Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack this log/ aim virus

Started by freedomexists , Feb 06 2006 02:20 PM

  • This topic is locked This topic is locked
21 replies to this topic

#1 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 February 2006 - 02:20 PM

Hey, recently I got an aim virus which made my computer VERY slow and hardly even working. I downloaded Aimfix which i followed the instructions for safe mode, etc. I keep on getting strange pop ups and my computer will randomly shut off and then a blue screen comes up which says ' fatal system error'
anyways, I was just wondering if someone can assist in telling me what to delete in my hijack log =)

Logfile of HijackThis v1.99.1
Scan saved at 7:28:17 AM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Waqukw\Trmyzcp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\eee2.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zumrp] C:\Program Files\Waqukw\Trmyzcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 22197250
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinmsap.exe FI002
O4 - HKLM\..\Run: [WSK@] c:\windows\eee2.exe
O4 - HKLM\..\Run: [=464] C:\windows\eee2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120660573468
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...687/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\q8860ilse8q60.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Edited by freedomexists, 06 February 2006 - 02:38 PM.

    Advertisements

Register to Remove

#2 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 February 2006 - 07:16 PM

please help =)

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 February 2006 - 07:30 PM

Hello freedomexists, Welcome to the forum.

This is what I suggest you do.

Important: Do this before any fix.

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.

The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files.



After the above:


Download: ResetProtocolDefaults.reg to your desktop.
http://www.mvps.org/...colDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)



Please do not delete anything unless instructed to.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 06:07 AM

I did all that ,but here is a log file of hijackthis
for some reason the ewido didnt save

Logfile of HijackThis v1.99.1
Scan saved at 7:06:10 AM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\eee2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\owinmsap.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zumrp] C:\Program Files\Waqukw\Trmyzcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 22197250
O4 - HKLM\..\Run: [WSK@] c:\windows\eee2.exe
O4 - HKLM\..\Run: [=464] C:\windows\eee2.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinmsap.exe FI002
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinmsap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120660573468
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...687/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hr4805hue.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

help would be great

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 06:46 AM

You still have some bad guys.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 03:11 PM

Alright, currently whenever i turn my computer on something comes up that says 'error loading 0go40980.dll , the specified module could not be found' and that has been happening since i did aimfix.

here is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:04 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zumrp] C:\Program Files\Waqukw\Trmyzcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 22197250
O4 - HKLM\..\Run: [=464] C:\windows\eee2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120660573468
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...687/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hr4805hue.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


and here is the spy sweeper log

********
3:31 PM: | Start of Session, Tuesday, February 07, 2006 |
3:31 PM: Spy Sweeper started
3:31 PM: Sweep initiated using definitions version 611
3:31 PM: Starting Memory Sweep
3:33 PM: Memory Sweep Complete, Elapsed Time: 00:01:51
3:33 PM: Starting Registry Sweep
3:33 PM: Found Adware: purityscan
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137984)
3:33 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075)
3:33 PM: Found Adware: elitemediagroup-mediamotor
3:33 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
3:33 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
3:33 PM: Found Adware: surfsidekick
3:33 PM: HKU\.default\software\surfsidekick3\ (2 subtraces) (ID = 143387)
3:33 PM: Found Adware: ist software
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
3:33 PM: Found Adware: ist yoursitebar
3:33 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
3:33 PM: Found Adware: zenosearchassistant
3:33 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934)
3:33 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935)
3:33 PM: Found Adware: findthewebsiteyouneed hijack
3:33 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
3:33 PM: Found Adware: clkoptimizer
3:33 PM: HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\ (1 subtraces) (ID = 753449)
3:33 PM: Found Adware: winad
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
3:33 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
3:33 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm83.ocx (ID = 959929)
3:33 PM: Found Adware: mediamotor - popuppers
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm83.ocx\ (2 subtraces) (ID = 960758)
3:33 PM: Found Adware: elitemediagroup-pop64
3:33 PM: HKCR\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (6 subtraces) (ID = 967504)
3:33 PM: HKCR\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967532)
3:33 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967541)
3:33 PM: HKCR\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967550)
3:33 PM: HKLM\software\classes\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (6 subtraces) (ID = 967564)
3:33 PM: HKLM\software\classes\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967592)
3:33 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967601)
3:33 PM: HKLM\software\classes\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967610)
3:33 PM: Found Adware: mirar webband
3:33 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055242)
3:33 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055248)
3:33 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055250)
3:33 PM: HKCR\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055256)
3:33 PM: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055268)
3:33 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055285)
3:33 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055291)
3:33 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055293)
3:33 PM: HKLM\software\classes\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055311)
3:33 PM: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055323)
3:33 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860)
3:33 PM: Found Adware: dollarrevenue
3:33 PM: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-501\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-501\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-501\software\surfsidekick3\ (5 subtraces) (ID = 143412)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-500\software\surfsidekick3\ (4 subtraces) (ID = 143412)
3:33 PM: Found Adware: internetoptimizer
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\avenue media\ (ID = 128887)
3:33 PM: Found Adware: 180search assistant/zango
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\salm\ (14 subtraces) (ID = 135792)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\surfsidekick3\ (3 subtraces) (ID = 143412)
3:33 PM: Found Adware: webrebates
3:33 PM: HKU\WRSS_Profile_S-1-5-21-299502267-1292428093-682003330-1004\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
3:33 PM: HKU\S-1-5-21-299502267-1292428093-682003330-1003\software\microsoft\internet explorer\urlsearchhooks\ || _{02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 165102)
3:33 PM: Found Adware: lopdotcom
3:33 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
3:33 PM: HKU\S-1-5-18\software\surfsidekick3\ (2 subtraces) (ID = 143412)
3:33 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
3:33 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
3:33 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
3:33 PM: Registry Sweep Complete, Elapsed Time:00:00:21
3:33 PM: Starting Cookie Sweep
3:33 PM: Found Spy Cookie: belnk cookie
3:33 PM: guest@belnk[1].txt (ID = 2292)
3:33 PM: guest@dist.belnk[2].txt (ID = 2293)
3:33 PM: Found Spy Cookie: tacoda cookie
3:33 PM: guest@tacoda[1].txt (ID = 6444)
3:33 PM: Found Spy Cookie: primaryads cookie
3:33 PM: guy@1.primaryads[2].txt (ID = 3190)
3:33 PM: Found Spy Cookie: yieldmanager cookie
3:33 PM: guy@ad.yieldmanager[1].txt (ID = 3751)
3:33 PM: Found Spy Cookie: adknowledge cookie
3:33 PM: guy@adknowledge[2].txt (ID = 2072)
3:33 PM: Found Spy Cookie: ask cookie
3:33 PM: guy@ask[1].txt (ID = 2245)
3:33 PM: guy@ath.belnk[1].txt (ID = 2293)
3:33 PM: Found Spy Cookie: atwola cookie
3:33 PM: guy@atwola[2].txt (ID = 2255)
3:33 PM: Found Spy Cookie: azjmp cookie
3:33 PM: guy@azjmp[2].txt (ID = 2270)
3:33 PM: Found Spy Cookie: banners cookie
3:33 PM: guy@banners[2].txt (ID = 2282)
3:33 PM: Found Spy Cookie: banner cookie
3:33 PM: guy@banner[1].txt (ID = 2276)
3:33 PM: guy@belnk[2].txt (ID = 2292)
3:33 PM: Found Spy Cookie: carsbelowinvoice cookie
3:33 PM: guy@carsbelowinvoice[2].txt (ID = 2352)
3:33 PM: Found Spy Cookie: dealtime cookie
3:33 PM: guy@dealtime[1].txt (ID = 2505)
3:33 PM: Found Spy Cookie: directtrack cookie
3:33 PM: guy@directtrack[1].txt (ID = 2527)
3:33 PM: guy@dist.belnk[2].txt (ID = 2293)
3:33 PM: Found Spy Cookie: 2o7.net cookie
3:33 PM: guy@efashionsolutions.122.2o7[2].txt (ID = 1958)
3:33 PM: Found Spy Cookie: fe.lea.lycos.com cookie
3:33 PM: guy@fe.lea.lycos[2].txt (ID = 2660)
3:33 PM: Found Spy Cookie: go2net.com cookie
3:33 PM: guy@go2net[1].txt (ID = 2730)
3:33 PM: Found Spy Cookie: screensavers.com cookie
3:33 PM: guy@i.screensavers[1].txt (ID = 3298)
3:33 PM: Found Spy Cookie: zango cookie
3:33 PM: guy@lp.zango[1].txt (ID = 3761)
3:33 PM: Found Spy Cookie: metareward.com cookie
3:33 PM: guy@metareward[2].txt (ID = 2990)
3:33 PM: Found Spy Cookie: mygeek cookie
3:33 PM: guy@mygeek[1].txt (ID = 3041)
3:33 PM: Found Spy Cookie: nextag cookie
3:33 PM: guy@nextag[1].txt (ID = 5014)
3:33 PM: Found Spy Cookie: paypopup cookie
3:33 PM: guy@paypopup[1].txt (ID = 3119)
3:33 PM: guy@rapidresponse.directtrack[2].txt (ID = 2528)
3:33 PM: Found Spy Cookie: servlet cookie
3:33 PM: guy@servlet[1].txt (ID = 3345)
3:33 PM: guy@servlet[2].txt (ID = 3345)
3:33 PM: guy@stat.dealtime[1].txt (ID = 2506)
3:33 PM: Found Spy Cookie: reliablestats cookie
3:33 PM: guy@stats1.reliablestats[1].txt (ID = 3254)
3:33 PM: Found Spy Cookie: toprebates.com cookie
3:33 PM: guy@toprebates[2].txt (ID = 3561)
3:33 PM: Found Spy Cookie: ugo cookie
3:33 PM: guy@ugo[1].txt (ID = 3608)
3:33 PM: Found Spy Cookie: epilot cookie
3:33 PM: guy@www.epilot[1].txt (ID = 2622)
3:33 PM: guy@www.screensavers[2].txt (ID = 3298)
3:33 PM: Found Spy Cookie: try games cookie
3:33 PM: guy@www.trygames[1].txt (ID = 3594)
3:33 PM: owner@2o7[2].txt (ID = 1957)
3:33 PM: Found Spy Cookie: websponsors cookie
3:33 PM: owner@a.websponsors[1].txt (ID = 3665)
3:33 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
3:33 PM: Found Spy Cookie: adecn cookie
3:33 PM: owner@adecn[1].txt (ID = 2063)
3:33 PM: owner@adknowledge[2].txt (ID = 2072)
3:33 PM: Found Spy Cookie: specificclick.com cookie
3:33 PM: owner@adopt.specificclick[1].txt (ID = 3400)
3:33 PM: Found Spy Cookie: adrevolver cookie
3:33 PM: owner@adrevolver[2].txt (ID = 2088)
3:33 PM: owner@adrevolver[3].txt (ID = 2088)
3:33 PM: Found Spy Cookie: advertising cookie
3:33 PM: owner@advertising[2].txt (ID = 2175)
3:33 PM: owner@ar.atwola[1].txt (ID = 2256)
3:33 PM: owner@ask[1].txt (ID = 2245)
3:33 PM: Found Spy Cookie: atlas dmt cookie
3:33 PM: owner@atdmt[2].txt (ID = 2253)
3:33 PM: owner@ath.belnk[2].txt (ID = 2293)
3:33 PM: owner@atwola[1].txt (ID = 2255)
3:33 PM: owner@banner[1].txt (ID = 2276)
3:33 PM: owner@belnk[1].txt (ID = 2292)
3:33 PM: Found Spy Cookie: bluestreak cookie
3:33 PM: owner@bluestreak[1].txt (ID = 2314)
3:33 PM: Found Spy Cookie: casalemedia cookie
3:33 PM: owner@casalemedia[1].txt (ID = 2354)
3:33 PM: owner@dist.belnk[2].txt (ID = 2293)
3:33 PM: owner@entrepreneur.122.2o7[1].txt (ID = 1958)
3:33 PM: Found Spy Cookie: clickandtrack cookie
3:33 PM: owner@hits.clickandtrack[2].txt (ID = 2397)
3:33 PM: Found Spy Cookie: hypertracker.com cookie
3:33 PM: owner@hypertracker[1].txt (ID = 2817)
3:33 PM: Found Spy Cookie: mediaplex cookie
3:33 PM: owner@mediaplex[1].txt (ID = 6442)
3:33 PM: owner@partygaming.122.2o7[1].txt (ID = 1958)
3:33 PM: Found Spy Cookie: partypoker cookie
3:33 PM: owner@partypoker[2].txt (ID = 3111)
3:33 PM: owner@paypopup[2].txt (ID = 3119)
3:33 PM: Found Spy Cookie: pro-market cookie
3:33 PM: owner@pro-market[1].txt (ID = 3197)
3:33 PM: Found Spy Cookie: questionmarket cookie
3:33 PM: owner@questionmarket[1].txt (ID = 3217)
3:33 PM: Found Spy Cookie: popuppers cookie
3:33 PM: owner@ran.popuppers[1].txt (ID = 3158)
3:33 PM: Found Spy Cookie: realmedia cookie
3:33 PM: owner@realmedia[1].txt (ID = 3235)
3:33 PM: Found Spy Cookie: revenue.net cookie
3:33 PM: owner@revenue[1].txt (ID = 3257)
3:33 PM: owner@tacoda[1].txt (ID = 6444)
3:33 PM: Found Spy Cookie: tribalfusion cookie
3:33 PM: owner@tribalfusion[1].txt (ID = 3589)
3:33 PM: owner@yieldmanager[1].txt (ID = 3749)
3:33 PM: Found Spy Cookie: zenotecnico cookie
3:33 PM: owner@zenotecnico[2].txt (ID = 3858)
3:33 PM: system@adknowledge[2].txt (ID = 2072)
3:33 PM: Found Spy Cookie: searchingbooth cookie
3:33 PM: system@banners.searchingbooth[1].txt (ID = 3322)
3:33 PM: Found Spy Cookie: top-banners cookie
3:33 PM: system@media.top-banners[1].txt (ID = 3548)
3:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
3:33 PM: Starting File Sweep
3:33 PM: Found Adware: command
3:33 PM: c:\program files\network monitor (1 subtraces) (ID = -2147459771)
3:34 PM: 18057.mht (ID = 148810)
3:34 PM: mediaticketsinstaller.inf (ID = 73158)
3:34 PM: sskknwrd.dll (ID = 77733)
3:35 PM: Found Adware: quicklink search toolbar
3:35 PM: cygwid[1].exe (ID = 238239)
3:36 PM: elite.ocx (ID = 187157)
3:36 PM: Found Adware: ist surf accuracy
3:36 PM: ce8bc24e-ed1a-4282-85c8-b9247f (ID = 115677)
3:37 PM: Found Adware: targetsaver
3:37 PM: tsupdate2[2].ini (ID = 193498)
3:37 PM: netmon.exe (ID = 231443)
3:38 PM: yoinsi[1].exe (ID = 213483)
3:38 PM: yoinsi.exe (ID = 213483)
3:39 PM: cfout.txt (ID = 64027)
3:39 PM: mediaticketsinstaller.ocx (ID = 73162)
3:40 PM: Found Trojan Horse: trojan-downloader-dh
3:40 PM: dh9013[1].exe (ID = 208497)
3:40 PM: sskknwrd.dll (ID = 77733)
3:42 PM: uninstall_nmon.vbs (ID = 231442)
3:42 PM: m67m.inf (ID = 186017)
3:43 PM: zifi002[1].exe (ID = 235993)
3:43 PM: zifi002.exe (ID = 235993)
3:43 PM: myupdates[1].exe (ID = 238586)
3:43 PM: installer[1].exe (ID = 231664)
3:45 PM: 11185_wgse.exe.bak (ID = 238240)
3:45 PM: cfin (ID = 64026)
3:46 PM: 876057[1].exe (ID = 185463)
3:47 PM: mediaticketsinstaller.ocx (ID = 73162)
3:48 PM: 876057.exe (ID = 185463)
3:49 PM: winats.dll (ID = 208226)
3:49 PM: mediaview[1].cab (ID = 187158)
3:50 PM: Found Trojan Horse: trojan-downloader-curgsi
3:50 PM: jkill.exe (ID = 80310)
3:50 PM: djtopr1150.exe (ID = 83907)
3:50 PM: elite.inf (ID = 187156)
3:50 PM: Found Trojan Horse: trojan-downloder-zenotecnico_1
3:50 PM: ap[1].exe (ID = 233302)
3:52 PM: zeno.lnk (ID = 146127)
3:53 PM: zeno.lnk (ID = 146127)
3:53 PM: sskcwrd.dll (ID = 77712)
3:53 PM: 3eaa37ff-5cfd-430d-8560-c13c94 (ID = 70515)
3:53 PM: zxdnt3d.cfg (ID = 91140)
3:53 PM: Found Adware: zquest
3:53 PM: setup[1].ini (ID = 238253)
3:53 PM: ozhdsrtdszhs.vbs (ID = 185675)
3:53 PM: 9788b86f-5456-4649-b6f6-ecff3c.asq (ID = 208224)
3:53 PM: Warning: Unhandled Archive Type
3:53 PM: File Sweep Complete, Elapsed Time: 00:19:47
3:53 PM: Full Sweep has completed. Elapsed time 00:22:12
3:53 PM: Traces Found: 354
4:02 PM: Removal process initiated
4:02 PM: Quarantining All Traces: 180search assistant/zango
4:02 PM: Quarantining All Traces: clkoptimizer
4:02 PM: Quarantining All Traces: lopdotcom
4:02 PM: Quarantining All Traces: purityscan
4:02 PM: Quarantining All Traces: dollarrevenue
4:02 PM: Quarantining All Traces: internetoptimizer
4:02 PM: Quarantining All Traces: quicklink search toolbar
4:02 PM: Quarantining All Traces: surfsidekick
4:02 PM: Quarantining All Traces: trojan-downloader-curgsi
4:02 PM: Quarantining All Traces: trojan-downloader-dh
4:02 PM: Quarantining All Traces: trojan-downloder-zenotecnico_1
4:02 PM: Quarantining All Traces: winad
4:02 PM: Quarantining All Traces: zquest
4:02 PM: Quarantining All Traces: command
4:02 PM: Quarantining All Traces: elitemediagroup-mediamotor
4:02 PM: Quarantining All Traces: elitemediagroup-pop64
4:02 PM: Quarantining All Traces: findthewebsiteyouneed hijack
4:02 PM: Quarantining All Traces: ist software
4:02 PM: Quarantining All Traces: ist surf accuracy
4:02 PM: Quarantining All Traces: ist yoursitebar
4:02 PM: Quarantining All Traces: mediamotor - popuppers
4:02 PM: Quarantining All Traces: mirar webband
4:02 PM: Quarantining All Traces: targetsaver
4:02 PM: Quarantining All Traces: webrebates
4:02 PM: Quarantining All Traces: zenosearchassistant
4:02 PM: Quarantining All Traces: 2o7.net cookie
4:02 PM: Quarantining All Traces: adecn cookie
4:02 PM: Quarantining All Traces: adknowledge cookie
4:02 PM: Quarantining All Traces: adrevolver cookie
4:02 PM: Quarantining All Traces: advertising cookie
4:02 PM: Quarantining All Traces: ask cookie
4:02 PM: Quarantining All Traces: atlas dmt cookie
4:02 PM: Quarantining All Traces: atwola cookie
4:02 PM: Quarantining All Traces: azjmp cookie
4:02 PM: Quarantining All Traces: banner cookie
4:02 PM: Quarantining All Traces: banners cookie
4:02 PM: Quarantining All Traces: belnk cookie
4:02 PM: Quarantining All Traces: bluestreak cookie
4:02 PM: Quarantining All Traces: carsbelowinvoice cookie
4:02 PM: Quarantining All Traces: casalemedia cookie
4:02 PM: Quarantining All Traces: clickandtrack cookie
4:02 PM: Quarantining All Traces: dealtime cookie
4:02 PM: Quarantining All Traces: directtrack cookie
4:02 PM: Quarantining All Traces: epilot cookie
4:02 PM: Quarantining All Traces: fe.lea.lycos.com cookie
4:02 PM: Quarantining All Traces: go2net.com cookie
4:02 PM: Quarantining All Traces: hypertracker.com cookie
4:02 PM: Quarantining All Traces: mediaplex cookie
4:02 PM: Quarantining All Traces: metareward.com cookie
4:02 PM: Quarantining All Traces: mygeek cookie
4:02 PM: Quarantining All Traces: nextag cookie
4:02 PM: Quarantining All Traces: partypoker cookie
4:02 PM: Quarantining All Traces: paypopup cookie
4:02 PM: Quarantining All Traces: popuppers cookie
4:02 PM: Quarantining All Traces: primaryads cookie
4:02 PM: Quarantining All Traces: pro-market cookie
4:02 PM: Quarantining All Traces: questionmarket cookie
4:02 PM: Quarantining All Traces: realmedia cookie
4:02 PM: Quarantining All Traces: reliablestats cookie
4:02 PM: Quarantining All Traces: revenue.net cookie
4:02 PM: Quarantining All Traces: screensavers.com cookie
4:02 PM: Quarantining All Traces: searchingbooth cookie
4:02 PM: Quarantining All Traces: servlet cookie
4:02 PM: Quarantining All Traces: specificclick.com cookie
4:02 PM: Quarantining All Traces: tacoda cookie
4:02 PM: Quarantining All Traces: top-banners cookie
4:02 PM: Quarantining All Traces: toprebates.com cookie
4:02 PM: Quarantining All Traces: tribalfusion cookie
4:02 PM: Quarantining All Traces: try games cookie
4:02 PM: Quarantining All Traces: ugo cookie
4:02 PM: Quarantining All Traces: websponsors cookie
4:02 PM: Quarantining All Traces: yieldmanager cookie
4:02 PM: Quarantining All Traces: zango cookie
4:02 PM: Quarantining All Traces: zenotecnico cookie
4:02 PM: Removal process completed. Elapsed time 00:00:51
********
3:29 PM: | Start of Session, Tuesday, February 07, 2006 |
3:29 PM: Spy Sweeper started
3:30 PM: Your spyware definitions have been updated.
3:31 PM: | End of Session, Tuesday, February 07, 2006 |

help would be great again =), thanks

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 04:14 PM

I suggest you do this:


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Use Add/Remove Programs and remove: Unless you have purchased them.
SpySweeper
ewido


We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Zumrp] C:\Program Files\Waqukw\Trmyzcp.exe
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 22197250
O4 - HKLM\..\Run: [=464] C:\windows\eee2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hr4805hue.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


delete these folders if listed:
C:\Program Files\Waqukw


delete these files if listed:
0go40948.dll
C:\windows\eee2.exe
C:\Program Files\Waqukw\Trmyzcp.exe
C:\WINDOWS\system32\hr4805hue.dll


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 05:13 PM

Okay, I did that all

here is the log

Logfile of HijackThis v1.99.1
Scan saved at 6:12:22 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120660573468
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...687/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 05:16 PM

whenever i turn my computer on something comes up that says 'error loading 0go40980.dll ,

Is this error gone?

How's it running?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 05:17 PM

Yeah, it didnt do that this time

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 05:19 PM

Please download System Security Suite. Extract it from the zip file into a folder.
here.

Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.

Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 05:23 PM

what do you mean all but the last?

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 05:35 PM

If you look what's displayed, you'll see item that you place checks by to clean. place a checkmark in all of them but the last.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 freedomexists

freedomexists

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 February 2006 - 05:46 PM

Well my computer seems fine and im not getting that error anymore

heres the log

Logfile of HijackThis v1.99.1
Scan saved at 6:44:01 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120660573468
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...687/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 February 2006 - 06:13 PM

Good Job :thumbup:


Log looks good :D

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·