yuhmme / t11470.tjgo.com

Discussion in 'adware, spyware & hijack cleaning' started by **Monica**, Apr 5, 2004.

Thread Status:
Not open for further replies.
  1. **Monica**

    **Monica** Guest

    Hi! could sombody help me?
    it's about 4 monthes that i have the yuhmee in my computer and my internet explorer doesn't work well. I cannot browse.
    The CPU usage inthe task manager is always over 80 or 90% and i have to restart.
    When i run adware and spyboot nothing comes out but Spyhunter finds T11470.tjgo.com everytime i start my computer or when i try to go on the internet. I've follewed your instructions, this is my log:

    Logfile of HijackThis v1.97.7
    Scan saved at 02:15:57, on 06/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Symantec\Ghost\ngserver.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\WINDOWS\System32\LXSUPMON.EXE
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Winamp\Winampa.exe
    D:\Program Files\Symantec\Ghost\bin\dbserv.exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Symantec\Ghost\bin\rteng7.exe
    D:\WINDOWS\System32\taskmgr.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lacasadialice.it/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
    O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
    O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
    O1 - Hosts: 66.98.178.19 2001-007.com
    O1 - Hosts: 66.98.178.19 ad-logics.com
    O1 - Hosts: 66.98.178.19 ad.trafficmp.com
    O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
    O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
    O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
    O1 - Hosts: 66.98.178.19 adlog.com.com
    O1 - Hosts: 66.98.178.19 admanmail.com
    O1 - Hosts: 66.98.178.19 ads.specificpop.com
    O1 - Hosts: 66.98.178.19 adtech.de
    O1 - Hosts: 66.98.178.19 askmen.thruport.com
    O1 - Hosts: 66.98.178.19 banner.0catch.com
    O1 - Hosts: 66.98.178.19 bilbo.counted.com
    O1 - Hosts: 66.98.178.19 c1.statcounter.com
    O1 - Hosts: 66.98.178.19 c1.thecounter.com
    O1 - Hosts: 66.98.178.19 c2.gostats.com
    O1 - Hosts: 66.98.178.19 c2.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
    O1 - Hosts: 66.98.178.19 cashcounter.com
    O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
    O1 - Hosts: 66.98.178.19 clit6.sextracker.com
    O1 - Hosts: 66.98.178.19 clit8.sextracker.com
    O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
    O1 - Hosts: 66.98.178.19 counter.aaddzz.com
    O1 - Hosts: 66.98.178.19 counter.bloke.com
    O1 - Hosts: 66.98.178.19 counter.hitslink.com
    O1 - Hosts: 66.98.178.19 counter.yadro.ru
    O1 - Hosts: 66.98.178.19 counter14.sextracker.com
    O1 - Hosts: 66.98.178.19 counter16.bravenet.com
    O1 - Hosts: 66.98.178.19 counter17.bravenet.com
    O1 - Hosts: 66.98.178.19 counter2.hitslink.com
    O1 - Hosts: 66.98.178.19 counter26.bravenet.com
    O1 - Hosts: 66.98.178.19 counter32.bravenet.com
    O1 - Hosts: 66.98.178.19 counter34.breavenet.com
    O1 - Hosts: 66.98.178.19 counter41.bravenet.com
    O1 - Hosts: 66.98.178.19 counter47.bravenet.com
    O1 - Hosts: 66.98.178.19 counter6.sextracker.com
    O1 - Hosts: 66.98.178.19 counter8.bravenet.com
    O1 - Hosts: 66.98.178.19 data.coremetrics.com
    O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
    O1 - Hosts: 66.98.178.19 dwclick.com
    O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
    O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.hitbox.com
    O1 - Hosts: 66.98.178.19 fastclick.net
    O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
    O1 - Hosts: 66.98.178.19 flycast.com
    O1 - Hosts: 66.98.178.19 g-wizzads.net
    O1 - Hosts: 66.98.178.19 gostats.com
    O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
    O1 - Hosts: 66.98.178.19 hc2.humanclick.com
    O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
    O1 - Hosts: 66.98.178.19 hit37.chark.dk
    O1 - Hosts: 66.98.178.19 hitbox.com
    O1 - Hosts: 66.98.178.19 hits.webstat.com
    O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
    O1 - Hosts: 66.98.178.19 imp.clickability.com
    O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
    O1 - Hosts: 66.98.178.19 insightfirst.com
    O1 - Hosts: 66.98.178.19 int.sitestat.com
    O1 - Hosts: 66.98.178.19 jkearns.freestats.com
    O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
    O1 - Hosts: 66.98.178.19 logs.comics.com
    O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
    O1 - Hosts: 66.98.178.19 media101.sitebrand.com
    O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
    O1 - Hosts: 66.98.178.19 mt122.mtree.com
    O1 - Hosts: 66.98.178.19 nedstat.s0.nl
    O1 - Hosts: 66.98.178.19 nl.sitestat.com
    O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
    O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
    O1 - Hosts: 66.98.178.19 perso.estat.com
    O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
    O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
    O1 - Hosts: 66.98.178.19 prof.estat.com
    O1 - Hosts: 66.98.178.19 s10.sitemeter.com
    O1 - Hosts: 66.98.178.19 s11.sitemeter.com
    O1 - Hosts: 66.98.178.19 s12.sitemeter.com
    O1 - Hosts: 66.98.178.19 s13.sitemeter.com
    O1 - Hosts: 66.98.178.19 s14.sitemeter.com
    O1 - Hosts: 66.98.178.19 s15.sitemeter.com
    O1 - Hosts: 66.98.178.19 s16.sitemeter.com
    O1 - Hosts: 66.98.178.19 s2.statcounter.com
    O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\8313\redirect.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NGServer] D:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [LXSUPMON] D:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [MCUpdateExe] D:\DOCUME~1\Simon\LOCALS~1\Temp\McUpdate.exe
    O4 - HKCU\..\Run: [RamBooster] D:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {72E0F892-B9F1-451D-95A3-2E6C1F45C0DD} (Redirect Control) - http://www.lacasadialice.it/video/cab/Redirect.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.9337847222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab


    thank you so much. **monica**
     
    **Monica**, Apr 5, 2004
    #1
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Monica,

    Welcome to Wilders.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O1 - Hosts: 66.98.178.19 <-- ALL of these entries

    O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\8313\redirect.dll

    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

    Download CWShredder and run. Be sure ALL other windows are closed use the Fix button and follow the instructions you will receive.

    Please run msconfig to change to a normal complete start up.

    Then reboot in Safe Mode and delete the following:

    c:\progra~1\ddm\ <-- entire folder

    Reboot and update your copy of Windows by going HERE. This will help cut down on your chances of reinfestation.

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
    puff-m-d, Apr 5, 2004
    #2
  3. **Monica**

    **Monica** Guest

    Hello Kent!
    than you for your answer, i've done what you suggestged me to do.
    This my fresh hijackthis log, the pc usage is still over 80 % and the t11470.tjgo.com is always there.

    Monica

    Logfile of HijackThis v1.97.7
    Scan saved at 19:10:39, on 06/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Symantec\Ghost\ngserver.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\Program Files\Symantec\Ghost\bin\dbserv.exe
    D:\WINDOWS\System32\LXSUPMON.EXE
    D:\Program Files\Symantec\Ghost\bin\rteng7.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Winamp\Winampa.exe
    D:\Program Files\SpyHunter\SpyHunter.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    D:\WINDOWS\System32\taskmgr.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lacasadialice.it/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NGServer] D:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [LXSUPMON] D:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] D:\DOCUME~1\Simon\LOCALS~1\Temp\McUpdate.exe
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [SpyHunter] D:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MuseNET] D:\Program Files\DivX\Mastermind\Muse.exe
    O4 - HKCU\..\Run: [RamBooster] D:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {72E0F892-B9F1-451D-95A3-2E6C1F45C0DD} (Redirect Control) - http://www.lacasadialice.it/video/cab/Redirect.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.9337847222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
    **Monica**, Apr 6, 2004
    #3
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Monica,

    Were you able to boot to safe mode and delete the following folder?
    C:\program files\ddm\ <-- entire folder
    It is still showing up in your log.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [MCUpdateExe] D:\DOCUME~1\Simon\LOCALS~1\Temp\McUpdate.exe
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"

    Then reboot in Safe Mode and delete the following:

    C:\program files\ddm\ <-- entire folder
    D:\DOCUME~1\Simon\LOCALS~1\Temp\ <-- Do not delete the folder but open it and delete all of its contents.

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent

    Edit: My apologies Monica, but I missed one item and needed to add it.

    Also I would strongly advise you to remove Spy Hunter as it is not very good at doing what it is supposed to.
    Two trusted freware spyware removal programs (I recommend having them both as one may catch what the other may not, since they update at different times):
    Spybot Search&Destroy
    SpybotS&D Setup Tutorial.
    Ad-Aware
    Ad-Aware Setup Tutorial.
    Before scanning with either Ad-Aware or Spybot S&D, remember to bring them up-to-date first.
     
    puff-m-d, Apr 6, 2004
    #4
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Just one thing to suggest

    D:\DOCUMENTS & SETTINGS\Simon\LOCAL SETTINGS\Temp
    is normally a hidden file so to be able to find it to empty it do this please

    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"
     
    dvk01, Apr 6, 2004
    #5
  6. **Monica**

    **Monica** Guest

    Kent!
    C:\program files\ddm\ has been deleted in SAFE MODE, even the contents of D:\DOCUMENTS & SETTINGS\Simon\LOCAL SETTINGS\Temp.
    I have followed the instructions you gave me...
    I have dl Ad-aware and Spybot update and followed the setup tutorial... I removed spy hunter.
    this is the fresh hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 21:11:17, on 06/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Symantec\Ghost\ngserver.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Symantec\Ghost\bin\dbserv.exe
    D:\Program Files\Symantec\Ghost\bin\rteng7.exe
    D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\WINDOWS\System32\LXSUPMON.EXE
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Winamp\Winampa.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lacasadialice.it/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NGServer] D:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [LXSUPMON] D:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SpyHunter] D:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MuseNET] D:\Program Files\DivX\Mastermind\Muse.exe
    O4 - HKCU\..\Run: [RamBooster] D:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {72E0F892-B9F1-451D-95A3-2E6C1F45C0DD} (Redirect Control) - http://www.lacasadialice.it/video/cab/Redirect.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.9337847222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

    Monica
     
    **Monica**, Apr 6, 2004
    #6
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Monica,

    Your log looks clean now...
    Has your CPU usage problem gone away?

    Regards,
    Kent
     
    puff-m-d, Apr 6, 2004
    #7
  8. **Moniuca**

    **Moniuca** Guest

    Iit seems that i have no more problem with the yuhmee page that used to stop my internet browse.
    When i go in the windows task manager / processes../ System idle process is still taking over 90% of the CPU usage!!!!! for now my pc doesn't work slowly. But the green LED show only 2 o 4 % CPU usage!!!! I'll tell you in a few houres.
    Mmmmmmm.....
    thanx. M
     
    **Moniuca**, Apr 6, 2004
    #8
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Monica,

    What process is using most of your CPU?

    Regards,
    Kent
     
    puff-m-d, Apr 6, 2004
    #9
  10. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    System idle process is SUPPOSED to use most of your cpu power when you aren't doing anything else

    It's an inbuilt device in XP to stop the processer overheating & locking up
     
    dvk01, Apr 7, 2004
    #10
  11. **Monica**

    **Monica** Guest

    Right! System idle process use most of my cpu power when i'm not doint anything. :)
     
    **Monica**, Apr 7, 2004
    #11
  12. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Oops........ Missed that :rolleyes: !!!

    Kent
     
    puff-m-d, Apr 7, 2004
    #12
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...