Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help! Another spyware / popup victim! [CLOSED]

Started by damnspyware , Jul 15 2005 02:02 AM

  • This topic is locked This topic is locked

#1
damnspyware
Posted 15 July 2005 - 02:02 AM

damnspyware

    New Member

  • Member
  • Pip
  • 6 posts
Guys i have constantly have:
empnads popups
casalemedia popups
ads1 popups
httpwwwads.com popups
adshttp.com popups

PLZ help me, this is very stressfull for me!!

I have run Ad-Aware & SpywareBlaster in failed attepts to fix the problem :tazz:
I don't have an enormous computer background and definately could do with some guidence.

here is my HijackThis log.... THANKYOU SO MUCH IN ADVANCE


Logfile of HijackThis v1.99.1
Scan saved at 5:58:31 PM, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ywntcvixz...FG7kgtCMcB.html
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [Zwdoxki] C:\Program Files\Sfjpof\Lyxbd.exe
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [em4rvfri] C:\WINDOWS\system32\em4rvfri.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [first type junk manager] C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Type fast.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteukb32.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RectBike] C:\DOCUME~1\Danielle\APPLIC~1\TYPEIN~1\balllovenew.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKCU\..\Run: [CTFMON] C:\WINDOWS\ctfmon.exe
O4 - Global Startup: Intellisync Lite for NEC 616.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator....ptdmgainads.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A575583A-6555-43D6-B191-8CA9B54D5CCF}: NameServer = 139.134.5.51,139.134.2.190,61.9.128.15,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
therock247uk
Posted 15 July 2005 - 07:38 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Run an online virus scan http://housecall.trendmicro.com/ select the auto clean option.

2. Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#3
damnspyware
Posted 17 July 2005 - 03:52 AM

damnspyware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry it took me 2 days to get back to you, thanks alot for helping me!!
I am still receiving some pop-ups (when NOT browsing websites), but not as frequently!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:42:27 PM, 17/07/2005
+ Report-Checksum: A9A8EC7E

+ Scan result:

C:\Documents and Settings\Jenny\Cookies\[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Jenny\Cookies\jenny@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Jenny\Cookies\[email protected][1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Jenny\Local Settings\Temp\SahUpdate\upgrade.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Marc\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Marc\Cookies\[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Marc\Cookies\marc@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Marc\Cookies\marc@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Win_whcr\webhancer_winrar.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\min9584i.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\agentsvr.exe -> Spyware.Monker : Cleaned with backup
C:\WINDOWS\system32\c17b6s.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\deqq\zema -> Worm.Randon : Cleaned with backup
C:\WINDOWS\system32\elitekcv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitelgy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitelos32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitexab32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\em4rvfri.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\mkservice.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\msxct.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\q5vcai2d.dll -> Adware.SAHA : Cleaned with backup
D:\Backup\Kai\Reb Selby\Documents and Settings\rebecca\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
D:\Backup\Kai\Reb Selby\Documents and Settings\rebecca\Cookies\[email protected][2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
D:\Backup\Kai\Reb Selby\Documents and Settings\rebecca\Cookies\rebecca@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
D:\Backup\Kai\Reb Selby\Documents and Settings\rebecca\Cookies\[email protected][1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
D:\Backup\Kai\Reb Selby\Documents and Settings\rebecca\Cookies\[email protected][1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
H:\Documents and Settings\Kai\Cookies\[email protected][2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
H:\Documents and Settings\Kai\Local Settings\Temporary Internet Files\Content.IE5\77IPUBXN\casino_exe[1].txt -> Dialer.Generic : Cleaned with backup
H:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\4TOR89A1\casino_exe[1].txt -> Dialer.Generic : Cleaned with backup
H:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\JTG0NWAA\consumerinfo2[1].htm -> Spyware.BookedSpace : Cleaned with backup
H:\RECYCLER\S-1-5-21-73586283-436374069-1060284298-1008\Dc3.exe -> Dialer.Generic : Cleaned with backup
I:\Backup\marc\games patches and cracks etc\tribes 2 patches\crack\Tribes 2 CRACK.exe/GO.exe -> Dialer.Generic : Cleaned with backup


::Report End


Here is the new Hijackthis Report


Logfile of HijackThis v1.99.1
Scan saved at 7:50:30 PM, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Intellisync\Intellisync Lite for NEC 616\Intellisync For NEC.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Marc\Desktop\ewido 2\SecuritySuite.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocahmjyck...qCP5bz/3uo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.fyqttwmhk...3kWIqOwFpzc.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {83AB6830-E56C-C1C5-31D2-36DCCB513C66} - C:\DOCUME~1\Jenny\APPLIC~1\MAGSBO~1\Bits Two.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [Zwdoxki] C:\Program Files\Sfjpof\Lyxbd.exe
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [em4rvfri] C:\WINDOWS\system32\em4rvfri.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [first type junk manager] C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\KeepCoal.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RectBike] C:\DOCUME~1\Jenny\APPLIC~1\TYPEIN~1\balllovenew.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Intellisync Lite for NEC 616.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...29XXUS_ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A575583A-6555-43D6-B191-8CA9B54D5CCF}: NameServer = 139.134.5.51,139.134.2.190,61.9.128.15,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
therock247uk
Posted 17 July 2005 - 06:51 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Run these 3 online virus scans. And post what they find.

http://www.kaspersky...oduct=161744315
http://housecall.trendmicro.com/ select the auto clean option
http://www.pandasoft...n_principal.htm

2. Then post a new Hijackthis log here in a reply.
  • 0

#5
damnspyware
Posted 19 July 2005 - 11:03 PM

damnspyware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here are my results from panda scan

Incident Status Location

Adware:Adware/Lop No disinfected C:\DOCUME~1\JENNY\APPLIC~1\TYPEIN~1\BALLLOVENEW.EXE
Adware:Adware/Lop No disinfected c:\docume~1\jenny\locals~1\temp\uwiyatyn.exe
Adware:Adware/Lop No disinfected c:\docume~1\jenny\locals~1\temp\zmsojgdd.exe
Adware:Adware/Lop No disinfected C:\DOCUME~1\Jenny\APPLIC~1\MAGSBO~1\Bits Two.exe
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG
Adware:adware/ncase No disinfected C:\TEMP\salmau.dat
Adware:adware/funweb No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Adware:adware/apropos No disinfected C:\DOCUMENTS AND SETTINGS\JENNY\LOCAL SETTINGS\TEMP\cfout.txt
Adware:adware/transponder No disinfected C:\DOCUMENTS AND SETTINGS\JENNY\LOCAL SETTINGS\TEMP\dummy.htm
Adware:adware/keenvalue No disinfected C:\DOCUMENTS AND SETTINGS\JENNY\LOCAL SETTINGS\TEMP\IncrediFindBHOLog.tmp
Adware:adware/ipinsight No disinfected C:\WINDOWS\alchem.ini
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\msxct1.ini
Adware:adware/wupd No disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\SahImages
Adware:adware/lop No disinfected C:\DOCUMENTS AND SETTINGS\JENNY\FAVORITES\ Travel
Adware:adware/powerscan No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\POWER SCAN
Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Spyware:spyware/dyfuca No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
Adware:adware/favoriteman No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\COUNTER
Adware:adware/powerstrip No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
Adware:adware/sbsoft No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Adware:adware/megasearch No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}
Adware:adware/xupiter No disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{CDF2114E-8FF2-49E6-9EA9-10AC826298CF}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Adware:Adware/Lop No disinfected C:\Documents and Settings\Administrator.THE-BEAST.000\Application Data\Typeinsidecast\dentdefynameopen.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\acid log.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Axis burn.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Blue Mp3.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\close wma.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\corn mfcd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\gridremote.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\HECKROAM.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\insidebin.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Jump Site.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\KeepCoal.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\ROAM TOOL.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Type fast.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\Uploadnurb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\wma tool.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\mags bore info\Bits Two.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\balllovenew.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\banvmhlb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\beep coal heck.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\btqmoqxa.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\dentdefynameopen.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\fvgumvix.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\mdzjorwd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\miwsijqc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\ozqnxsfr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\swivzhab.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Application Data\Typeinsidecast\xngvenoe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\cb5319d4.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\hlxlpmgb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\jthnvvsi.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\lpqtgwhs.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\lurmeggh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\ovgoxyfg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\pch16.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\Rem4D.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\rmcmuxpm.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\uwiyatyn.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\xbuxzpyr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\xutvuyrb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jenny\Local Settings\Temp\zmsojgdd.exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\KDUBS1MB\prompt[1].php
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\S7IRGJ09\prompt[1].php
Adware:Adware/Lop No disinfected C:\Documents and Settings\Kai\Local Settings\Temp\cb576cdb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Kai\Local Settings\Temp\dbc4943.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Kai\Local Settings\Temp\sta1E.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Kai\Local Settings\Temp\sta222.exe
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Kai\Local Settings\Temp\twaintec.inf
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\asvjlxrq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\beep coal heck.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\dentdefynameopen.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\kxyayfci.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\okeiacch.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\rajrukjk.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Application Data\Typeinsidecast\zomfslga.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\5876b.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\afvalsgc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\bpovpmaq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\cb509132.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\djaamlhi.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\drwbyglp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\e69676a.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\eugcjfqn.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\giyuprst.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\goynqbnf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\ifhzskwa.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\jdhgzitq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\keabvrkp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\kteedlyc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\lgwasvuf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\pgoshyqz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\pyzveduv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\rsqbcylf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\sta20B.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\sta6.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\sta8.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\staA.exe
Adware:Adware/Gator No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\trickler_4010.ex_
Adware:Adware/Gator No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\trickler_4010.ex_[trickler_4010.exe]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\twaintec.inf
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\urftvydg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\xtwbrvro.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\zdlzbegp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\zdsukyyh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\znjvcwfa.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Marc\Local Settings\Temp\~apropos0\uninstaller.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\E512NQ94\kwlist3[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\K543KBGB\dating[1].bmp
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\system32\deqq\gamma.exe
Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\system32\deqq\lc.exe
Virus:Trj/Dropper.DA Disinfected C:\WINDOWS\system32\jocker.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll
Adware:Adware/BrilliantDigitalNo disinfected H:\WINDOWS\Temp\Brilliant\setup.exe
  • 0

#6
damnspyware
Posted 19 July 2005 - 11:06 PM

damnspyware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 3:05:30 PM, on 20/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Intellisync\Intellisync Lite for NEC 616\Intellisync For NEC.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocahmjyck...qCP5bz/3uo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.fyqttwmhk...3kWIqOwFpzc.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {83AB6830-E56C-C1C5-31D2-36DCCB513C66} - C:\DOCUME~1\Jenny\APPLIC~1\MAGSBO~1\Bits Two.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [Zwdoxki] C:\Program Files\Sfjpof\Lyxbd.exe
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [em4rvfri] C:\WINDOWS\system32\em4rvfri.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [first type junk manager] C:\Documents and Settings\All Users\Application Data\onlineblehfirsttype\KeepCoal.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RectBike] C:\DOCUME~1\Jenny\APPLIC~1\TYPEIN~1\balllovenew.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Intellisync Lite for NEC 616.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...29XXUS_ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A575583A-6555-43D6-B191-8CA9B54D5CCF}: NameServer = 139.134.5.51,139.134.2.190,61.9.128.15,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#7
therock247uk
Posted 20 July 2005 - 07:18 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

MessengerPlus
Viewpoint Manager

2. Reboot and post a new Hijackthis log here in a reply.
  • 0

#8
damnspyware
Posted 20 July 2005 - 07:31 AM

damnspyware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here you go. When i was un-installing messenger plus it said "this program has been corrupted" and it gave me an alternate way of un-installing. (which i have done succesfully)


Logfile of HijackThis v1.99.1
Scan saved at 11:28:50 PM, on 20/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intellisync\Intellisync Lite for NEC 616\Intellisync For NEC.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xqansgmrg...FqCP5bz/3uo.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [Zwdoxki] C:\Program Files\Sfjpof\Lyxbd.exe
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [em4rvfri] C:\WINDOWS\system32\em4rvfri.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Intellisync Lite for NEC 616.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...29XXUS_ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A575583A-6555-43D6-B191-8CA9B54D5CCF}: NameServer = 139.134.5.51,139.134.2.190,61.9.128.15,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#9
therock247uk
Posted 20 July 2005 - 08:39 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xqansgmrg...FqCP5bz/3uo.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [Zwdoxki] C:\Program Files\Sfjpof\Lyxbd.exe
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [em4rvfri] C:\WINDOWS\system32\em4rvfri.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [looodkfk] c:\windows\system32\deqq\repcale.exe c:\windows\system32\deqq\palsp.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...29XXUS_ZNxdm414
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.cab


4. Delete the folders. (if present)

C:\Program Files\Sfjpof
c:\windows\system32\deqq

5. Delete the files. (if present)

C:\WINDOWS\msmbw.exe
C:\Windows\W32RfSA.exe or C:\Windows\System32\W32RfSA.exe
C:\WINDOWS\system32\em4rvfri.exe
C:\WINDOWS\system32\formatsys.exe
C:\WINDOWS\system32\serbw.exe
C:\Windows\msxct.exe or C:\Windows\System32\msxct.exe


6. Reboot and post a new Hijackthis log here in a reply.
  • 0

#10
damnspyware
Posted 20 July 2005 - 05:57 PM

damnspyware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here you go sir!! I found a file 'msxct1' a configuration file or something, i've left it alone though...also, what is jusched.exe, is that file ok?


Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 AM, on 21/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intellisync\Intellisync Lite for NEC 616\Intellisync For NEC.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Backup\marc\PCSUIT~1.1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Intellisync Lite for NEC 616.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A575583A-6555-43D6-B191-8CA9B54D5CCF}: NameServer = 139.134.5.51,139.134.2.190,61.9.128.15,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marc\Desktop\ewido 2\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#11
therock247uk
Posted 20 July 2005 - 06:09 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.c...ivex/web665.cab

2. Then post a new Hijackthis log here in a reply.
  • 0

#12
therock247uk
Posted 13 August 2005 - 07:13 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP