Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is in trouble! [CLOSED]


  • This topic is locked This topic is locked

#1
bigbarnes

bigbarnes

    Member

  • Member
  • PipPip
  • 13 posts
ok i tried ad adware and microsoft anti whatever and i find they're not helping.... someone please help? the worst thing i have that drives me nuts is the stupid spy sheriff thing

heres the hijack this

Logfile of HijackThis v1.99.1
Scan saved at 5:42:11 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Icfhapc\Atcd.exe
C:\WINDOWS\seeve.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\System32\umkunu.exe
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
C:\WINDOWS\System32\rundll32.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\System32\Vzabdz.exe
C:\WINDOWS\gwhkhj.exe
C:\WINDOWS\System32\msxct.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\System32\F?nts\wuauboot.exe
c:\windows\system32\kllvvm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: putStreamTee,{44e8b2c8-1ecb-4a63-8b23-3e3500c34f32},0,-1,1
O1 - Hosts: 235,nsIXmlRpcClientListener,{27e60cd8-6d63-4d87-b7d1-82c09e0c7363},0,-1,1
O1 - Hosts: 236,nsIFontEnumerator,{a6cf9114-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 237,nsIBidiKeyboard,{bb961ae1-7432-11d4-b77a-00104b4119f8},0,-1,1
O1 - Hosts: 238,nsIAppShellService,{e5e5af70-8a38-11d2-9938-0080c7cb1080},0,-1,1
O1 - Hosts: 239,nsISafeOutputStream,{5f914307-5c34-4e1f-8e32-ec749d25b27a},0,-1,1
O1 - Hosts: 240,nsIDOMDOMConfiguration,{cfb5b821-9016-4a79-9d98-87b57c3ea0c7},0,-1,1
O1 - Hosts: 241,nsIAboutModule,{692303c0-2f83-11d3-8cd0-0060b0fc14a3},0,-1,1
O1 - Hosts: 242,nsIFormatConverter,{948a0023-e3a7-11d2-96cf-0060b0fb9956},0,-1,1
O1 - Hosts: 243,nsIChannel,{c63a055a-a676-4e71-bf3c-6cfa11082018},0,-1,1
O1 - Hosts: 244,nsIShellService,{7d8a7a34-f492-43c0-9657-ec7dbbeba236},0,-1,1
O1 - Hosts: 245,nsIDOMParser,{4f45513e-55e5-411c-a844-e899057026c1},0,-1,1
O1 - Hosts: 246,nsIDOMCRMFObject,{16da46c0-208d-11d4-8a7c-006008c844c3},0,-1,1
O1 - Hosts: 247,nsIXPCNativeCallContext,{0fa68a60-8289-11d3-bb1a-00805f8a5dd7},0,-1,0
O1 - Hosts: 248,nsIExternalProtocolHandler,{0e61f3b2-34d7-4c79-bfdc-4860bc7341b7},0,-1,1
O1 - Hosts: 249,nsICertificateDialogs,{a03ca940-09be-11d5-ac5d-000064657374},0,-1,1
O1 - Hosts: 250,nsIFilePicker,{80faf095-c807-4558-a2cc-185ed70754ea},0,-1,1
O1 - Hosts: 251,nsIPropertyElement,{283ee646-1aef-11d4-98b3-00c04fa0ce9a},0,-1,1
O1 - Hosts: 252,nsIStandardURL,{8793370a-311f-11d4-9876-00c04fa0cf4a},0,-1,1
O1 - Hosts: 253,nsIAccessibleEvent,{87f29033-c4a6-40a3-ac7a-3ba391f9992d},0,-1,1
O1 - Hosts: 254,nsIDOMWindowInternal,{f914492c-0138-4123-a634-6ef8e3f126f8},0,-1,1
O1 - Hosts: 255,nsIDOMDOMImplementation,{a6cf9074-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 256,nsISOAPTransport,{99ec6695-535f-11d4-9a58-000064657374},0,-1,1
O1 - Hosts: 257,nsIWindowMediator,{0659cb81-faad-11d2-8e19-b206620a657c},0,-1,1
O1 - Hosts: 258,nsIDocumentLoaderFactory,{df15f850-5d98-11d4-9f4d-0010a4053fd0},0,-1,1
O1 - Hosts: 259,nsIStreamListenerTee,{fb683e76-d42b-41a4-8ae6-65a6c2b146e5},0,-1,1
O1 - Hosts: 260,nsIDOMNSCSS2Properties,{d9651867-7414-41a7-9b4b-af852dc11fcc},0,-1,1
O1 - Hosts: 261,nsINSSCertCache,{6c143dac-bd65-4333-b594-7ed1e748e0f9},0,-1,1
O1 - Hosts: 262,nsISyncStreamListener,{7e1aa658-6e3f-4521-9946-9685a169f764},0,-1,1
O1 - Hosts: 263,nsIDOMLSParserFilter,{10e8893d-ddf5-45d1-8872-615d72065fb4},0,-1,1
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {BF9A0710-12F0-4236-909B-460AFDE2B187} - C:\WINDOWS\System32\eloc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Cguyvv.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gbmtxxf] C:\Program Files\Icfhapc\Atcd.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteehz32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\umkunu.exe reg_run
O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [bcz] C:\WINDOWS\bcz.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Vzabdz.exe
O4 - HKLM\..\Run: [JGFRK] C:\WINDOWS\gwhkhj.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [bezjzyo] c:\windows\system32\kllvvm.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Filter: text/html - {4405A5A7-16FC-463E-B240-FEE7DCCDA6C9} - C:\WINDOWS\System32\eloc.dll
O18 - Filter: text/plain - {4405A5A7-16FC-463E-B240-FEE7DCCDA6C9} - C:\WINDOWS\System32\eloc.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll (file missing)
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi bigbarnes welcome to Geeks 2 Go.

My name is Trevuren and I will be assisting you with your log.

However, before I am able to analyze your problem, you must read the information provided in the following link and I would like you to follow the steps that are recommended before posting a new log:

You Must Read This Before Posting A Log


Regards,

Trevuren
  • 0

#3
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hey i couldnt quite get through all the steps, to do the windows patch thig it said internet explorer was running enough though i use mozillia and it was not open
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please send fresh log

Thanks,

Trevuren

  • 0

#5
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:47:06 PM, on 6/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\System32\F?nts\wuauboot.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\djngqw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: putStreamTee,{44e8b2c8-1ecb-4a63-8b23-3e3500c34f32},0,-1,1
O1 - Hosts: 235,nsIXmlRpcClientListener,{27e60cd8-6d63-4d87-b7d1-82c09e0c7363},0,-1,1
O1 - Hosts: 236,nsIFontEnumerator,{a6cf9114-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 237,nsIBidiKeyboard,{bb961ae1-7432-11d4-b77a-00104b4119f8},0,-1,1
O1 - Hosts: 238,nsIAppShellService,{e5e5af70-8a38-11d2-9938-0080c7cb1080},0,-1,1
O1 - Hosts: 239,nsISafeOutputStream,{5f914307-5c34-4e1f-8e32-ec749d25b27a},0,-1,1
O1 - Hosts: 240,nsIDOMDOMConfiguration,{cfb5b821-9016-4a79-9d98-87b57c3ea0c7},0,-1,1
O1 - Hosts: 241,nsIAboutModule,{692303c0-2f83-11d3-8cd0-0060b0fc14a3},0,-1,1
O1 - Hosts: 242,nsIFormatConverter,{948a0023-e3a7-11d2-96cf-0060b0fb9956},0,-1,1
O1 - Hosts: 243,nsIChannel,{c63a055a-a676-4e71-bf3c-6cfa11082018},0,-1,1
O1 - Hosts: 244,nsIShellService,{7d8a7a34-f492-43c0-9657-ec7dbbeba236},0,-1,1
O1 - Hosts: 245,nsIDOMParser,{4f45513e-55e5-411c-a844-e899057026c1},0,-1,1
O1 - Hosts: 246,nsIDOMCRMFObject,{16da46c0-208d-11d4-8a7c-006008c844c3},0,-1,1
O1 - Hosts: 247,nsIXPCNativeCallContext,{0fa68a60-8289-11d3-bb1a-00805f8a5dd7},0,-1,0
O1 - Hosts: 248,nsIExternalProtocolHandler,{0e61f3b2-34d7-4c79-bfdc-4860bc7341b7},0,-1,1
O1 - Hosts: 249,nsICertificateDialogs,{a03ca940-09be-11d5-ac5d-000064657374},0,-1,1
O1 - Hosts: 250,nsIFilePicker,{80faf095-c807-4558-a2cc-185ed70754ea},0,-1,1
O1 - Hosts: 251,nsIPropertyElement,{283ee646-1aef-11d4-98b3-00c04fa0ce9a},0,-1,1
O1 - Hosts: 252,nsIStandardURL,{8793370a-311f-11d4-9876-00c04fa0cf4a},0,-1,1
O1 - Hosts: 253,nsIAccessibleEvent,{87f29033-c4a6-40a3-ac7a-3ba391f9992d},0,-1,1
O1 - Hosts: 254,nsIDOMWindowInternal,{f914492c-0138-4123-a634-6ef8e3f126f8},0,-1,1
O1 - Hosts: 255,nsIDOMDOMImplementation,{a6cf9074-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 256,nsISOAPTransport,{99ec6695-535f-11d4-9a58-000064657374},0,-1,1
O1 - Hosts: 257,nsIWindowMediator,{0659cb81-faad-11d2-8e19-b206620a657c},0,-1,1
O1 - Hosts: 258,nsIDocumentLoaderFactory,{df15f850-5d98-11d4-9f4d-0010a4053fd0},0,-1,1
O1 - Hosts: 259,nsIStreamListenerTee,{fb683e76-d42b-41a4-8ae6-65a6c2b146e5},0,-1,1
O1 - Hosts: 260,nsIDOMNSCSS2Properties,{d9651867-7414-41a7-9b4b-af852dc11fcc},0,-1,1
O1 - Hosts: 261,nsINSSCertCache,{6c143dac-bd65-4333-b594-7ed1e748e0f9},0,-1,1
O1 - Hosts: 262,nsISyncStreamListener,{7e1aa658-6e3f-4521-9946-9685a169f764},0,-1,1
O1 - Hosts: 263,nsIDOMLSParserFilter,{10e8893d-ddf5-45d1-8872-615d72065fb4},0,-1,1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pxhzjke] c:\windows\system32\djngqw.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll (file missing)
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

there any help would be really nice
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
  • Please download LSPFix from here.
  • Disconnect from the internet and run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of dolsp.dll.
  • Select every instance of dolsp.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish>>.
REBOOT your system

Finally, RUN HJT, click SCAN and Post a log into this thread for review.

Regards,

Trevuren

  • 0

#7
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:05:06 PM, on 6/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\System32\F?nts\wuauboot.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\windows\system32\fhiwxdu.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ryan\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: putStreamTee,{44e8b2c8-1ecb-4a63-8b23-3e3500c34f32},0,-1,1
O1 - Hosts: 235,nsIXmlRpcClientListener,{27e60cd8-6d63-4d87-b7d1-82c09e0c7363},0,-1,1
O1 - Hosts: 236,nsIFontEnumerator,{a6cf9114-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 237,nsIBidiKeyboard,{bb961ae1-7432-11d4-b77a-00104b4119f8},0,-1,1
O1 - Hosts: 238,nsIAppShellService,{e5e5af70-8a38-11d2-9938-0080c7cb1080},0,-1,1
O1 - Hosts: 239,nsISafeOutputStream,{5f914307-5c34-4e1f-8e32-ec749d25b27a},0,-1,1
O1 - Hosts: 240,nsIDOMDOMConfiguration,{cfb5b821-9016-4a79-9d98-87b57c3ea0c7},0,-1,1
O1 - Hosts: 241,nsIAboutModule,{692303c0-2f83-11d3-8cd0-0060b0fc14a3},0,-1,1
O1 - Hosts: 242,nsIFormatConverter,{948a0023-e3a7-11d2-96cf-0060b0fb9956},0,-1,1
O1 - Hosts: 243,nsIChannel,{c63a055a-a676-4e71-bf3c-6cfa11082018},0,-1,1
O1 - Hosts: 244,nsIShellService,{7d8a7a34-f492-43c0-9657-ec7dbbeba236},0,-1,1
O1 - Hosts: 245,nsIDOMParser,{4f45513e-55e5-411c-a844-e899057026c1},0,-1,1
O1 - Hosts: 246,nsIDOMCRMFObject,{16da46c0-208d-11d4-8a7c-006008c844c3},0,-1,1
O1 - Hosts: 247,nsIXPCNativeCallContext,{0fa68a60-8289-11d3-bb1a-00805f8a5dd7},0,-1,0
O1 - Hosts: 248,nsIExternalProtocolHandler,{0e61f3b2-34d7-4c79-bfdc-4860bc7341b7},0,-1,1
O1 - Hosts: 249,nsICertificateDialogs,{a03ca940-09be-11d5-ac5d-000064657374},0,-1,1
O1 - Hosts: 250,nsIFilePicker,{80faf095-c807-4558-a2cc-185ed70754ea},0,-1,1
O1 - Hosts: 251,nsIPropertyElement,{283ee646-1aef-11d4-98b3-00c04fa0ce9a},0,-1,1
O1 - Hosts: 252,nsIStandardURL,{8793370a-311f-11d4-9876-00c04fa0cf4a},0,-1,1
O1 - Hosts: 253,nsIAccessibleEvent,{87f29033-c4a6-40a3-ac7a-3ba391f9992d},0,-1,1
O1 - Hosts: 254,nsIDOMWindowInternal,{f914492c-0138-4123-a634-6ef8e3f126f8},0,-1,1
O1 - Hosts: 255,nsIDOMDOMImplementation,{a6cf9074-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 256,nsISOAPTransport,{99ec6695-535f-11d4-9a58-000064657374},0,-1,1
O1 - Hosts: 257,nsIWindowMediator,{0659cb81-faad-11d2-8e19-b206620a657c},0,-1,1
O1 - Hosts: 258,nsIDocumentLoaderFactory,{df15f850-5d98-11d4-9f4d-0010a4053fd0},0,-1,1
O1 - Hosts: 259,nsIStreamListenerTee,{fb683e76-d42b-41a4-8ae6-65a6c2b146e5},0,-1,1
O1 - Hosts: 260,nsIDOMNSCSS2Properties,{d9651867-7414-41a7-9b4b-af852dc11fcc},0,-1,1
O1 - Hosts: 261,nsINSSCertCache,{6c143dac-bd65-4333-b594-7ed1e748e0f9},0,-1,1
O1 - Hosts: 262,nsISyncStreamListener,{7e1aa658-6e3f-4521-9946-9685a169f764},0,-1,1
O1 - Hosts: 263,nsIDOMLSParserFilter,{10e8893d-ddf5-45d1-8872-615d72065fb4},0,-1,1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ynowgwn] c:\windows\system32\fhiwxdu.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll (file missing)
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Download CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of Winzip.


Download SpSeHjfix.zip to the desktop. Then right click on the desktop and select new >folder, name it spfix unzip SpSeHjfix.zip into the new folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Once it is finished, run CWShredder - Hit The FIX button!

Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

Trevuren

  • 0

#9
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:40:14 PM, on 6/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\System32\F?nts\wuauboot.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\windows\system32\kdbqos.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: putStreamTee,{44e8b2c8-1ecb-4a63-8b23-3e3500c34f32},0,-1,1
O1 - Hosts: 235,nsIXmlRpcClientListener,{27e60cd8-6d63-4d87-b7d1-82c09e0c7363},0,-1,1
O1 - Hosts: 236,nsIFontEnumerator,{a6cf9114-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 237,nsIBidiKeyboard,{bb961ae1-7432-11d4-b77a-00104b4119f8},0,-1,1
O1 - Hosts: 238,nsIAppShellService,{e5e5af70-8a38-11d2-9938-0080c7cb1080},0,-1,1
O1 - Hosts: 239,nsISafeOutputStream,{5f914307-5c34-4e1f-8e32-ec749d25b27a},0,-1,1
O1 - Hosts: 240,nsIDOMDOMConfiguration,{cfb5b821-9016-4a79-9d98-87b57c3ea0c7},0,-1,1
O1 - Hosts: 241,nsIAboutModule,{692303c0-2f83-11d3-8cd0-0060b0fc14a3},0,-1,1
O1 - Hosts: 242,nsIFormatConverter,{948a0023-e3a7-11d2-96cf-0060b0fb9956},0,-1,1
O1 - Hosts: 243,nsIChannel,{c63a055a-a676-4e71-bf3c-6cfa11082018},0,-1,1
O1 - Hosts: 244,nsIShellService,{7d8a7a34-f492-43c0-9657-ec7dbbeba236},0,-1,1
O1 - Hosts: 245,nsIDOMParser,{4f45513e-55e5-411c-a844-e899057026c1},0,-1,1
O1 - Hosts: 246,nsIDOMCRMFObject,{16da46c0-208d-11d4-8a7c-006008c844c3},0,-1,1
O1 - Hosts: 247,nsIXPCNativeCallContext,{0fa68a60-8289-11d3-bb1a-00805f8a5dd7},0,-1,0
O1 - Hosts: 248,nsIExternalProtocolHandler,{0e61f3b2-34d7-4c79-bfdc-4860bc7341b7},0,-1,1
O1 - Hosts: 249,nsICertificateDialogs,{a03ca940-09be-11d5-ac5d-000064657374},0,-1,1
O1 - Hosts: 250,nsIFilePicker,{80faf095-c807-4558-a2cc-185ed70754ea},0,-1,1
O1 - Hosts: 251,nsIPropertyElement,{283ee646-1aef-11d4-98b3-00c04fa0ce9a},0,-1,1
O1 - Hosts: 252,nsIStandardURL,{8793370a-311f-11d4-9876-00c04fa0cf4a},0,-1,1
O1 - Hosts: 253,nsIAccessibleEvent,{87f29033-c4a6-40a3-ac7a-3ba391f9992d},0,-1,1
O1 - Hosts: 254,nsIDOMWindowInternal,{f914492c-0138-4123-a634-6ef8e3f126f8},0,-1,1
O1 - Hosts: 255,nsIDOMDOMImplementation,{a6cf9074-15b3-11d2-932e-00805f8add32},0,-1,1
O1 - Hosts: 256,nsISOAPTransport,{99ec6695-535f-11d4-9a58-000064657374},0,-1,1
O1 - Hosts: 257,nsIWindowMediator,{0659cb81-faad-11d2-8e19-b206620a657c},0,-1,1
O1 - Hosts: 258,nsIDocumentLoaderFactory,{df15f850-5d98-11d4-9f4d-0010a4053fd0},0,-1,1
O1 - Hosts: 259,nsIStreamListenerTee,{fb683e76-d42b-41a4-8ae6-65a6c2b146e5},0,-1,1
O1 - Hosts: 260,nsIDOMNSCSS2Properties,{d9651867-7414-41a7-9b4b-af852dc11fcc},0,-1,1
O1 - Hosts: 261,nsINSSCertCache,{6c143dac-bd65-4333-b594-7ed1e748e0f9},0,-1,1
O1 - Hosts: 262,nsISyncStreamListener,{7e1aa658-6e3f-4521-9946-9685a169f764},0,-1,1
O1 - Hosts: 263,nsIDOMLSParserFilter,{10e8893d-ddf5-45d1-8872-615d72065fb4},0,-1,1
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [oiopnhg] c:\windows\system32\kdbqos.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Download the following program HOSTER.

*Unzip and run the program.
*You will be presented with a screen where you will find the following option:Restore Microsoft Original Hosts. Press it and Close the program.

2. Please download Winhelp2002's Deldomains.inf to your desktop.

*Right-click on the deldomains.inf file and select Install

*Once it is finished your Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
Right-click on the deldomains.inf file and select Install

3. Please download Fix_Protocol_zones_ranges.reg by Nellie from MWR

* Open the zip file and extract the regfile to your desktop.

* Double click Fix_Protocol_zones_ranges.reg and allow it to merge with the registry.

* REBOOT your system.

4. Finally, run HijackThis , click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

Advertisements


#11
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here it is

Logfile of HijackThis v1.99.1
Scan saved at 11:03:03 PM, on 6/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\System32\F?nts\wuauboot.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\windows\system32\slfoim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [uopeqgq] c:\windows\system32\slfoim.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please download the trial version of Ewido Security Suite from: HERE

Install it, and update the definitions to the newest files. Do NOT run a scan yet.

2. Please download Nailfix.exe from HERE and Save it to your Desktop

* Create a Folder on your Desktop and name it NailFix
* Extract both files from NailFix.zip into this new folder

Please do NOT run it yet.

3. Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see HERE

4. Once in Safe Mode, please open your new NailFix folder and double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Then please run Ewido, and run a full scan. Save the logfile from the scan.
6. Next run HijackThis, click Scan, and put a check mark beside:


F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe


Close all open windows except for HijackThis and click Fix Checked.

7. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Regards,

Trevuren

  • 0

#13
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i tried to use the anti virus and it froze at 88% every time so i couldnt get it done neways heres my hijack this

Logfile of HijackThis v1.99.1
Scan saved at 12:19:41 PM, on 6/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll (file missing)
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#14
bigbarnes

bigbarnes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
o i forgot to do the one hijack this remove thing here is the new log but i still couldnt finish the virus scan

Logfile of HijackThis v1.99.1
Scan saved at 12:54:08 PM, on 6/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll (file missing)
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Microsoft Update] viwfzlt.exe
O4 - HKCU\..\Run: [Tayijijk] C:\WINDOWS\System32\F?nts\wuauboot.exe
O4 - HKCU\..\Run: [Dsds] C:\Program Files\etah\spac.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O21 - SSODL: mtklef - {EF1BB2BD-2958-4E5B-FEB9-4DEDED331A77} - C:\WINDOWS\System32\ppdqo32.dll (file missing)
O21 - SSODL: mtklefap - {D312BFA5-F816-4A13-15B4-419645AE5B92} - C:\WINDOWS\System32\rxcv32.dll (file missing)


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Now using Windows Explorer, locate and DELETE the following files/folders(and all of their content), if they still are present:

viwfzlt.exe<----You will have to search for this one
C:\WINDOWS\System32\F?nts<---Folder
C:\Program Files\etah<---Folder
C:\Program Files\LimeWire<---Folder
C:\WINDOWS\System32\ppdqo32.dll <---Folder
C:\WINDOWS\System32\rxcv32.dll

Open Ad-Aware and do a full scan. Remove all it finds.


Now open Ewido Security Suite
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save Report
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!

Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.

Let us know if any problems persist.

Finally, run HJT, click SCAN, and post a log back into this thread for review.

Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP