Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Naupoint?

Started by djsaje , Nov 06 2004 08:21 PM

  • Please log in to reply

#1
djsaje
Posted 06 November 2004 - 08:21 PM

djsaje

    New Member

  • Member
  • Pip
  • 7 posts
I have tried useing numerous adaware programs but Naurpoint keeps coming back. I read in another post that I should not use there log as an example of what to delete, so here is my log.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 1:08:29 PM, on 7/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\djsaje\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 1096934612 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: (no name) - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: (no name) - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda..../aup/games4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
  • 0

Advertisements

#2
admin
Posted 07 November 2004 - 09:22 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi djsaje, welcome to Geeks to Go! <_<

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com
R3 - Default URLSearchHook is missing
O2 - BHO: 1096934612 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: (no name) - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: (no name) - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\DOWNLOADED FILES(?)\iEBINST2.dll
C:\WINDOWS\DOWNLOADED FILES(?)\pdfmgr.dll

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D
  • 0

#3
djsaje
Posted 07 November 2004 - 05:42 PM

djsaje

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey followed all of your instructions, but couldnt find the two files in safe mode. View hidden and system files was on. After i restarted naupoint was still there. So i went back into safe mode and deleted the two registry entries

O2 - BHO: (no name) - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: (no name) - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll


That did not work so I have come back to you with my latest HijackThis log. Thanks
  • 0

#4
djsaje
Posted 07 November 2004 - 05:44 PM

djsaje

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry forgot to put the log in <_< . Here it is

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 10:37:55 AM, on 8/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\djsaje\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
  • 0

#5
admin
Posted 08 November 2004 - 12:04 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Try searching for these file names:
iEBINST2.dll
pdfmgr.dll

Delete if found. Reply with results.
  • 0

#6
djsaje
Posted 08 November 2004 - 01:12 AM

djsaje

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I cound not find them anywhere. I searched for both there name and also within any files. That included system files.

Thanks.
  • 0

#7
admin
Posted 08 November 2004 - 10:02 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0

#8
djsaje
Posted 08 November 2004 - 04:10 PM

djsaje

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is a log file of after the re-boot. Just somthing that I noticed, after I completed the fix checked items part I rescanned the computer and some files were still naupoint. No amount of checking those items and fixing them worked. Ill post a copy of that log at the bottom. Hope it helps.
Thanks


Logfile of HijackThis v1.97.7
Scan saved at 9:01:41 AM, on 9/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Documents and Settings\djsaje\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab



Part 2: after a fix checked items scan.


Logfile of HijackThis v1.97.7
Scan saved at 9:07:37 AM, on 9/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Documents and Settings\djsaje\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = search.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = search.naupoint.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
  • 0

#9
admin
Posted 08 November 2004 - 06:56 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

Platform: Windows XP

I just noticed you're using an unpatched version of XP. <_<

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Some hijacks interfere with the installation of Service Pack 2, so we'll hold of for now. When we're finished cleaning your computer we highly recommend installing SP2. Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx

You're also using an old version of Hijack This. Please download the latest version here, and post a new log when finished. :D
  • 0

#10
djsaje
Posted 11 November 2004 - 04:55 AM

djsaje

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I installed service pack 2 accidentally and then re read your message and tried to uninstall it and install Service pack 1a. Internet Explorer decided to stuff up completly after i uninstalled service pack 2. So I had enough and re installed every thing. Now I am bak online with service pack 2 and everthing working. I would just like to say thanks for your help.
I might hang around this board for a while, its seems pretty interesting, I might even learn a few things.
  • 0

#11
admin
Posted 11 November 2004 - 09:06 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
That's too bad you had to reinstall everything -- we don't like to hear that. <_<

If you'd be interested in learming more, and helping others with their problems, check out this post. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP