nouveau' hijack log

Discussion in 'adware, spyware & hijack cleaning' started by Nouveau, Feb 21, 2004.

Thread Status:
Not open for further replies.
  1. Nouveau

    Nouveau Registered Member

    Joined:
    Feb 14, 2004
    Posts:
    6
    Wow! I'm so impressed by the devotion of you both, Pieter_Arntz & Subratam! :')

    Thanks, Subratam for you help & link! :D

    I just downloaded (again) & updated AD-AWARE & SPYBOT S&D (Step 1 & 2). I just finished scaning & cleaning using them. No spywares! Feww! Thanks, Pieter_Arntz! :D

    Step 3: I also downloaded HiJackThis, and here is the Log, after the scan:


    Logfile of HijackThis v1.97.7
    Scan saved at 7:17:29 PM, on 2/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    D:\TEMP\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'wps.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.1992476852
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AC851CC-9553-4D81-8FDB-0CAFFEC8C34B}: NameServer = 198.235.216.110 209.226.175.224





    Pieter_Arntz, Subratam, are you still there? Can you read this log, please? Sincerely, I don't understand anything of it! :doubt:

    Usually I don't like reading, especially technical stuff, but today I had to read a lot! Thanks again, Pieter_Arntz & Subratam & all the people who read my post!

    Again: Please Help!

    Regards
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I've split/moved this post to here from over there so it will get the attention it may need ;)

    Detox
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Nice log. :cool:

    Always good to see a clean one.

    Regards,

    Pieter
     
  4. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hi nouveau,

    there you are... got master's confirmation :)... and now just control your desires ;).. and surf safe

    take care
     
  5. Nouveau

    Nouveau Registered Member

    Joined:
    Feb 14, 2004
    Posts:
    6
    Hi, Pieter_Arntz & Subratam!

    First of all, please accept my apologies & please pardon my insolence for not thanking you earlier: I just read your messages! :oops:

    Right after I posted my last post, last week, I made a disk cleanup, and my computer kept asking "please insert Windows XP Service Pack 1" (or something like that) several times, but I always chose the option "cancel", etc. And it took, strangely, +5 minutes to do that (the cleanup), rather than the usual 1-2 minutes! :eek: The next day... I coudn't use my computer anymore!! I got a blank screen with a message "please insert ... and press any key"! :'( :mad:

    So my sister took it to her home and reformat & reinstall...! :oops:

    Thank you, Pieter_Arntz, for taking some of your precious time to study my log! :') :D

    Yes, Subratam, I will bow to the earth before the master!

    ... :oops: ... Thank you for your very wise advices: I will surf the Net less often! :oops:

    Thanks to the moderator Detox for "I've split your Hijackthis log from here and moved it to where it will get the attention it needs". Big thanks for your attention & care for my little person! :')

    Big thanks to Pieter_Arntz & Subratam for taking the time to study my log & for advicing me what to do & Thanks for everything! :D

    Regards & take a good care of yourselves & each others!
     
Thread Status:
Not open for further replies.