|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
June 27th, 2004, 06:55 PM
|
|||
|
|||
I'M DESPERATE!!!
i had a hot xxx dialer and program installed on my compuer, and i can't get rid of it, i tried everythin, i even read someoen's else's post about the smae problem, and i tried what they were told to do, but ti dnd't work for me, did safe mood and everythin, here's my hijackthis log, anyone at all please help me!!!!
Logfile of HijackThis v1.97.7 Scan saved at 22:38:41, on 27/06/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\LXSUPMON.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\WINNT\loadqm.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\WINNT\shman.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\WINNT\System32\ctfmon.exe C:\WINNT\System32\windll32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\cclaw.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE C:\DOCUME~1\domah\LOCALS~1\Temp\lesbians.exe C:\Documents and Settings\domah\My Documents\My Download Files\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://heeryz.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll O3 - Toolbar: (no name) - {82BC47E6-D966-4B4A-87BA-C95780CDBF6C} - (no file) O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll (file missing) O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QTSvc] C:\WINNT\shman.exe /i O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [HotXXX] C:\WINNT\HotXXX.exe -n O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\System32\windll32.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/ O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.com/activex/launcher.ocx O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14...4.0.0.17_c.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...934.5048958333 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8075D361-F83C-43C3-9660-FD10E97DEAAE}: NameServer = 193.38.113.3 194.117.157.4 thank you anyone that can help me!!! |
|
#2
June 27th, 2004, 07:56 PM
|
||||
|
||||
Re: I'M DESPERATE!!!
Hi domah
Download cwshredder here Close all browser windows and click on the fix/next button. Check the following items in HijackThis - close ALL windows\browsers except Hijackthis and click "Fix checked": C:\WINNT\System32\windll32.exe C:\DOCUME~1\domah\LOCALS~1\Temp\lesbians.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://heeryz.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll O3 - Toolbar: (no name) - {82BC47E6-D966-4B4A-87BA-C95780CDBF6C} - (no file) O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll (file missing) O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\System32\windll32.exe Optional: O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Any idea what this is? O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) If NOT - pls. check! O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab Then Boot to safe mode: Instructions here Make sure you can view hidden and system files: Instructions here NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them. Delete the following files\folders IF still present: C:\WINNT\System32\windll32.exe C:\DOCUME~1\domah\LOCALS~1\Temp\lesbians.exe C:\WINNT\System32\nzdd.dll Then reboot and use AdAware as described here: http://www.wilderssecurity.com/showthread.php?t=15913 Empty your Temporary Internet Files and history in Internet Options. And clean out your %Userprofile%\Local Settings\Temp folder. It's a good idea to do that regularly. Run HJT again and pls. post a FRESH log. Thanks. Pls. go to Windows Updates and get all critical patches. |
|
#3
June 29th, 2004, 02:11 PM
|
|||
|
|||
|
I'M SO DESPERATE!!!
i've been searching this website to fiind how to get rid of hotxxx. i've read all the posts that u have helped other ppl, and i have tried everything u have told these other ppl to do, but the list of fiels u tell these ppl to delelte, i do not have all of these file, in hijackthis, it is clear that the files are called something else, which is annoyin cos i do not kno wha they are called, lol, could u please please help me, since ur the only person who seems like they know what to do, thank you,darren, ~snipped~ @hotmail .com
hijckthis log: Logfile of HijackThis v1.97.7 Scan saved at 16:34:56, on 28/06/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\LXSUPMON.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\WINNT\loadqm.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\WINNT\shman.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\WINNT\HotXXX.exe C:\WINNT\System32\ctfmon.exe C:\WINNT\System32\windll32.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\cclaw.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kazaa Lite\kazaalite.kpp C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\System32\MsiExec.exe C:\Documents and Settings\domah\My Documents\My Download Files\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll O3 - Toolbar: (no name) - {82BC47E6-D966-4B4A-87BA-C95780CDBF6C} - (no file) O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll (file missing) O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QTSvc] C:\WINNT\shman.exe /i O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [HotXXX] C:\WINNT\HotXXX.exe -n O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\System32\windll32.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll" O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll" O4 - HKLM\..\RunOnce: [driversV2.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll" O4 - HKLM\..\RunOnce: [Cdbootable.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll" O4 - HKLM\..\RunOnce: [cdDataPS.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll" O4 - HKLM\..\RunOnce: [cdExtra.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll" O4 - HKLM\..\RunOnce: [cdmp3.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll" O4 - HKLM\..\RunOnce: [database.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll" O4 - HKLM\..\RunOnce: [ISO9660.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll" O4 - HKLM\..\RunOnce: [Joliet.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll" O4 - HKLM\..\RunOnce: [Udf.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll" O4 - HKLM\..\RunOnce: [creator.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll" O4 - HKLM\..\RunOnce: [Translator.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll" O4 - HKLM\..\RunOnce: [CDEngine.dll] c:\winnt\system32\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll" O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINNT\inf\unregmp2.exe /FixUps O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/ O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.com/activex/launcher.ocx O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14.../opinstall_en_ 4.0.0.17_c.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...934.5048958333 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8075D361-F83C-43C3-9660-FD10E97DEAAE}: NameServer = 193.38.113.3 194.117.157.4 Last edited by snapdragin : June 29th, 2004 at 04:28 PM. Reason: removed email addy for security reason - snap |
|
#4
June 29th, 2004, 04:05 PM
|
||||
|
||||
|
Re: I'M SO DESPERATE!!!
Hi domah
Check the following items in Hijackthis - close ALL windows\browsers except HijackThis and click "Fix checked": C:\WINNT\HotXXX.exe C:\WINNT\System32\windll32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - {82BC47E6-D966-4B4A-87BA-C95780CDBF6C} - (no file) O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll (file missing) O4 - HKLM\..\Run: [HotXXX] C:\WINNT\HotXXX.exe -n O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\System32\windll32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them. Make sure you can view hidden and system files: Instructions here Then Boot to safe mode: Instructions here Delete the following files\folders IF still present: C:\WINNT\HotXXX.exe C:\WINNT\System32\windll32.exe Then reboot and use AdAware as described here: http://www.wilderssecurity.com/showthread.php?t=15913 Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot. Run an on-line scan: Go for free online Virus scans here: http://housecall.trendmicro.com/hous...start_corp.asp http://www.pandasoftware.com/activescan/ Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself. Run HJT again and pls. post a FRESH log. Thanks. Could you pls. copy\paste the new log "as is" ? Thanks  |
|
#5
June 30th, 2004, 09:10 AM
|
|||
|
|||
|
Re: I'M DESPERATE!!! (merged)
hey, none of the stuff u told me to do worked at all, thought it did, but it didn't, it came back, i was jus tryin to post a fresh hijackthis log and it came back on and cut me off, lol, so here is the newesst fresh log, as is:
Logfile of HijackThis v1.97.7 Scan saved at 13:55:14, on 30/06/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\LXSUPMON.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\WINNT\loadqm.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\WINNT\shman.exe C:\WINNT\System32\ctfmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\cclaw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\ukc.exe C:\DOCUME~1\domah\LOCALS~1\Temp\lesbians.exe C:\Documents and Settings\domah\My Documents\My Download Files\hijackthis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QTSvc] C:\WINNT\shman.exe /i O4 - HKLM\..\Run: [HotXXX] C:\WINNT\HotXXX.exe -n O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/ O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.com/activex/launcher.ocx O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14...4.0.0.17_c.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...934.5048958333 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab and no i don't kno what those two things that u asked me about are, i didn't delete them tho so don't worry. please help me, bnothin is working, and it jus comes on to computer again n again, i'm gona kill my dad for goin on that stupid website, lol, pleas help as soon as u can, cos i need to do my psychology coursework, and can't do it when i keep gettin cut off the internet, thank you darren. x x x |
|
#6
June 30th, 2004, 09:16 AM
|
||||
|
||||
|
Re: I'M DESPERATE!!! (merged)
Hi domah,
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: O4 - HKLM\..\Run: [QTSvc] C:\WINNT\shman.exe /i O4 - HKLM\..\Run: [HotXXX] C:\WINNT\HotXXX.exe -n O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - Then reboot into safe mode and delete: C:\WINNT\shman.exe C:\WINNT\HotXXX.exe C:\DOCUMENTS AND SETTINGS\domah\LOCAL SETTINGS\Temp\lesbians.exe The Local Settings folder is hidden by default. See HERE for how to show hidden files/folders. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#7
June 30th, 2004, 09:39 AM
|
|||
|
|||
|
Re: I'M DESPERATE!!! (merged)
hey, i've jus done what u said, but their isa problem that worries me, there is still no dial tone when i conthe internet, and also the xxxserver dialer is still present, what should i do? and what's still wrong? here's my new log....
Logfile of HijackThis v1.97.7 Scan saved at 14:37:07, on 30/06/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\LXSUPMON.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\WINNT\loadqm.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINNT\System32\ctfmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\cclaw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\domah\My Documents\My Download Files\hijackthis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/ O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.com/activex/launcher.ocx O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14...4.0.0.17_c.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...934.5048958333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8075D361-F83C-43C3-9660-FD10E97DEAAE}: NameServer = 193.38.113.3 194.117.157.4 get back to em please! darren |
|
#8
June 30th, 2004, 09:44 AM
|
||||
|
||||
|
Re: I'M DESPERATE!!! (merged)
The dial tone was probably disabled by the dialer. That should be correctable in the modem settings somewhere.
What worries me more is that the dialer is still active. Or did you mean that the connection is still present on the connections tab of IE? Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#9
June 30th, 2004, 09:49 AM
|
|||
|
|||
|
Re: I'M DESPERATE!!! (merged)
hey,
what i meant was that the dialer was still present in my network connections window, so when i open control panel, network connections, and the xxxserver dialer is still there, how do i change the modem settings to go back to being able to hear the dailing tone? |
|
#10
June 30th, 2004, 10:06 AM
|
||||
|
||||
|
Re: I'M DESPERATE!!! (merged)
Quote:
In the connections window you should be able to rightclick and remove it now. Then click Start > Setting > Control Panel > Phone and Modem > highlight the modem that requires configuring. Then select Properties. On the general tab there should be a Volume slide. That is probably on the left hand side. Move it to the right. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#11
July 1st, 2004, 05:27 PM
|
|||
|
|||
|
Re: I'M DESPERATE!!! (merged)
hey, thanks so much for ur help, i think it is finally gone, altho it took some takin it is finally gone, or so appears so, lol, i still can't get the dial tone to sound, even tho i've changed the volume of the modem peaker to full, my new fresh as is hijackthis log is as follows:
Logfile of HijackThis v1.97.7 Scan saved at 22:21:22, on 01/07/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\WINNT\Explorer.EXE C:\WINNT\System32\LXSUPMON.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\WINNT\loadqm.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\WINNT\System32\ctfmon.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\NORMAN\Nvc\BIN\cclaw.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kpe\kpe.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\domah\My Documents\My Download Files\hijackthis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/ O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1F996EAE-3D97-4862-AA0E-27F257C089DE} (blueyonder Game Launcher Control) - http://www.bygames.com/activex/launcher.ocx O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14...4.0.0.17_c.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...934.5048958333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8075D361-F83C-43C3-9660-FD10E97DEAAE}: NameServer = 193.38.113.3 194.117.157.4 thanks again for all ur help, darren. |
|
#12
July 2nd, 2004, 05:03 AM
|
||||
|
||||
|
Re: I'M DESPERATE!!! (merged)
Hi domah,
Your log is clean now. Good job.  Maybe this can be of help in your quest for the lost dial-tone http://support.microsoft.com/default...b;en-us;326681 And you need some Windows Updates. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#13
July 4th, 2004, 10:02 AM
|
|||
|
|||
|
Re: I'M DESPERATE!!! (merged)
hey, yeah thanks for that, but i guess it's not rrealy a problem, since i have cleaned my computer of spyware, i have had some problems with it, the opistat won't work anymore, whatever that is, and also my svchost.exe keeps goin, which means that i can't open links and it's very annyoin since it happens every 5 mins adn i have to rezstart all the time, also my real download won't work at all, it says to reinstall teh product, adn i went onto real networks website but i couldn't find it, do u have any ideas on how to get my real download to work again and how to make my svchost stop goin all the time
 thanks, darren. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
