Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthislog

Started by train3773 , Nov 06 2004 06:04 PM

  • This topic is locked This topic is locked
4 replies to this topic

#1 train3773

train3773

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 November 2004 - 06:04 PM

Hi,
I am new to this forum. I have been experiencing problems with my computer for awhile now. My girlfriend told me about this site. Here is my hijackthis log. Hopefully someone can help me with this annoying problem. Thanks in advance for any suggestions and help.
Logfile of HijackThis v1.97.7
Scan saved at 6:04:00 PM, on 11/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\apinq32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\system32\ieni32.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\Documents and Settings\Luke\Application Data\iptl.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\WINDOWS\System32\cyygwbsp.exe
c:\temp\msbb.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\VVSN\VVSN.exe
C:\temp\NCASEP~1.EXE
C:\temp\NCASEP~1.EXE
C:\temp\NCASEP~1.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\usrdtea.exe
C:\Documents and Settings\Luke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smut-fantasies.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmceh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.fin...iteyouneed.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - C:\WINDOWS\iejc.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [AdobeFonts] C:\WINDOWS\Fonts\fonts.hta
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ipte32.exe] C:\WINDOWS\system32\ipte32.exe
O4 - HKLM\..\Run: [ieni32.exe] C:\WINDOWS\system32\ieni32.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [launcher] C:\WINDOWS\System32\launcher.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [xlbqoueivnr] C:\WINDOWS\System32\cyygwbsp.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msedpb.exe
O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Luke\Application Data\iptl.exe
O4 - HKCU\..\Run: [Zjx] C:\WINDOWS\System32\??rvices.exe
O4 - HKLM\..\RunOnce: [sdkvh.exe] C:\WINDOWS\system32\sdkvh.exe
O4 - HKLM\..\RunOnce: [d3ag.exe] C:\WINDOWS\d3ag.exe
O4 - HKLM\..\RunOnce: [iear32.exe] C:\WINDOWS\system32\iear32.exe
O4 - HKLM\..\RunOnce: [sdkfo.exe] C:\WINDOWS\system32\sdkfo.exe
O4 - HKLM\..\RunOnce: [sysuh.exe] C:\WINDOWS\sysuh.exe
O4 - HKLM\..\RunOnce: [ntla.exe] C:\WINDOWS\system32\ntla.exe
O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
O4 - HKLM\..\RunOnce: [apirx32.exe] C:\WINDOWS\apirx32.exe
O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\iefc32.exe
O4 - HKLM\..\RunOnce: [mfcmv32.exe] C:\WINDOWS\mfcmv32.exe
O4 - HKLM\..\RunOnce: [sdkxs.exe] C:\WINDOWS\system32\sdkxs.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe
O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\addep.exe
O4 - HKLM\..\RunOnce: [atlma32.exe] C:\WINDOWS\atlma32.exe
O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\system32\msvg.exe
O4 - HKLM\..\RunOnce: [crbo32.exe] C:\WINDOWS\crbo32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\sysna.exe
O4 - HKLM\..\RunOnce: [sdkbg32.exe] C:\WINDOWS\sdkbg32.exe
O4 - HKLM\..\RunOnce: [mswd.exe] C:\WINDOWS\system32\mswd.exe
O4 - HKLM\..\RunOnce: [atlqt32.exe] C:\WINDOWS\system32\atlqt32.exe
O4 - HKLM\..\RunOnce: [atldo32.exe] C:\WINDOWS\atldo32.exe
O4 - HKLM\..\RunOnce: [winnh.exe] C:\WINDOWS\system32\winnh.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [ieyf32.exe] C:\WINDOWS\system32\ieyf32.exe
O4 - HKLM\..\RunOnce: [iemu.exe] C:\WINDOWS\system32\iemu.exe
O4 - HKLM\..\RunOnce: [winbp32.exe] C:\WINDOWS\system32\winbp32.exe
O4 - HKLM\..\RunOnce: [ipfp32.exe] C:\WINDOWS\system32\ipfp32.exe
O4 - HKLM\..\RunOnce: [d3pl.exe] C:\WINDOWS\system32\d3pl.exe
O4 - HKLM\..\RunOnce: [addeh.exe] C:\WINDOWS\addeh.exe
O4 - HKLM\..\RunOnce: [wincr32.exe] C:\WINDOWS\wincr32.exe
O4 - HKLM\..\RunOnce: [winam32.exe] C:\WINDOWS\system32\winam32.exe
O4 - HKLM\..\RunOnce: [sdkix32.exe] C:\WINDOWS\sdkix32.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\system32\wincd.exe
O4 - HKLM\..\RunOnce: [iprw32.exe] C:\WINDOWS\iprw32.exe
O4 - HKLM\..\RunOnce: [javacv32.exe] C:\WINDOWS\javacv32.exe
O4 - HKLM\..\RunOnce: [atlrt32.exe] C:\WINDOWS\system32\atlrt32.exe
O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe
O4 - HKLM\..\RunOnce: [ipfo32.exe] C:\WINDOWS\system32\ipfo32.exe
O4 - HKLM\..\RunOnce: [addwp32.exe] C:\WINDOWS\system32\addwp32.exe
O4 - HKLM\..\RunOnce: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe
O4 - HKLM\..\RunOnce: [crqr.exe] C:\WINDOWS\system32\crqr.exe
O4 - HKLM\..\RunOnce: [javayu.exe] C:\WINDOWS\javayu.exe
O4 - HKLM\..\RunOnce: [ntef32.exe] C:\WINDOWS\system32\ntef32.exe
O4 - HKLM\..\RunOnce: [appzt32.exe] C:\WINDOWS\system32\appzt32.exe
O4 - HKLM\..\RunOnce: [mfcos.exe] C:\WINDOWS\mfcos.exe
O4 - HKLM\..\RunOnce: [crjh32.exe] C:\WINDOWS\system32\crjh32.exe
O4 - HKLM\..\RunOnce: [ipyy32.exe] C:\WINDOWS\ipyy32.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [d3ng32.exe] C:\WINDOWS\system32\d3ng32.exe
O4 - HKLM\..\RunOnce: [mssf32.exe] C:\WINDOWS\system32\mssf32.exe
O4 - HKLM\..\RunOnce: [msxy32.exe] C:\WINDOWS\system32\msxy32.exe
O4 - HKLM\..\RunOnce: [mfcrg.exe] C:\WINDOWS\mfcrg.exe
O4 - HKLM\..\RunOnce: [addzr.exe] C:\WINDOWS\system32\addzr.exe
O4 - HKLM\..\RunOnce: [d3ke.exe] C:\WINDOWS\d3ke.exe
O4 - HKLM\..\RunOnce: [mfchz32.exe] C:\WINDOWS\mfchz32.exe
O4 - HKLM\..\RunOnce: [atlrd32.exe] C:\WINDOWS\atlrd32.exe
O4 - HKLM\..\RunOnce: [addmy32.exe] C:\WINDOWS\addmy32.exe
O4 - HKLM\..\RunOnce: [winwu.exe] C:\WINDOWS\system32\winwu.exe
O4 - HKLM\..\RunOnce: [systx.exe] C:\WINDOWS\systx.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\iezp32.exe
O4 - HKLM\..\RunOnce: [sysrl.exe] C:\WINDOWS\sysrl.exe
O4 - HKLM\..\RunOnce: [mfczf32.exe] C:\WINDOWS\mfczf32.exe
O4 - HKLM\..\RunOnce: [netyw32.exe] C:\WINDOWS\system32\netyw32.exe
O4 - HKLM\..\RunOnce: [syslg.exe] C:\WINDOWS\syslg.exe
O4 - HKLM\..\RunOnce: [ieqz32.exe] C:\WINDOWS\system32\ieqz32.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\system32\appvb32.exe
O4 - HKLM\..\RunOnce: [syssd32.exe] C:\WINDOWS\syssd32.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Luke\LOCALS~1\Temp\djtopr1150.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/emCraft1.cab
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (Infragistics ComboBox Control) - http://tcapps.selu.e...mon/pvcombo.cab
O16 - DPF: {21735A92-2D20-0D29-9608-5E421A0AA728} - http://63.219.178.91/1/rdgUS1479.exe
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://tcapps.selu.e...mmon/iemenu.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...69/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://tcapps.selu.e...tivexviewer.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (Infragistics DataTable Control 8.0 (OLEDB)) - http://tcapps.selu.e...mmon/pvdt80.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

Edited by Micah_6:8, 06 November 2004 - 06:20 PM.

    Advertisements

Register to Remove

#2 dgosling

dgosling

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 2,499 posts

Posted 12 November 2004 - 08:18 PM

Are you still having problems with your computer? If so please Scan again with HijackTHis and POST a new log file here in this thread using Add Reply.
Posted Image

#3 train3773

train3773

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 14 November 2004 - 04:46 PM

yes very much so. PLease help, i cannot even hardly view a website without getting bombarded with several popups til the computer just freezes up.





Logfile of HijackThis v1.97.7
Scan saved at 4:43:55 PM, on 11/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\apinq32.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Temp\salm.exe
C:\Program Files\CSBB\csAOLldr.exe
C:\WINDOWS\System32\winupdt.exe
C:\DOCUME~1\Luke\LOCALS~1\Temp\ICD11.tmp\svcmm32.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\TimeSynchronize.exe
C:\WINDOWS\dhsvr.exe
C:\WINDOWS\explorer.exe
c:\Program Files\Bcpc\bcpc.exe
C:\WINDOWS\System32\tgrtt.exe
C:\WINDOWS\System32\enboq.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\prjtect.exe
C:\WINDOWS\System32\prjtect.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\ieni32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\ocprop2d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\usrdtea.exe
C:\Documents and Settings\Luke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smut-fantasies.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qcnov.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.fin...iteyouneed.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - C:\WINDOWS\ierz32.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [AdobeFonts] C:\WINDOWS\Fonts\fonts.hta
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ipte32.exe] C:\WINDOWS\system32\ipte32.exe
O4 - HKLM\..\Run: [ieni32.exe] C:\WINDOWS\system32\ieni32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [xlbqoueivnr] C:\WINDOWS\System32\cyygwbsp.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program Files\WhenUSearch\whse.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [djzzwc] C:\WINDOWS\System32\djzzwc.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Luke\LOCALS~1\Temp\ICD11.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [BCPC] "c:\Program Files\Bcpc\bcpc.exe"
O4 - HKLM\..\Run: [Breg] "c:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [Xcpy1] "c:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [p34P3qW] tgrtt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ocprop2d] C:\WINDOWS\System32\ocprop2d.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Luke\Application Data\iptl.exe
O4 - HKCU\..\Run: [Zjx] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Y0vFRka6S] enboq.exe
O4 - HKCU\..\Run: [prjtect] C:\WINDOWS\System32\prjtect.exe
O4 - HKLM\..\RunOnce: [sdkvh.exe] C:\WINDOWS\system32\sdkvh.exe
O4 - HKLM\..\RunOnce: [d3ag.exe] C:\WINDOWS\d3ag.exe
O4 - HKLM\..\RunOnce: [iear32.exe] C:\WINDOWS\system32\iear32.exe
O4 - HKLM\..\RunOnce: [sdkfo.exe] C:\WINDOWS\system32\sdkfo.exe
O4 - HKLM\..\RunOnce: [ntla.exe] C:\WINDOWS\system32\ntla.exe
O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
O4 - HKLM\..\RunOnce: [apirx32.exe] C:\WINDOWS\apirx32.exe
O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\iefc32.exe
O4 - HKLM\..\RunOnce: [mfcmv32.exe] C:\WINDOWS\mfcmv32.exe
O4 - HKLM\..\RunOnce: [sdkxs.exe] C:\WINDOWS\system32\sdkxs.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe
O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\addep.exe
O4 - HKLM\..\RunOnce: [atlma32.exe] C:\WINDOWS\atlma32.exe
O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\system32\msvg.exe
O4 - HKLM\..\RunOnce: [crbo32.exe] C:\WINDOWS\crbo32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\sysna.exe
O4 - HKLM\..\RunOnce: [sdkbg32.exe] C:\WINDOWS\sdkbg32.exe
O4 - HKLM\..\RunOnce: [mswd.exe] C:\WINDOWS\system32\mswd.exe
O4 - HKLM\..\RunOnce: [atlqt32.exe] C:\WINDOWS\system32\atlqt32.exe
O4 - HKLM\..\RunOnce: [atldo32.exe] C:\WINDOWS\atldo32.exe
O4 - HKLM\..\RunOnce: [winnh.exe] C:\WINDOWS\system32\winnh.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [ieyf32.exe] C:\WINDOWS\system32\ieyf32.exe
O4 - HKLM\..\RunOnce: [iemu.exe] C:\WINDOWS\system32\iemu.exe
O4 - HKLM\..\RunOnce: [winbp32.exe] C:\WINDOWS\system32\winbp32.exe
O4 - HKLM\..\RunOnce: [ipfp32.exe] C:\WINDOWS\system32\ipfp32.exe
O4 - HKLM\..\RunOnce: [d3pl.exe] C:\WINDOWS\system32\d3pl.exe
O4 - HKLM\..\RunOnce: [addeh.exe] C:\WINDOWS\addeh.exe
O4 - HKLM\..\RunOnce: [wincr32.exe] C:\WINDOWS\wincr32.exe
O4 - HKLM\..\RunOnce: [winam32.exe] C:\WINDOWS\system32\winam32.exe
O4 - HKLM\..\RunOnce: [sdkix32.exe] C:\WINDOWS\sdkix32.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\system32\wincd.exe
O4 - HKLM\..\RunOnce: [iprw32.exe] C:\WINDOWS\iprw32.exe
O4 - HKLM\..\RunOnce: [javacv32.exe] C:\WINDOWS\javacv32.exe
O4 - HKLM\..\RunOnce: [atlrt32.exe] C:\WINDOWS\system32\atlrt32.exe
O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe
O4 - HKLM\..\RunOnce: [ipfo32.exe] C:\WINDOWS\system32\ipfo32.exe
O4 - HKLM\..\RunOnce: [addwp32.exe] C:\WINDOWS\system32\addwp32.exe
O4 - HKLM\..\RunOnce: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe
O4 - HKLM\..\RunOnce: [crqr.exe] C:\WINDOWS\system32\crqr.exe
O4 - HKLM\..\RunOnce: [javayu.exe] C:\WINDOWS\javayu.exe
O4 - HKLM\..\RunOnce: [ntef32.exe] C:\WINDOWS\system32\ntef32.exe
O4 - HKLM\..\RunOnce: [appzt32.exe] C:\WINDOWS\system32\appzt32.exe
O4 - HKLM\..\RunOnce: [mfcos.exe] C:\WINDOWS\mfcos.exe
O4 - HKLM\..\RunOnce: [crjh32.exe] C:\WINDOWS\system32\crjh32.exe
O4 - HKLM\..\RunOnce: [ipyy32.exe] C:\WINDOWS\ipyy32.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [d3ng32.exe] C:\WINDOWS\system32\d3ng32.exe
O4 - HKLM\..\RunOnce: [mssf32.exe] C:\WINDOWS\system32\mssf32.exe
O4 - HKLM\..\RunOnce: [msxy32.exe] C:\WINDOWS\system32\msxy32.exe
O4 - HKLM\..\RunOnce: [mfcrg.exe] C:\WINDOWS\mfcrg.exe
O4 - HKLM\..\RunOnce: [addzr.exe] C:\WINDOWS\system32\addzr.exe
O4 - HKLM\..\RunOnce: [d3ke.exe] C:\WINDOWS\d3ke.exe
O4 - HKLM\..\RunOnce: [mfchz32.exe] C:\WINDOWS\mfchz32.exe
O4 - HKLM\..\RunOnce: [atlrd32.exe] C:\WINDOWS\atlrd32.exe
O4 - HKLM\..\RunOnce: [addmy32.exe] C:\WINDOWS\addmy32.exe
O4 - HKLM\..\RunOnce: [winwu.exe] C:\WINDOWS\system32\winwu.exe
O4 - HKLM\..\RunOnce: [systx.exe] C:\WINDOWS\systx.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\iezp32.exe
O4 - HKLM\..\RunOnce: [sysrl.exe] C:\WINDOWS\sysrl.exe
O4 - HKLM\..\RunOnce: [mfczf32.exe] C:\WINDOWS\mfczf32.exe
O4 - HKLM\..\RunOnce: [netyw32.exe] C:\WINDOWS\system32\netyw32.exe
O4 - HKLM\..\RunOnce: [syslg.exe] C:\WINDOWS\syslg.exe
O4 - HKLM\..\RunOnce: [ieqz32.exe] C:\WINDOWS\system32\ieqz32.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\system32\appvb32.exe
O4 - HKLM\..\RunOnce: [syssd32.exe] C:\WINDOWS\syssd32.exe
O4 - HKLM\..\RunOnce: [sysuh.exe] C:\WINDOWS\sysuh.exe
O4 - HKLM\..\RunOnce: [Register C:\WINDOWS\System32\mscb.dll] "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\mscb.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [bcpc_c] "c:\Program Files\Bcpc\bcpc_c.exe"
O4 - HKLM\..\RunOnce: [t] "c:\Program Files\XML\xclean.exe"
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/emCraft1.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bargain-b...31_ICMEDIAX.cab
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (Infragistics ComboBox Control) - http://tcapps.selu.e...mon/pvcombo.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thoug.../install007.exe
O16 - DPF: {21735A92-2D20-0D29-9608-5E421A0AA728} - http://63.219.178.91/1/rdgUS1479.exe
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://tcapps.selu.e...mmon/iemenu.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/loader2.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...69/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://tcapps.selu.e...tivexviewer.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (Infragistics DataTable Control 8.0 (OLEDB)) - http://tcapps.selu.e...mmon/pvdt80.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - http://www.ouchvideo...mmviewer_ic.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

#4 dgosling

dgosling

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 2,499 posts

Posted 15 November 2004 - 05:31 PM

Hello train3773
I am sorry for the further delay - I didn't get the email notification I should have but I am here now.

Yes you have quite the mess there am surprised you can use your computer at all!
I will need you to run a couple of diagnostic tools before I can help you fix your computer. If I cant get the information then it will be almost impossible to find the hidden parts of the infection that will just reinstall it if we fix it. I will give you some instructions now and you can post back with the information.

Step#1:

The following programs are malware and need to be removed. You may be able to find replacements for them and read about the Safe Programs

Please go to Start > Control Panel > Add Remove Programs and uninstall each of the following:

AWS\WeatherBug
Internet Optimizer
Windows AdTools
Web_Rebates
BullsEye Network or Bargain ? could be either or both
WhenU Weathercast or VVSN
NCase



Step#2:

1. Please download Service Filter

2. Extract it to it's own folder.

3. Click on ServiceFilter.vbs

4. A text file called POST_THIS will be in the same folder

5. Please use Edit>Select all then Edit>Copy to obtain the contents

6. Please Post the contents into this thread using 'Add Reply'
Posted Image

#5 dgosling

dgosling

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 2,499 posts

Posted 01 December 2004 - 10:48 PM

This topic will be closed because it has been inactive for 14 days.

If you need it reopened, please send an email to the following (Click for address) with the Subject line of the email "Reopen".

To receive a response, please include in your email: your post user name, details of why you need it reopened, and a valid link to your post.

Emails with bad links to the post, emails that are not from the original poster, and emails that do not have "ReOpen" as the subject line, will be deleted without being opening.

Please start a New Topic if this is not your thread. Thank-you for your co-operation.
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·