Post Your Hijackthis Log

By acidosmosis
Nov 13, 2004
Topic Status:
Not open for further replies.
  1. Azazel187

    Azazel187 Newcomer, in training

    what should i have hjt fix on my log

    Logfile of HijackThis v1.97.7
    Scan saved at 4:46:55 PM, on 12/16/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Valued Customer\Application Data\iptl.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Documents and Settings\Valued Customer\Desktop\Protections\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sony.com/vaiopeople
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll (file missing)
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Valued Customer\Application Data\iptl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: SMC2635W 11Mbps WLAN Monitor.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA1243A6-298E-4831-BBBD-37C878F930D2}: NameServer = 205.188.146.145

    http://
  2. Dunamis5000

    Dunamis5000 Newcomer, in training

    log

    can anyone tell me if any of these are needed or if they should be deleted?

    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\windows\temp\rSr.exe
    C:\documents and settings\family\local settings\temp\9J.exe
    C:\documents and settings\family\local settings\temp\a4R.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\documents and settings\family\local settings\temp\BSQz0N.exe
    C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
    C:\Documents and Settings\Family\Application Data\osoa.exe
    C:\WINDOWS\System32\??oolsv.exe
    O4 - HKLM\..\Run: [rSr] C:\windows\temp\rSr.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LhoK8W3.exe
    O4 - HKLM\..\Run: [9J] C:\documents and settings\family\local settings\temp\9J.exe
    O4 - HKLM\..\Run: [a4R] C:\documents and settings\family\local settings\temp\a4R.exe
    O4 - HKLM\..\Run: [BSQz0N] C:\documents and settings\family\local settings\temp\BSQz0N.exe
    O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Family\Application Data\osoa.exe
    O4 - HKCU\..\Run: [Qamup] C:\WINDOWS\System32\??oolsv.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Azazel

    Boot in Safe Mode and uninstall and/or delete (if possible) anything to do with:
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Documents and Settings\Valued Customer\Application Data\iptl.exe
    C:\Program Files\Windows SyncroAd\SyncroAd.exe
    C:\Program Files\Open Site\opensite.exe
    C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll

    Now, still in Safe Mode, run HJT standalone and have it "fix" (if still there):
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Documents and Settings\Valued Customer\Application Data\iptl.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sony.com/vaiopeople
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll (file missing)
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Valued Customer\Application Data\iptl.exe
    O4 - Global Startup: SMC2635W 11Mbps WLAN Monitor.lnk = ?
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA1243A6-298E-4831-BBBD-37C878F930D2}: NameServer = 205.188.146.145

    After HJT, still in Safe Mode, delete anything in the bold stuff (if still there):
    C:\program files\support.com\client\bin\
    C:\Documents and Settings\Valued Customer\Application Data\
    C:\Program Files\Windows SyncroAd\
    C:\Program Files\Open Site\
    C:\WINDOWS\EliteToolBar\

    Dunamis5000

    Run HJT standalone in Safe Mode and have it "fix":

    C:\windows\temp\rSr.exe
    C:\documents and settings\family\local settings\temp\9J.exe
    C:\documents and settings\family\local settings\temp\a4R.exe
    C:\documents and settings\family\local settings\temp\BSQz0N.exe
    C:\Documents and Settings\Family\Application Data\osoa.exe
    C:\WINDOWS\System32\??oolsv.exe
    O4 - HKLM\..\Run: [rSr] C:\windows\temp\rSr.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LhoK8W3.exe
    O4 - HKLM\..\Run: [9J] C:\documents and settings\family\local settings\temp\9J.exe
    O4 - HKLM\..\Run: [a4R] C:\documents and settings\family\local settings\temp\a4R.exe
    O4 - HKLM\..\Run: [BSQz0N] C:\documents and settings\family\local settings\temp\BSQz0N.exe
    O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Family\Application Data\osoa.exe
    O4 - HKCU\..\Run: [Qamup] C:\WINDOWS\System32\??oolsv.exe

    After HJT, delete ALL contents of:
    C:\windows\temp\
    C:\documents and settings\family\local settings\temp\

    Then check in Windows Explorer if any of the other "fixed" files are still around. Delete them.
    Then reboot. If still problems, post your complete HJT.txt here.
  4. Azazel187

    Azazel187 Newcomer, in training

    How is this

    RealBlackStuff

    I had followed the directions you gave me however i do not know how to get hjt to fix
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Documents and Settings\Valued Customer\Application Data\iptl.exe

    since i never see any C:/ as option to fix
    I also could not delet this folder
    C:\Documents and Settings\Valued Customer\Application Data\
    and for the other folders i deleted the entire folder and everything within the folder after the following
    support.com
    Windows SyncroAd
    Open Site\
    EliteToolBar\
    did i do everything right??? Also here is my new HJT Log is everything alright with it??? Thanx For All Of The Helphttp://

    Logfile of HijackThis v1.97.7
    Scan saved at 3:44:50 PM, on 12/20/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Valued Customer\Desktop\Protections\hijack\HijackThis.exe

    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
  5. stephen876

    stephen876 Newcomer, in training

    Hijackthis log - Trojan Virus??

    Could someone please help me with my hijack this log. I'm a novice. I think i might have a trojan virus. Thanx.


    Logfile of HijackThis v1.99.0
    Scan saved at 5:29:54 PM, on 21/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\gu4b3j2ulhthd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe





    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\I4LLZ1~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\gu4b3j2ulhthd.exe
    O4 - HKLM\..\Run: [FX] C:\WINDOWS\Downloaded Program Files\ieloader.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: winlogin.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB7074D-8FE7-442A-A1AA-3B1B0405D970}: NameServer = 203.49.70.92 139.134.2.190
    O20 - AppInit_DLLs: grtj2hegxz8h4ydll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    Sorry if it's messy, but i couldn't post until all URl's were removed.
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Stephen876

    Go to my post http://www.techspot.com/vb/topic17297.html
    and follow it exactly.

    Then reboot in Safe Mode and run HJT standalone and let it "fix": (include the relevant lines where you could not display the URLs as well)

    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\System32\gu4b3j2ulhthd.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\I4LLZ1~1.DLL
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\gu4b3j2ulhthd.exe
    O4 - HKLM\..\Run: [FX] C:\WINDOWS\Downloaded Program Files\ieloader.exe
    O4 - Global Startup: winlogin.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB7074D-8FE7-442A-A1AA-3B1B0405D970}: NameServer = 203.49.70.92 139.134.2.190
    O20 - AppInit_DLLs: grtj2hegxz8h4ydll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl l.dll.dll.dll.dll

    When done, still in safe mode, delete
    ALCXMNTR.EXE
    gu4b3j2ulhthd.exe
    I4LLZ1~1.DLL
    ieloader.exe
    winlogin.exe
    ms-its:mhtml:file://C:\foo.mht! or whatever this is supposed to be
    all those DLLs from the 020 group

    Azazel

    Have HJT fix this (standalone in Safe Mode)
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)

    Your new HJT-log looks fine otherwise.

    While still in Safe Mode, press Ctrl/Alt/Del, select Task Manager, select Processes.
    See if you find tgcmd.exe and iptl.exe. Highlight them, then press "End Process".
    When done, go and delete them, including the relevant directories with everything else in them.
    You can also delete these directories themselves:
    Windows SyncroAd
    Open Site\
    EliteToolBar\
    Did you delete support.com? If not do so now.
  7. Miguel64

    Miguel64 Newcomer, in training

    Please check this one

    Logfile of HijackThis v1.98.2
    Scan saved at 22:51:02, on 19/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\DOCUME~1\Miguel\CONFIG~1\Temp\Directorio temporal 2 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ­nculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [mmtask] C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
    O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Miguel64

    Uninstall Flashget and Getright.
    After you have cleaned the rest with Hijackthis, go to www.stardownloader.com and install their (ad-free and free) Stardownloader.

    Uninstall anything to do with
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

    Uninstall the MSN Toolbar and do not install any other toolbar, if you want to keep your PC healthy.

    When done, run HJT on its own in safe mode and let it "fix" (if still there):

    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es\msntb.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
    O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
    O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  9. Miguel64

    Miguel64 Newcomer, in training

    Hi, thanks! can you help me

    Thanks for this! I'm from Ecuador! Greetings! Hep me with this another one

    Logfile of HijackThis v1.98.2
    Scan saved at 16:12:35, on 27/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\Jose\CONFIG~1\Temp\Directorio temporal 7 para hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ­nculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ATITool] "C:\Archivos de programa\ATITool\ATITool.exe" -s
    O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: kX Mixer.lnk = C:\WINDOWS\system32\kxmixer.exe
    O4 - Startup: Proxy.lnk = C:\Archivos de programa\AnalogX\Proxy\proxy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F059AC1E-AC71-421B-958D-F2A4AA7FCBA5}: NameServer = 200.93.233.2,200.93.233.4
  10. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Looks like it's been hijacked. You may also have a trojan.
    Please do a FULL system scan with your (updated) antivirus program.
    Then go here How to remove Begin2Search / Coolwebsearch
    and do what it says.
    If you still have problems, report back here.
  11. Miguel64

    Miguel64 Newcomer, in training

    Thanks

    Hey! Thanks a lot you're the best!
  12. Mictlantecuhtli

    Mictlantecuhtli TechSpot Evangelist Posts: 4,916   +9

    Logfile of HijackThis v1.99.0
    Scan saved at 19:09:15, on 12/29/04
    Platform: Unknown Windows (WinNT 5.02.3790 SP1, v.1289)
    MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1289)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Sygate\SPF\smc.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\cisvc.exe
    F:\WINDOWS\Explorer.EXE
    C:\seti1\setiathome-3.08.i386-winnt-cmdline.exe
    C:\seti2\setiathome-3.08.i386-winnt-cmdline.exe
    F:\WINDOWS\system32\taskmgr.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\WINDOWS\explorer.exe
    C:\TEMP\HijackThis.exe
    F:\WINDOWS\system32\cmd.exe
    F:\Program Files\Winamp\winamp.exe

    O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - Startup: seti1.lnk = C:\seti1\setiathome-3.08.i386-winnt-cmdline.exe
    O4 - Startup: seti2.lnk = C:\seti2\setiathome-3.08.i386-winnt-cmdline.exe
    O4 - Startup: taskmgr.exe.lnk = F:\WINDOWS\system32\taskmgr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file://F:\sdk\controls\sdkinst.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - F:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Maya 6 PLE Documentation Server - Unknown - F:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
    O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
  13. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Looking good, Mict
     
  14. dubR

    dubR Newcomer, in training

    hi peeps ,i m new here and need some help :dead:
  15. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    dubR,
    you should have sussed this by now....

    Go to this post here first, and follow the instructions EXACTLY.
    How to remove Begin2Search / Coolwebsearch

    After you have done your homework, post a new log, then we can help you further.
  16. dubR

    dubR Newcomer, in training

    hope i ve done it right now,thanx for the spysubtrack link
  17. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    dubR

    You did a rotten job, you should have eliminated R0, R1, R3 and O3, O16 as well as O4 loadqm and some file missing O9's.
    You also should have installed, run and "inoculated" your PC through Spybot S&D.

    If you install Firefox (as advised), there is no need for all those cheapie/freebie popup-stoppers, Firefox does that FOR you.

    Next time, please READ the instructions and follow them EXACTLY, as I said before!
    Being German/Swiss/Austrian is NO excuse not to follow those simple instructions!

    Reboot in Safe Mode, then
    UNinstall (if you can) anything to do with:
    C:\PROGRA~1\PANICW~1\POP-UP~1\
    C:\Programme\younreen\FlashGet
    C:\Programme\Popup Eliminator\
    C:\Programme\WinPcap\

    Now run HJT on its own, let it 'fix':
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\younreen\FlashGet\jc_all.htm
    O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\younreen\FlashGet\jc_link.htm
    O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Programme\Popup Eliminator\PEToolBar490.dll (file missing)
    O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Programme\Popup Eliminator\PEToolBar490.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\younreen\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\younreen\FlashGet\flashget.exe (file missing)
    O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/Applet/wchatsign.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://applications.nmpp.fr/spot/inc/ScriptX.cab
    O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://abcfunny.xxxhard.com/xxxhard.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21482601a2aa8019ee15/netzip/RdxIE601_fr.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/pthalo/de/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PEInstaller.exe
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.35mb.com/applet.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {C4A8A4DA-BD3F-4DEB-9BBB-5B6BD3571EC7} (CDKeyCtl Class) - http://www.cdkey-promotions.com/download/CDKey.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)

    Delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    And I hope sincerely that you followed the other items in my post!
  18. fyrebabe

    fyrebabe Newcomer, in training

    I need a little guidance..

    Hello..I have been reading the forums and reading these posts for a couple of days now to see if I could use someones log/solution to figures this out but alas no luck. Went to the locked thread and performed the needed fixs, and scans in safe. It cleaned out almost everything. I just have a couple of things that I am not to sure to do with. I have quit using Interet explorer and I am now using firefox 1.0 (and lovin' it!!) and the "015" entries I have already taken care of could you guys give me a hand with the rest.
    (i know i should get rid of the "09"'s as well:D)
    Thank you in advance

    Attached Files:

  19. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    fyrebabe
    Yours is easily the shortest log I have seen in a long time. Glad you did your homework.

    Take this one out of your boot-sequence, it is only checking for updates, which you can do manually just as well.
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    You may need to set some switch in the Java-console to NOT check for updates.

    A few small things.
    Boot in Safe Mode
    Run HJT on its own and let it 'fix' (if still there):
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: (HKLM)
  20. fyrebabe

    fyrebabe Newcomer, in training

    thanks so much

    aww...thanks...well things worked out on my comp..now I am trying to clean up the roomates comp-bit of "magic box" syndrome going on there...thanks once again!
  21. Anastacia

    Anastacia Newcomer, in training

    Hey, I was just thinking if you could see something wrong in this..?

    Logfile of HijackThis v1.99.0
    Scan saved at 5:58:34 PM, on 2/13/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Linksys\ADSL USB Modem\CnxDslTb.exe
    C:\PROGRAMS\Winamp\winampa.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRAMS\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRAMS\iTunes\iTunesHelper.exe
    C:\Programs\Error Nuker\bin\ErrorNuker.exe
    C:\PROGRAMS\Norton AntiVirus\navapsvc.exe
    C:\PROGRAMS\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\PROGRAMS\Panorama\Panorama.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Alisha\Desktop\ClutterBuster.exe
    C:\MOI\winmxbeta3\WinMX.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\MOI\WinMX\MXM\MXMoni128Eb\MXMoniE.exe
    C:\PROGRAMS\RoboMX\RoboMX.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRAMS\DesktopMaster 2.0\dm.exe
    C:\PROGRAMS\DesktopMaster 2.0\dm2launcher.exe
    C:\PROGRAMS\iTunes\iTunes.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Alisha\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\PROGRAMS\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRAMS\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
  22. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You have a number of doubtfuls and definitely spyware on your PC.

    Go to this post here first, and follow the instructions EXACTLY.
    How to remove Begin2Search/Coolwebsearch and Other Nasties
    Then see How to post your Hijackthis log-files.

    This is definitely wrong:
    C:\PROGRAMS\Winamp\winampa.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    Look into this lot and see what you can get rid of, while you are at it:
    C:\PROGRAMS\Messenger Plus! 3\MsgPlus.exe [Hope you installed MessengerPlus WITHOUT that "sponsor program"!]
    C:\Programs\Error Nuker\bin\ErrorNuker.exe
    C:\PROGRAMS\Panorama\Panorama.exe
    C:\Documents and Settings\Alisha\Desktop\ClutterBuster.exe
    C:\MOI\winmxbeta3\WinMX.exe
    C:\MOI\WinMX\MXM\MXMoni128Eb\MXMoniE.exe
    C:\PROGRAMS\RoboMX\RoboMX.exe
    C:\PROGRAMS\DesktopMaster 2.0\dm.exe
    C:\PROGRAMS\DesktopMaster 2.0\dm2launcher.exe
  23. ywain

    ywain Newcomer, in training

    PLease Help - PC making me physically ill

    Here is my hijack this log...........

    file of HijackThis v1.99.0
    Scan saved at 20:57:59, on 15/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuacti.exe
    C:\WINDOWS\System32\lsass2k.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\WINDOWS\system32\ps2.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DeltTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows AdStatus\WinStat.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\msnmsgq.exe
    C:\WINDOWS\svchst.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\MDNZ.exe
    C:\Program Files\Windows AdStatus\WinStatKeep.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\ur14.exe
    C:\WINDOWS\System32\mcrt32.exe
    C:\WINDOWS\System32\smtp32.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
    O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKLM\..\Run: [Windows Auto Update] wuacti.exe
    O4 - HKLM\..\Run: [NvCplScan] winasp.exe
    O4 - HKLM\..\Run:
    O4 - HKLM\..\Run: [Windows Media Player] msa.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft CSRSS386 Protocol] csrss386.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
    O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i
    O4 - HKLM\..\Run: [MDN] MDNZ.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliterjo32.exe
    O4 - HKLM\..\Run: [Start Upping] mcrt32.exe
    O4 - HKLM\..\Run: [SMTP32 Mailing Protocol] smtp32.exe
    O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
    O4 - HKLM\..\RunServices: [Windows Auto Update] wuacti.exe
    O4 - HKLM\..\RunServices: [Microsoft CSRSS386 Protocol] csrss386.exe
    O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
    O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
    O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
    O4 - HKLM\..\RunServices: [msupdate] update.exe
    O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
    O4 - HKLM\..\RunServices: [MDN] MDNZ.exe
    O4 - HKLM\..\RunServices: [Start Upping] mcrt32.exe
    O4 - HKLM\..\RunServices: [SMTP32 Mailing Protocol] smtp32.exe
    O4 - HKLM\..\RunOnce: [Windows Auto Update] wuacti.exe
    O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe
    O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\Run: [Windows Auto Update] wuacti.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MDN] MDNZ.exe
    O4 - HKCU\..\Run: [Start Upping] mcrt32.exe
    O4 - HKCU\..\Run: [SMTP32 Mailing Protocol] smtp32.exe
    O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
    O4 - HKCU\..\RunOnce: [Windows Auto Update] wuacti.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: v3cab -
    O16 - DPF:
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - [
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F55AC4C9-8A2B-4EB2-884F-432BF6A4D66A}: NameServer = 80.225.253.50 80.225.253.58
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe



    I KNOW - IT'S MASSIVE - I'M SURE THERE ARER LOTS OF THINGS TO DELETE - HAVE DELETED SOME ALREADY BEFORE POSTING THIS! I CAN'T GO ON AT THE MOMENT - MY PC STINKS!!! I HAVE HAD TO DELETE SOME URL'S
  24. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  25. mrnevermind

    mrnevermind Newcomer, in training

    My Log File Please Check 4 Me

    Please can u check my log file please as ive been on tom coyote and they dont seem to want to answer.
    I seem to be getting slow connections and spyware all the time ive been that p---ed off ive formatted 3 times in 2 days.

    Tried to attach mt log file but it's not letting me

    Logfile of HijackThis v1.99.1
    Scan saved at 16:10:25, on 24/02/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\Gtwatch.exe
    C:\WINDOWS\System32\Svhost.exe
    C:\WINDOWS\System32\svapache.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe
    C:\WINDOWS\twain_32\A12U16KD\WATCH.exe
    C:\WINDOWS\System32\mcafee32.exe
    C:\Documents and Settings\Johnny Wright\ballin.exe
    C:\WINDOWS\System32\morrn10n.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe mcafee32.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe
    O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
    O4 - HKLM\..\Run: [Microsoft Explorer] svapache.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Windows Service Pack Auto Update] C:\Documents and Settings\Johnny Wright\ballin.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
    O4 - HKLM\..\RunServices: [Microsoft Explorer] svapache.exe
    O4 - HKLM\..\RunOnce: [Register C:\WINDOWS\System32\msbe.dll] "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\msbe.dll",DllRegisterServer
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsofot x386 System Monitor] system32.exe
    O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Z056RTi9j] morrn10n.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\A12U16KD\WATCH.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9950F780-94D0-4F58-973B-CD5FEB275F76}: NameServer = 213.40.66.126 213.40.130.126
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Microsofot x386 System Monitor (SysManager) - Unknown owner - C:\WINDOWS\System32\system32.exe" -netsvcs (file missing)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.