Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

yet another 69sexsearch

Started by snappy2005 , Jan 18 2005 03:05 AM

  • This topic is locked This topic is locked

#1
snappy2005
Posted 18 January 2005 - 03:05 AM

snappy2005

    New Member

  • Member
  • Pip
  • 1 posts
Any help on this would be much appreciated. This is a rather nasty bug that won't go away! Have done all of the recommended standard steps...here is my highjack this log:

Thanks in advance...

Logfile of HijackThis v1.99.0
Scan saved at 12:59:20 AM, on 1/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\extvpac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Maximizer\MaxExchange\Spdm.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PVSW\BIN\W3DBSMGR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stakaoka\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [A189556E] C:\WINDOWS\system32\extvpac.exe
O4 - HKLM\..\Run: [CEA2B06B] C:\WINDOWS\system32\tipvdmod.exe
O4 - HKLM\..\Run: [A69AD66E] C:\WINDOWS\system32\edstitmgr.exe
O4 - HKLM\..\Run: [D33591C6] C:\WINDOWS\system32\ldmod.exe
O4 - HKLM\..\Run: [A9EF318B] C:\WINDOWS\system32\aaaatidv.exe
O4 - HKLM\..\Run: [8372FBDE] C:\WINDOWS\system32\ctreatq.exe
O4 - HKLM\..\Run: [8493D176] C:\WINDOWS\system32\3dpra.exe
O4 - HKLM\..\Run: [AC8ED2FB] C:\WINDOWS\system32\MDMomcpo.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [A189556E] C:\WINDOWS\system32\extvpac.exe
O4 - HKCU\..\Run: [CEA2B06B] C:\WINDOWS\system32\tipvdmod.exe
O4 - HKCU\..\Run: [A69AD66E] C:\WINDOWS\system32\edstitmgr.exe
O4 - HKCU\..\Run: [D33591C6] C:\WINDOWS\system32\ldmod.exe
O4 - HKCU\..\Run: [A9EF318B] C:\WINDOWS\system32\aaaatidv.exe
O4 - HKCU\..\Run: [8372FBDE] C:\WINDOWS\system32\ctreatq.exe
O4 - HKCU\..\Run: [8493D176] C:\WINDOWS\system32\3dpra.exe
O4 - HKCU\..\Run: [AC8ED2FB] C:\WINDOWS\system32\MDMomcpo.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: MaxExchange Remote.lnk = C:\Program Files\Maximizer\MaxExchange\Spdm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.69sexsearch.com
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwna.ops.pl...quicksilver.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.web...bex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://opp.ipiphotonet.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dpapplications.com
O17 - HKLM\Software\..\Telephony: DomainName = dpapplications.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dpapplications.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 18 January 2005 - 01:37 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download "Del Domain" from here:

http://www.geekstogo...=download&id=40

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded. Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok. Next step.

Download the Pocket Killbox.
Unzip the contents of KillBox.zip to a convenient location.
Double-click on KillBox.exe. Check the box that says "Delete on Reboot" and copy and paste these 2 filenames into the path bar.

C:\Windows\System32\xpsp2fw.exe
C:\Windows\System32\wuclient.exe

Click the red button on the right after each file. Don't reboot after the fist one, but answer "Yes" to reboot after the second one. When the computer starts to reboot, press F8 immediately after the initial boot screen, keep pressing it until you are presented with a list of options. Choose "Safe Mode" from the list. Move onto the next steps. Make sure you read all the way through these instructions before rebooting though.

You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [A189556E] C:\WINDOWS\system32\extvpac.exe
O4 - HKLM\..\Run: [CEA2B06B] C:\WINDOWS\system32\tipvdmod.exe
O4 - HKLM\..\Run: [A69AD66E] C:\WINDOWS\system32\edstitmgr.exe
O4 - HKLM\..\Run: [D33591C6] C:\WINDOWS\system32\ldmod.exe
O4 - HKLM\..\Run: [A9EF318B] C:\WINDOWS\system32\aaaatidv.exe
O4 - HKLM\..\Run: [8372FBDE] C:\WINDOWS\system32\ctreatq.exe
O4 - HKLM\..\Run: [8493D176] C:\WINDOWS\system32\3dpra.exe
O4 - HKLM\..\Run: [AC8ED2FB] C:\WINDOWS\system32\MDMomcpo.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [A189556E] C:\WINDOWS\system32\extvpac.exe
O4 - HKCU\..\Run: [CEA2B06B] C:\WINDOWS\system32\tipvdmod.exe
O4 - HKCU\..\Run: [A69AD66E] C:\WINDOWS\system32\edstitmgr.exe
O4 - HKCU\..\Run: [D33591C6] C:\WINDOWS\system32\ldmod.exe
O4 - HKCU\..\Run: [A9EF318B] C:\WINDOWS\system32\aaaatidv.exe
O4 - HKCU\..\Run: [8372FBDE] C:\WINDOWS\system32\ctreatq.exe
O4 - HKCU\..\Run: [8493D176] C:\WINDOWS\system32\3dpra.exe
O4 - HKCU\..\Run: [AC8ED2FB] C:\WINDOWS\system32\MDMomcpo.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://*.69sexsearch.com
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwna.ops.pl...quicksilver.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.web...bex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://opp.ipiphotonet.com/XUpload.ocx

Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\extvpac.exe
C:\WINDOWS\system32\tipvdmod.exe
C:\WINDOWS\system32\edstitmgr.exe
C:\WINDOWS\system32\ldmod.exe
C:\WINDOWS\system32\aaaatidv.exe
C:\WINDOWS\system32\ctreatq.exe
C:\WINDOWS\system32\3dpra.exe
C:\WINDOWS\system32\MDMomcpo.exe
C:\WINDOWS\system32\wuclient.exe

Reboot normally and post a new log.

-=jonnyrotten=- :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP