Help needed

Discussion in 'adware, spyware & hijack cleaning' started by Shanamaj, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. Shanamaj

    Shanamaj Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    1
    I have constant problems with spywares & hijackers and I don't seem to be able to fix them with my spyware tools and heaps of tutorials online.
    Please help me

    Logfile of HijackThis v1.97.7
    Scan saved at 01:43:13, on 2004-07-09
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\IBM\Bluetooth Software\bin\btwdins.exe
    C:\Program\Diskeeper\DkService.exe
    C:\Program\LF Connection Keeper\lfck.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Norman\NVC\BIN\ZANDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WinGate\WinGate.exe
    C:\WINDOWS\Explorer.EXE
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Program\DOWNLO~1\DAP.EXE
    C:\Program\NetPeeker\NPGUI.exe
    C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Utopia\Angel\Angel.exe
    C:\Program\mIRC\Pulse\Pulse.exe
    C:\Program\IBM\Bluetooth Software\BTTray.exe
    C:\Program\Trillian\trillian.exe
    C:\Program\Avant Browser\iexplore.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\javaw.exe
    C:\Program\Babylon\Babylon.exe
    C:\Program\Winamp\winamp.exe
    D:\spel\CounterStrike\platform\Steam.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Program\mIRC\mirc.exe
    C:\Program\BulletProofSoft.com\SpywareRemover\Spyware.exe
    C:\Program\BulletProofSoft.com\SpywareRemover\F2D94EEE.DLL
    C:\Program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\Program\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program\Download Accelerator Plus\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program\Download Accelerator Plus\DAPIEBar.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\Program\DOWNLO~1\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [NetPeeker] C:\Program\NetPeeker\NPGUI.exe Minimize
    O4 - HKLM\..\Run: [Babylon Client] C:\Program\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKCU\..\Run: [Angel] C:\Utopia\Angel\Angel.exe
    O4 - HKCU\..\Run: [Pulse] C:\Program\mIRC\Pulse\Pulse.exe -splash
    O4 - HKCU\..\Run: [Trillian] C:\Program\Trillian\trillianpro.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Download with &DAP - C:\Program\DOWNLO~1\dapextie.htm
    O8 - Extra context menu item: Blockera alla bilder från samma sida - C:\Program\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program\DOWNLO~1\dapextie2.htm
    O8 - Extra context menu item: Lägg till i AD Svartlistan - C:\Program\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Markera - C:\Program\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\IBM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Sök - C:\Program\Avant Browser\Search.htm
    O8 - Extra context menu item: Öppna alla länkar på sidan... - C:\Program\Avant Browser\OpenAllLinks.htm
    O9 - Extra 'Tools' menuitem: Sun Java-konsol (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: ICQ 4.1 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/sv/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://for100.dk/tsweb/msrdp.cab
    O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.5076736111
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - http://216.127.51.94/g_bin_eng/billard8_2_0_0_6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9340C200-AC93-4F6C-ABD9-E3D41D5DDB1D}: NameServer = 195.67.199.9,195.67.199.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F459A2EE-86EB-4455-BE77-A3059D92895A}: NameServer = 195.67.199.12,195.67.199.13
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
     
    Last edited: Jul 8, 2004
    Shanamaj, Jul 5, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...