Help! I have a problem with Andy1!!!

Discussion in 'adware, spyware & hijack cleaning' started by CyJack, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. CyJack

    CyJack Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    1
    It is a little blue box with a yellow X on it. Every time I delete it, it reappears soon after. I have run ad-aware 6, reset my temporary internet files, and cleared my history. I am certainly not knowledgable in how to remove things like this. Here is what I got from HiJackthis:

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 213.159.117.235 auto.search.msn.com
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O3 - Toolbar: o_O?? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: o_O?? - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\downlo~1\DDTONG~1.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [abaak] regedit -s c:\winnt\system32\winlog\WIN32log.cer
    O4 - HKLM\..\Run: [ziqlog] regedit -s c:\winnt\system32\winlog\WIN32log.cer
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [Sys32] regedit -s C:\$NtUninstallQ303030$\WINSYS.cer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
    O4 - HKLM\..\Run: [cncrack] http://www.123124.com
    O4 - HKLM\..\Run: [BIE] Rundll32.exe C:\WINNT\DOWNLO~1\BDSrHook.dll,Rundll32
    O4 - HKLM\..\Run: [Ntech.patchs] C:\WINNT\system32\EF44.exe
    O4 - HKLM\..\Run: [mssysint] iexplore.exe
    O4 - Startup: NTUSER.DAT
    O4 - Startup: ntuser.dat.LOG
    O4 - Startup: ntuser.ini
    O4 - Global Startup: ntuser.pol
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O11 - Options group: [!IESearch] !IESearch
    O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
    O16 - DPF: {11311111-1111-1111-1111-11111121115F} - file://C:\Recycled\Q381010.exe
    O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B74} (IDDTInitObj Class) - http://image2.sina.com.cn/home/source/ddt.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FEE9158-E865-4074-953D-16A4A3C639A7}: NameServer = 202.101.224.68 202.101.226.68
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi CyJack,

    I'm afraid your log is incomplete and missing valuable information (the top most part of the log) that we need to see in order to help you.

    Please first make sure you have the recent version of hijackthis:
    You can download it from here: https://www.wilderssecurity.com/showthread.php?t=12516

    Once you have downloaded HijackThis, create a new, permanent folder on your C drive and unzip Hijackthis.exe into the new folder. Run the program, then when the scan is finished, the "Scan" button will then change to a "Save Log" button. Press the "Save Log" button. Copy and paste the entire contents of the log here in this thread. Make sure to include the top portion where it shows the version of Hijackthis, the operating system, the scan time and date, the version of Internet Explorer, and the list of running processes.
    NOTE: Most of what it lists will be harmless and even essential - so, do NOT fix anything yet.

    Then make sure you have downloaded, installed and ran both the latest version of AdAware6 and Spybot Search&Destroy.
    Download links and instructions can be found here

    Next, do an on-line virus scan: Free Services

    And make sure to visit Microsoft's Update Site and have all the Critical Updates listed for XP and IE6 installed.

    Post a new Hijackthis log here to be checked. Someone will review your log and give you instructions on what needs to be fixed.

    Regards,

    snap
     
Thread Status:
Not open for further replies.