Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

5 or 6 problems including 2 diff known hijackers

Started by juicyfruit , Jun 29 2005 07:39 PM

  • Please log in to reply

#1
juicyfruit
Posted 29 June 2005 - 07:39 PM

juicyfruit

    New Member

  • Member
  • Pip
  • 3 posts
I have done everything in forum instructions Here are my problems.

HijackThis Log at the end of post.

1. My background picture has been hijacked by an HTML page saying
"Warning! You're in Danger"
_______________________________
_______________________________ With a link for removal instructions that links to AVGold 2.0 to try to sell program. START/CONTROL PANEL/DISPLAY will not change background picture.

2. Spysheriff has attacked & nothing will remove it just it. ADD OR REMOVE PROGRAMS will remove it only to show up on reboot.

3. AZESearch has hijacked my browser & keep adding link to my favorites.

4. I have DSL & had to call service provider help several times to renew IP address so that I could log on to the net. The last time was unsuccessful. We even assigned a static IP, so I'm having to post this from my inlaws computer 30 miles away.
I think that removing one of the problems causes the net connections to crash (which one who knows!)

5. When I run a normal start-up the my documents folder opens up automatically.
(This was happening before the major problems) I had gone to a selective start-up because of that)

6. top20results is redirecting my browser and would sometimes lock it in a frantic loop not fully loading the page before it will start over.

Logfile of HijackThis v1.99.1
Scan saved at 1:39:07 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
J:\Programs\IPBLOC~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
J:\Programs\IPBLOC~1\Tmntsrv.exe
C:\WINDOWS\system32\fxssvc.exe
J:\Programs\IPBLOC~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\Programs\ScanSoft OmniPage Pro 14 Office\WorkFlowTray.exe
J:\Programs\Music Programs\WinAmpV5.04\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
J:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
J:\Programs\ScanSoft OmniPage Pro 14 Office\PdfPrn\SPrnAgent.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
J:\programs\qttask.exe
C:\WINDOWS\system32\ps2.exe
J:\Programs\IP Blocker & Security\pccguide.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Visioneer\PaperPort\pptd40nt.exe
J:\Programs\ScanSoft OmniPage Pro 14 Office\Opware14.exe
J:\Programs\ScanSoft OmniPage Pro 14 Office\OpScheduler.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\NovaStor\NovaBackup\NbkCtrl.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Browser Mouse\mouse32a.exe
J:\Programs\DU Meter\DUMeter.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
J:\Programs\IP Blocker & Security\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
J:\Mirc downloads\mIRC 6.14 & INVISION 2.0\Invision2.0\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...8535&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...8535&id=5.20013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...8535&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...8535&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotf...count_id=134272
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.sho...8535&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.sho...8535&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\azesearch4.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorkFlowTray] "J:\Programs\ScanSoft OmniPage Pro 14 Office\WorkFlowTray.exe"
O4 - HKLM\..\Run: [WinampAgent] J:\Programs\Music Programs\WinAmpV5.04\Winamp\winampa.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [TrojanScanner] J:\Programs\IP Blocker & Security\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSPrnAgent] J:\Programs\ScanSoft OmniPage Pro 14 Office\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [secure] c:\winnt\system32\drivers\etc\secure.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "J:\programs\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "J:\Programs\ScanSoft OmniPage Pro 14 Office\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [pccguide.exe] "J:\Programs\IP Blocker & Security\pccguide.exe"
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Visioneer\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Opware14] "J:\Programs\ScanSoft OmniPage Pro 14 Office\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "J:\Programs\ScanSoft OmniPage Pro 14 Office\OpScheduler.exe"
O4 - HKLM\..\Run: [OP14 Reminder] "J:\Programs\ScanSoft OmniPage Pro 14 Office\EregEng\Ereg.exe" -r "J:\Programs\ScanSoft OmniPage Pro 14 Office\EregEng\ereg.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBackup\NbkCtrl.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [lsass service] c:\winnt\system32\drivers\etc\hidden32.exe c:\winnt\system32\drivers\etc\lsass.exe c:\winnt\system32\drivers\etc\ir.dll
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Visioneer\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [DU Meter] J:\Programs\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [csrss service] C:\WINDOWS\SYSTEM32\CSRSS.EXE
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [run_pbnext] C:\Program Files\DelTel\PBNext\PBNext.exe
O4 - HKCU\..\Run: [Chmgw] C:\WINDOWS\system32\n?svc32.exe
O4 - HKCU\..\Run: [SpySweeper] "J:\Programs\IP Blocker & Security\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [GoogleToolBar] C:\WINDOWS\system32\mtnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Open PDF in Word - res://J:\Programs\ScanSoft OmniPage Pro 14 Office\PdfCnv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.mnlife.co...date/isetup.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sfg.webex.co...bex/ieatgpc.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - J:\Programs\IPBLOC~1\PcCtlCom.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - J:\Programs\IPBLOC~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - J:\Programs\IPBLOC~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - J:\Programs\IPBLOC~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - J:\Programs\Tuneup Utilities 2004\WinStylerThemeSvc.exe

Please help as soon as possible.
Thanks juicyfruit

Edited by juicyfruit, 29 June 2005 - 11:59 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP