Jasonp Posted February 15, 2005 Report Share Posted February 15, 2005 I think this n>tepad.exe is messing my system up. I can't get rid of it, and its started interferring with other programs. I can't use Internet explorer anymore, and iTunes is totally messed up. this n>tepad is taking alot of mem. too. I've used your forums in the past to fix other problems, but I'm at my wits end with this. Here's hijack this, if its of any help. by the way, are there any good free virus scanners out there?JasonLogfile of HijackThis v1.98.2Scan saved at 12:14:31 AM, on 2/15/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SymTray.exeC:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exeC:\WINNT\system32\wfxsnt40.exeC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeD:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\AIM95\aim.exeC:\Documents and Settings\C400-171\Application Data\aatt.exeC:\WINNT\system32\n?tepad.exeD:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeD:\Program Files\iTunes\iTunes.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINNT\system32\wuauclt.exeC:\Documents and Settings\C400-171\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exeO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {1BA1342C-ED40-2DCB-8750-67557EF57861} - C:\WINNT\system32\gzyv.dll (file missing)O2 - BHO: (no name) - {A606E139-73D2-7626-879A-01A2AC813DC5} - C:\WINNT\system32\kjxieoju.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C53E6853-F8C0-A547-B56E-FE7A96B60EE4} - C:\WINNT\system32\lahnuf.dllO2 - BHO: (no name) - {DBB5C56B-5EAA-0022-DC68-0EC54C7E10E6} - C:\WINNT\system32\oybh.dll (file missing)O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exeO4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetRegO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [zeb0] C:\winnt\temp\zeb0.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [intdctrr] C:\WINNT\system32\idctup20.exeO4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exeO4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exeO4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [Poao] C:\Documents and Settings\C400-171\Application Data\aatt.exeO4 - HKCU\..\Run: [Dahhp] C:\WINNT\system32\n?tepad.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab Link to post Share on other sites
mikex Posted February 15, 2005 Report Share Posted February 15, 2005 (edited) I found this. and this.Google did not have a whole lot.Also you should create a folder in C: for HiJackThis. M Edited February 15, 2005 by mikex Link to post Share on other sites
tg1911 Posted February 15, 2005 Report Share Posted February 15, 2005 Here's a couple of good, free, anti-viruses:AVGAvast Anti-virus Link to post Share on other sites
Dan Posted February 15, 2005 Report Share Posted February 15, 2005 (edited) Someone please move this log to the HJT Section.Also, I see that you have malware in your log. Please go to http://housecall.trendmicro.com/housecall/start_corp.aspand/or http://www.pandasoftware.com/activescan/ac...ef=EN-PR-AS-107Run those scans, and delete all they find.Download HijackThis 1.99.0 from http://dknoppix.com/Downloads/HijackThis.exe.Put it into a folder such as C:\HJT.Open HijackThis, and press the "Scan" button. That will soon turn into a "Save Log" button. Save the log, and post the contents of it here.dk Edited February 15, 2005 by dknoppix Link to post Share on other sites
Jasonp Posted February 15, 2005 Author Report Share Posted February 15, 2005 Thanks guys, heres the updated log. Also, it appears n>tepad.exe is still active, and rbkiller didn't find anything? Oh, wheres the hjt forum?thanks againJasonLogfile of HijackThis v1.99.0Scan saved at 11:07:51 AM, on 2/15/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SymTray.exeC:\WINNT\system32\wfxsnt40.exeC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeD:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\AIM95\aim.exeC:\Documents and Settings\C400-171\Application Data\aatt.exeD:\Program Files\iPod\bin\iPodService.exeC:\WINNT\system32\n?tepad.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINNT\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Grisoft\AVG Free\avgcc.exeC:\hijack this\HijackThis-1.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exeO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {1BA1342C-ED40-2DCB-8750-67557EF57861} - C:\WINNT\system32\gzyv.dll (file missing)O2 - BHO: (no name) - {A606E139-73D2-7626-879A-01A2AC813DC5} - C:\WINNT\system32\kjxieoju.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C53E6853-F8C0-A547-B56E-FE7A96B60EE4} - C:\WINNT\system32\lahnuf.dllO2 - BHO: (no name) - {DBB5C56B-5EAA-0022-DC68-0EC54C7E10E6} - C:\WINNT\system32\oybh.dll (file missing)O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exeO4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetRegO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [zeb0] C:\winnt\temp\zeb0.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [intdctrr] C:\WINNT\system32\idctup20.exeO4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exeO4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exeO4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [Poao] C:\Documents and Settings\C400-171\Application Data\aatt.exeO4 - HKCU\..\Run: [Dahhp] C:\WINNT\system32\n?tepad.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: Sophos Anti-Virus Network - Unknown - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)O23 - Service: Sophos Anti-Virus - Unknown - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing) Link to post Share on other sites
JSKY Posted February 15, 2005 Report Share Posted February 15, 2005 Moved to HighjackThis Log Section Link to post Share on other sites
Dan Posted February 16, 2005 Report Share Posted February 16, 2005 Hi Jasonp,I am looking at your log, and will have a responce soon.dk Link to post Share on other sites
Dan Posted February 16, 2005 Report Share Posted February 16, 2005 Hi Jasonp,This morning HijackThis version 1.99.1 has come out. Please download that from http://dknoppix.com/Downloads/HijackThis.exePost a new log with that version.Thanks,dk Link to post Share on other sites
Jasonp Posted February 19, 2005 Author Report Share Posted February 19, 2005 Ok, here is the new logfile of Hijack this. Thanks again. What do you think?JasonLogfile of HijackThis v1.99.1Scan saved at 2:40:36 PM, on 2/19/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SymTray.exeC:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exeC:\WINNT\system32\wfxsnt40.exeC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeD:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeD:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\AIM95\aim.exeC:\Documents and Settings\C400-171\Application Data\aatt.exeC:\WINNT\system32\n?tepad.exeC:\WINNT\System32\svchost.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\hijack this\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exeO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {1BA1342C-ED40-2DCB-8750-67557EF57861} - C:\WINNT\system32\gzyv.dll (file missing)O2 - BHO: (no name) - {A606E139-73D2-7626-879A-01A2AC813DC5} - C:\WINNT\system32\kjxieoju.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C53E6853-F8C0-A547-B56E-FE7A96B60EE4} - C:\WINNT\system32\lahnuf.dllO2 - BHO: (no name) - {DBB5C56B-5EAA-0022-DC68-0EC54C7E10E6} - C:\WINNT\system32\oybh.dll (file missing)O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dllO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exeO4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetRegO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [zeb0] C:\winnt\temp\zeb0.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [intdctrr] C:\WINNT\system32\idctup20.exeO4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exeO4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exeO4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [Poao] C:\Documents and Settings\C400-171\Application Data\aatt.exeO4 - HKCU\..\Run: [Dahhp] C:\WINNT\system32\n?tepad.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing) Link to post Share on other sites
tj416 Posted February 23, 2005 Report Share Posted February 23, 2005 (edited) Hi Jasonp,Step 11. Download and Install Spybot S&D, accepting the Default Settings2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.3. Close ALL windows except Spybot S&D4. Click the button to ‘Search for Updates’ then download and install the Updates.5. Next click the button ‘Check for Problems’ 6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window7. Make certain there is a check mark beside all of the RED entries ONLY.8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.9.REBOOT to complete the scan and clear memory.Step 21. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan2.Close ALL windows except Ad-Aware SE3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window1) In the ‘General’ window make sure the following are selected in green:*Automatically save log-file*Automatically quarantine objects prior to removal*Safe Mode (always request confirmation)Under Definitions:*Prompt to udate outdated definitions - set the number of days2) Click on the ‘Scanning’ button on the left and select in green :Under Driver, Folders & Files:*Scan Within ArchivesUnder Select drives & folders to scan -*choose all hard drivesUnder Memory & Registry: all green*Scan Active Processes*Scan Registry*Deep Scan Registry*Scan my IE favorites for banned URL’s*Scan my Hosts file3) Click on the ‘Advanced’ button on the left and select in green:Under Shell Integration:*Move deleted files to recycle binUnder Logfile Detail Level: (all green)*include addtional object information*DESELECT - include negligible objects information*include environment informationUnder Alternate Data Streams:*Don't log streams smaller than 0 bytes*Don't log ADS with the following names: CA_INOCULATEIT4) Click the ‘Tweak’ button and select in green:Under ‘Scanning Engine’:*Unload recognized processes during scanning*Scan registry for all users instead of current user onlyUnder ‘Cleaning Engine’:*Let Windows remove files in use at next rebootUnder Log Files:*Include basic Ad-aware SE settings in logfile*Include additional Ad-aware SE settings in logfile*Please do not check: Include Module list in logfile5. Click on ‘Proceed’ to save the settings.6. Click ‘Start’*Choose:'Perform Full System Scan'*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically. 8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window9. Save the log file when it asks and then click ‘finish’10. REBOOT to complete the removal of what Ad-Aware SE found.Step 3Then, reboot and post a new log in this thread. Edited February 23, 2005 by tj416 Link to post Share on other sites
Canoeingkidd Posted May 28, 2005 Report Share Posted May 28, 2005 Due to the lack of feedback this Topic is closed. Link to post Share on other sites
Recommended Posts