inge , Apr 19 2005 01:57 PM

  • This topic is locked This topic is locked

#1
Inge
Posted 19 April 2005 - 01:57 PM

Inge

    New Member

  • Member
  • Pip
  • 3 posts
ok here is the problem i got all these [bleep] icons on my destop computer is going really slow. and i get a pop up when i log on it says "this call is not cheap its 2.99 a min"
Help plz
here is the log
Logfile of HijackThis v1.99.1
Scan saved at 3:53:04 PM, on 4/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Windows ControlAd\WinCtlAd.exe
E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
E:\WINDOWS\System32\acjcwqh.exe
E:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
E:\WINDOWS\qtsks.exe
E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
E:\WINDOWS\qttasks.exe
E:\WINDOWS\ramex.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
E:\Program Files\Microsoft Office\Office10\msoffice.exe
E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Allard Family\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - E:\WINDOWS\ZServ.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - E:\WINDOWS\svchost2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [Windows ControlAd] E:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SGTBox] E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
O4 - HKLM\..\Run: [satmat] E:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [omxojq] E:\WINDOWS\System32\acjcwqh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [farmmext] E:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [TkBellExe] E:\WINDOWS\ccApp.exe /i
O4 - HKLM\..\Run: [MsnExplorer] E:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [ErrorGuard] E:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [Qtime] E:\WINDOWS\qtsks.exe /i
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [Quicktime] E:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [etbrun] E:\windows\system32\elitejjm32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] E:\WINDOWS\system32\canada.exe -N
O4 - HKLM\..\Run: [ramexp] E:\WINDOWS\ramex.exe
O4 - HKCU\..\Run: [Update Manager] "E:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "E:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk181XXUS
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://E:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Verweisseiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://E:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: v2cab - http://install.searc...m/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...2ed4a44fc833108
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
Inge
Posted 19 April 2005 - 04:21 PM

Inge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
bumb really need help
heres an update on the log

Logfile of HijackThis v1.99.1
Scan saved at 6:17:58 PM, on 4/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Windows ControlAd\WinCtlAd.exe
E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
E:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
E:\WINDOWS\qtsks.exe
E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
E:\WINDOWS\qttasks.exe
E:\WINDOWS\ramex.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
E:\Program Files\Microsoft Office\Office10\msoffice.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
E:\Documents and Settings\Allard Family\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - E:\WINDOWS\ZServ.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - E:\WINDOWS\svchost2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [Windows ControlAd] E:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SGTBox] E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
O4 - HKLM\..\Run: [omxojq] E:\WINDOWS\System32\acjcwqh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] E:\WINDOWS\ccApp.exe /i
O4 - HKLM\..\Run: [MsnExplorer] E:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [ErrorGuard] E:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [Qtime] E:\WINDOWS\qtsks.exe /i
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "E:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [Quicktime] E:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [etbrun] E:\windows\system32\elitejjm32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] E:\WINDOWS\system32\canada.exe -N
O4 - HKLM\..\Run: [ramexp] E:\WINDOWS\ramex.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Update Manager] "E:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "E:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk181XXUS
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://E:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Verweisseiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://E:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: v2cab - http://install.searc...m/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...2ed4a44fc833108
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
  • 0

#3
Guest_usetobe_*
Posted 27 April 2005 - 06:49 AM

Guest_usetobe_*
  • Guest
Hi Inge,

Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#4
Inge
Posted 10 May 2005 - 07:09 PM

Inge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
yes i still need help i got alot of stuff but i still have more.
I have an icone that says click me(canada.exe) and when i delete it, it comes back.

And i have another question does hijackthis scan all your hard drives?? and accounts?

here is log

Logfile of HijackThis v1.99.1
Scan saved at 9:03:43 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\HJt\HijackThis.exe

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [SGTBox] E:\PROGRA~1\Canon\SCANGE~1\SGTBox.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASDPLUGIN] E:\WINDOWS\system32\canada.exe -N
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Update Manager] "E:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "E:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Picture Package Menu.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Verweisseiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
  • 0

#5
Guest_usetobe_*
Posted 11 May 2005 - 02:26 AM

Guest_usetobe_*
  • Guest
Hi Inge,

In answer to your questions, HJT scans the registry, operating system and other files that malware infects. Any accounts with administrator rights needs to be checked.

Now on with the log you posted for this account


Please print out these instructions to make it easy to follow and to have access to them when you have to reboot your pc. Please read through them prior to commencing to do anything and if there is anything that you are unsure of, or do not understand, please contact me first for assistance.

I would like you to carry out the following free on-line virus scan and follow their instructions on removal of anything that it may find.

Panda Active Scan

Next please download the following two programs. Install them and update them both. Then run each one and have them fix anything that they may find.

Spybot Search and Destroy 1.3

Ad-aware S E 1.5

Open up HJT and rescan and Place a check against each of the following, making sure you get them all and not any others by mistake. Some of them might not be there as they will have been removed in previous stages of the sequence. This is normal so do not be alarmed

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O4 - HKLM\..\Run: [ASDPLUGIN] E:\WINDOWS\system32\canada.exe -N


Ensure no windows are open apart from HJT and click FIX CHECKED.

Download the following program.

Cleanup

Reboot into SAFE MODE by tapping the F8 key whilst PC starts up.

Set PC to show hidden files (Click link below if you do not know how

Show hidden files

Using Windows Explorer locate and delete the following files/folders.

E:\WINDOWS\system32\canada.exe

Now use the Cleanup program to clear out temp files, junk etc.

Reboot normally and rescan with HJT and post the log in this thread.

Let me know if you cannot find the file in windows explorer.
  • 0

#6
Guest_usetobe_*
Posted 13 June 2005 - 07:48 AM

Guest_usetobe_*
  • Guest
no response topic closed
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP