Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log please

Started by Iberia , May 01 2005 05:41 AM

  • Please log in to reply

#1
Iberia
Posted 01 May 2005 - 05:41 AM

Iberia

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:39:30, on 01-05-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
D:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
D:\Programas\Norton AntiVirus\navapsvc.exe
D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
C:\Programas\QuickTime\qttask.exe
D:\Programas\Messenger Plus! 3\MsgPlus.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\Internet Explorer\iexplore.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\SpySubtract\SpySub.exe
D:\WINDOWS\twain_32\CIS600X\WATCH.exe
D:\Programas\Internet Explorer\iexplore.exe
C:\eMule\emule.exe
D:\Programas\MSN Messenger\msnmsgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Documents and Settings\Utilizador\Ambiente de trabalho\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nigoycnal...voDr9h0IAiT.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D9014E15-794D-C726-C3D4-B1ACD8F3CB1B} - D:\DOCUME~1\UTILIZ~1\APPLIC~1\SOFTBO~1\program trust.exe
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\azesearch3.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasadm.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\azesearch3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [atom size camp this] D:\Documents and Settings\All Users\Application Data\barb tons atom size\ShimSoap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [load build] D:\DOCUME~1\UTILIZ~1\APPLIC~1\4THIS~1\pure test dead.exe
O4 - Startup: Watch.lnk = D:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Iberia
Posted 01 May 2005 - 07:56 AM

Iberia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Please help me out, i followed all the steps and i did the procedure like 3 times and yet azesearch just keep coming back, i have this problem like 1 week. please help me out.
  • 0

#3
Hemal
Posted 01 May 2005 - 08:06 AM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nigoycnal...voDr9h0IAiT.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\azesearch3.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasadm.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\azesearch3.dll
O2 - BHO: (no name) - {D9014E15-794D-C726-C3D4-B1ACD8F3CB1B} - D:\DOCUME~1\UTILIZ~1\APPLIC~1\SOFTBO~1\program trust.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#4
Iberia
Posted 01 May 2005 - 08:38 AM

Iberia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 15:32:04, on 01-05-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
D:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
D:\Programas\Norton AntiVirus\navapsvc.exe
D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programas\QuickTime\qttask.exe
D:\Programas\Messenger Plus! 3\MsgPlus.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\SpySubtract\SpySub.exe
D:\WINDOWS\twain_32\CIS600X\WATCH.exe
D:\WINDOWS\REGEDIT.exe
D:\Programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
d:\progra~1\intern~1\iexplore.exe
D:\Documents and Settings\Utilizador\Ambiente de trabalho\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sefcasnmj...PoDr9h0IAiT.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [atom size camp this] D:\Documents and Settings\All Users\Application Data\barb tons atom size\ShimSoap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [load build] D:\DOCUME~1\UTILIZ~1\APPLIC~1\4THIS~1\pure test dead.exe
O4 - Startup: Watch.lnk = D:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

When i started IE the homepage was azesearch, and it looks like this wasnt fixed:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://www.sefcasnmjifepjzapoqjg.biz/ChUarAu1vsAJ5yTmQVJPJyKsoG1zjnU3PBPRxzBJAuVnknLJbk5B7PoDr9h0IAiT.php]

Edited by Iberia, 01 May 2005 - 08:39 AM.

  • 0

#5
Hemal
Posted 01 May 2005 - 09:18 AM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
get rid of
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sefcasnmj...PoDr9h0IAiT.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com

After, please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

Run another ad-aware scan if possible to make sure we got rid of all those nasties

after reboot and post a new HiJack This log- is your computer running better?
  • 0

#6
Iberia
Posted 01 May 2005 - 10:13 AM

Iberia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:06:03, on 01-05-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
D:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
D:\Programas\Norton AntiVirus\navapsvc.exe
D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programas\QuickTime\qttask.exe
D:\Programas\Messenger Plus! 3\MsgPlus.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\SpySubtract\SpySub.exe
D:\WINDOWS\twain_32\CIS600X\WATCH.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Documents and Settings\Utilizador\Ambiente de trabalho\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mgsdzvqwdfzgz...oDr9h0IAiT.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [atom size camp this] D:\Documents and Settings\All Users\Application Data\barb tons atom size\ShimSoap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [load build] D:\DOCUME~1\UTILIZ~1\APPLIC~1\4THIS~1\pure test dead.exe
O4 - Startup: Watch.lnk = D:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programas\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - D:\Programas\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

It looks like its working fine now but i have folders in the favorites that i want to remove but they justcant be deleted.
  • 0

#7
Hemal
Posted 01 May 2005 - 02:38 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mgsdzvqwdfzgz...oDr9h0IAiT.html

^get rid of that and then run and updated ad-aware or spybot scan, try and see if that will solve your problem
  • 0

#8
Hemal
Posted 01 May 2005 - 02:38 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mgsdzvqwdfzgz...oDr9h0IAiT.html

^get rid of that and then run and updated ad-aware or spybot scan, try and see if that will solve your problem
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP