Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I Have Tryed Every Thing

Started by H4CKS1GN , May 21 2005 03:47 PM

  • Please log in to reply

#1
H4CKS1GN
Posted 21 May 2005 - 03:47 PM

H4CKS1GN

    New Member

  • Member
  • Pip
  • 2 posts
My Problem Is That Adware, Spyware, And Malware Will Not Get Off My Computer At All. I Have Tryed Sevral Things But Lately I Have Said "Screw it" And Reformated. Its Been About 2-3 Months Now And It Takes About 5 Mins To Start Up My Computer No Kidding. (With Most To All Things Turned Off) I Have Done A Hijackthis Log Of Bouth Startup And Normal Logs.

Some Things I Know What They Are For. Others I Just Want To Kill.

Heres The Log


Logfile of HijackThis v1.99.1
Scan saved at 4:44:20 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Inferno\Apache\apache.exe
C:\Program Files\Inferno\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\Inferno\Apache\apache.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\TightVNC-unstable\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\ztnfiud.exe
C:\program files\180solutions\sais.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\windows\system32\calc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Inferno\EasyPHP.exe
C:\Program Files\Iminyno\Fjkxko.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\collogon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Desktop\Hijack\HijackThis.exe
C:\Program Files\Opera 8 Beta\Opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC-unstable\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelgc32.exe
O4 - HKLM\..\Run: [ztnfiud] c:\windows\system32\ztnfiud.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [ps7k3si] ctlwipes.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [pchmr] C:\WINDOWS\pchmr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [JFs5x1] C:\WINDOWS\brioqdos.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitepjt32.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\Inferno\EasyPHP.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Auzow] C:\Program Files\Iminyno\Fjkxko.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [YBoqRiG4i] collogon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [My App] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.578\Kazaa Plus 2.6 Purchase Crack.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Startup: EasyPHP.lnk = C:\Program Files\Inferno\EasyPHP.exe
O4 - Startup: Winamp Agent.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bridge-c18.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116340389765
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\Inferno\Apache\apache.exe" --ntservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Inferno/mysql/bin/mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC-unstable\WinVNC.exe" -service (file missing)
  • 0

Advertisements

#2
don77
Posted 21 May 2005 - 05:40 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi H4CKS1GN.
You have quite the collection here
  • Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet, though.
  • Update CWShredder by click on the update button,Next be sure and click on the "fix" button.Close out the program when done
  • Please go to Add/Remove programs and remove the following please if found please



    SurfSideKick 2
    180solutions
    Power Scan
    Internet Optimizer
    BullsEye Network
  • Please set your system to show
    all files; please see here if you're unsure how to do this.










  • Close all programs leaving only HijackThis running. Place a check mark next to the following, making sure you get them all and not any others by mistake:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelgc32.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [pchmr] C:\WINDOWS\pchmr.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [JFs5x1] C:\WINDOWS\brioqdos.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitepjt32.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
    O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
    O4 - HKCU\..\Run: [YBoqRiG4i] collogon.exe
    O4 - HKCU\..\Run: [My App] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.578\Kazaa Plus 2.6 Purchase Crack.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bridge-c18.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

    Click on Fix Checked when finished and exit HijackThis.

  • Reboot into Safe Mode: please see here if you are not sure how to do this.


    Using Windows Explorer, locate the following files/folders, and delete them:

    C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    C:\WINDOWS\wupdt.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\Program Files\SurfSideKick 2\Ssk.exe
    c:\program files\180solutions\sais.exe
    C:\Program Files\Power Scan\powerscan.exe
    C:\WINDOWS\pchmr.exe
    C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\brioqdos.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\WINDOWS\farmmext.exe
    C:\windows\system32\elitepjt32.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cxtpls_loader.exe
    C:\WINDOWS\system32\ap9h4qmo.exe
    collogon.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.578\Kazaa Plus 2.6 Purchase Crack.exe
    Exit Explorer, and reboot as normal afterwards.
Post back a fresh HijackThis log and we will take another look.
  • 0

#3
H4CKS1GN
Posted 22 May 2005 - 07:35 PM

H4CKS1GN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ok i got most of the stuff that you said to do. i was running a little short on time when going through the items so im not sure if i got them all excatly.

but heres the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:31:34 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Inferno\Apache\apache.exe
C:\Program Files\Inferno\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\Inferno\Apache\apache.exe
C:\Program Files\TightVNC-unstable\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Iminyno\Fjkxko.exe
C:\windows\system32\ztnfiud.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Xfire\Xfire.exe
C:\windows\system32\packager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera 8 Beta\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC-unstable\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\Inferno\EasyPHP.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Auzow] C:\Program Files\Iminyno\Fjkxko.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelgc32.exe
O4 - HKLM\..\Run: [ztnfiud] c:\windows\system32\ztnfiud.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Startup: EasyPHP.lnk = C:\Program Files\Inferno\EasyPHP.exe
O4 - Startup: Winamp Agent.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116340389765
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\Inferno\Apache\apache.exe" --ntservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Inferno/mysql/bin/mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC-unstable\WinVNC.exe" -service (file missing)


(btw i still have the long boot time but that was after i deleted all the files but at least most pop ups are gone. i still have 5 of them that pop up even with every thing turned off. im trying to trace thos down. but for some resion i cant. if any thing i need to recheck with a virus scan or adware remover and while im thinking of it. what ones or programs can you recamend [free ones if you can] and thanks for your help i just mite get on the other 5 computers in the house and get you guys to help :tazz: )
  • 0

#4
don77
Posted 22 May 2005 - 08:05 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi H4CKS1GN Cleaned up quite nicely.
However I don't see an Anti Virus program running on your system ?
  • Please set your system to show
    all files; please see here if you're unsure how to do this.



  • Close all programs leaving only HijackThis running. Place a check mark next to the following, making sure you get them all and not any others by mistake:

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKLM\..\Run: [Auzow] C:\Program Files\Iminyno\Fjkxko.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelgc32.exe
    O4 - HKLM\..\Run: [ztnfiud] c:\windows\system32\ztnfiud.exe

    Click on Fix Checked when finished and exit HijackThis.

  • Reboot into Safe Mode: please see here if you are not sure how to do this.


    Using Windows Explorer, locate the following files/folders, and delete them:

    C:\Program Files\Iminyno\Fjkxko.exe
    C:\windows\system32\elitelgc32.exe
    c:\windows\system32\ztnfiud.exe
    Exit Explorer, and reboot as normal afterwards.
Post back a fresh HijackThis log and we will take another look.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP