Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91818 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Log file / HELP PLS


  • This topic is locked This topic is locked
6 replies to this topic

#1 mossad

mossad

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 November 2005 - 07:46 PM

Hi all,

Couple days ago i downloaded sume virus ,and now i cant play games or use the internet normal anymore.
File i downloaded had sumething in it called COMMAND.EXE. i removed the prog but there still something on the comp i get tons of PopUps the whole time ( got 11 writing this tread already ).

So please help me .

THANKS



Logfile of HijackThis v1.97.7
Scan saved at 2:38:39 , on 7-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Photoshop Interface Assistant\Photoshop Interface Assistant.exe
C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\whatIcan\AutoMove\ams.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\YahooPOPs\YahooPOPs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Innovatools\What's On My Computer\WOMC.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\uninstaller.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websms.starhu...ndSMS/index.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websms.starhu...ndSMS/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - C:\Program Files\Paessler Site Inspector\psibar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PS Assistant] C:\Program Files\Photoshop Interface Assistant\Photoshop Interface Assistant.exe
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Active Desktop Calendar] F:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: Accessor.Launchbar.lnk = F:\Program Files\Accessor Software\Accessor.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: YahooPOPs.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: bugmenot - file://C:\Program Files\bugmenot.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://C:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://C:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://C:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://C:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Track Page (HKLM)
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Tracker (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: Instant Source (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: PSI Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\imslsp.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .psd: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .rar: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .zip: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100004930093
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamloa...oad/XUpload.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://dd1b3-zrz7bc...ivex/RACtrl.cab

    Advertisements

Register to Remove


#2 mossad

mossad

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 November 2005 - 05:48 AM

I made a update tday after i scan my comp whit >Ewido security suit < i still have many popups .Everytime i hit a button i get 1 .

Logfile of HijackThis v1.97.7
Scan saved at 12:46:03 , on 7-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\whatIcan\AutoMove\ams.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websms.starhu...ndSMS/index.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websms.starhu...ndSMS/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PS Assistant] C:\Program Files\Photoshop Interface Assistant\Photoshop Interface Assistant.exe
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Active Desktop Calendar] F:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: Accessor.Launchbar.lnk = F:\Program Files\Accessor Software\Accessor.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: YahooPOPs.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: bugmenot - file://C:\Program Files\bugmenot.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://C:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://C:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://C:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://C:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Track Page (HKLM)
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Tracker (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: Instant Source (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: PSI Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .psd: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .rar: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .zip: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100004930093
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamloa...oad/XUpload.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://dd1b3-zrz7bc...ivex/RACtrl.cab

#3 mossad

mossad

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 November 2005 - 07:16 AM

IT keeps connecting to this site > ad-w-a-r-e.com <

#4 mossad

mossad

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 November 2005 - 05:21 PM

Please Please help me i'm getting realy sick of this ,i need to contact my gfriend on the other side the world by Voipbuster,but its fckd by this asshls that put this sht on my comp . WHY YOU GUYS DONT REPLY ?????? Did i do something wrong in the posting ?

Edited by mossad, 07 November 2005 - 05:24 PM.


#5 mossad

mossad

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 09 November 2005 - 06:27 AM

BUMP

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 12 November 2005 - 05:55 AM

Hello mossad, Welcome to the forum.

Important: Do this before any fix.

You need to update your version of HijackThis. Open HJT> Open Misc Tools> Pull the side bar down> Check for update online. If that doesn't work, download it from my signature and remove the hijackThis.exe you have now.

Also please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.


After the above:



This is what I suggest you do.

Download CWShredder from my signature below. Unzip it on the desktop.
Open CWShredder and with ALL other windows closed, click fix.


Go here and run at least one of the online scans, allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Note any thing that can't be fixed
Reboot when done.

Next:

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.



Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 27 November 2005 - 09:01 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users