revop.c is ruining my life

Discussion in 'Trojan Defence Suite' started by jmoriconi, Jul 18, 2004.

Thread Status:
Not open for further replies.
  1. jmoriconi

    jmoriconi Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    4
    I can not get rid of it here is my hijack this log


    Logfile of HijackThis v1.97.7
    Scan saved at 8:57:51 PM, on 7/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\ndw\ndw.exe
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\Program Files\Bargain Buddy\bin2\bargains.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\program files\internet optimizer\sim\msbb.exe
    C:\WINDOWS\System32\ainklfxa.exe
    C:\Program Files\Internet Optimizer\actalert.exe
    C:\WINDOWS\system32\Wtablet\TabUserW.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://try-this-search.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://try-this-search.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {40AE642E-E81B-59C0-8221-645579D0284B} - C:\WINDOWS\System32\hcybpwf.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ndw] C:\Program Files\ndw\ndw.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [msbb] c:\program files\internet optimizer\sim\msbb.exe
    O4 - HKLM\..\Run: [tyjmv] C:\WINDOWS\tyjmv.exe
    O4 - HKCU\..\Run: [Scan Spyware] "C:\Program Files\ScanSpyware v3.6\Scanner.exe"
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Hwgnxgdq] C:\WINDOWS\System32\ainklfxa.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O15 - Trusted Zone: *.mt-download.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...01aac9f321a6:9ca562aa156b373be2355a7ee2b861c7
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi jmoriconi :)

    Welcome to Wilders.

    Since u have already posted your log here,

    https://www.wilderssecurity.com/showthread.php?t=41916

    which i moved from Trojans and Backdoors to the Hijack cleaning forum for better attention, this one will be removed shortly.

    Please do not cross post as it just makes it confusing for the people trying to help u.

    Thread closed.



    snowbound
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there jmoriconi, welcome to the forum,
    Since you posted in the TDS forum, i'll give you a TDS reply, as TDS does detect the revop versions and can help you cleaning it out.

    Go to the TDS site, www.diamondcs.com.au
    Download TDS, close all other scanners inclusive their resident protection, ++>>for your AVG please open the AVG GUI, uncheck all the options so the systray icon greys out and close it again,
    install TDS, back on the TDS download page get the latest radius.td3 update
    Reboot if you hadn't done so after the install
    Let TDS do it's initial startup scans,
    now go the TDS > System testing > Scan Control , check all scan options on both tabs to scan everything,
    save scan configuration,
    let it do a full system scan
    Make sure all other scanners are still closed and unnecessary applications and browsers are closed to give TDS as much space as possible to speed up the scanning process, and have a coffee away from the system.
    ++>>It is important to keep especially yuour AVG closed as it has the habit to hide files for other scanners.
    When it's ready, in the bottom console you'll have some alerts. Rightclick on one of them, save to text, (scandump.txt) which you can paste in your next posting, so we can help you advising what to do with each find.

    On the DiamondCS site you see more nice programs and tools, of which many even all free.

    In the meantime you might have expert help on the HJT log, this can take some time as you've seen the experts are really overloaded with lots of HJT logs but please try to be patient and best don't bump up your thread as they work from the bottom on the oldest postings first.
    So let's see what all together brings you to get your system all nice and clean.


    I see you have files pretending to be what they are not, like that WindUpd in
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\Program Files\WindUpdates\WinKA.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...2355a7ee2b861c7
    , and several more;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://try-this-search.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://try-this-search.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll

    but for that part wait till the HJT experts come to you in that forum.
    You might like to close them from the taskmanager so you can delete them.
    TDS can help you a lot already getting the nasty angles out of your system and avoiding dangerous situations.
    Did you ever try also SpybotS&D and Ad-aware?
     
    Last edited: Jul 20, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.