kG_0o Posted December 5, 2005 Report Share Posted December 5, 2005 (edited) My computer's totally screwed. It's time I got it checked Logfile of HijackThis v1.99.1Scan saved at 10:50:13 PM, on 12/4/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\THOTKEY.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\IRMON.EXEC:\WINDOWS\SYSTEM\TPWRTRAY.EXEC:\WINDOWS\SYSTEM\ALISNDMG.EXEC:\PROGRAM FILES\APOINT\APOINT.EXEC:\WINDOWS\SYSTEM\TFNCKY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\WINDOWS\ZGVMYXVSDAAA\COMMAND.EXEC:\WINDOWS\SYSTEM\CTFMON.EXEC:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEC:\PROGRAM FILES\UUAR\AOAT.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\DESKTOP\SETUPS, CLEANERS, ETC\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearchR3 - URLSearchHook: (no name) - {EA3D0069-503C-67C5-F746-69D27C47029F} - C:\WINDOWS\Frpipirv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLLO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLLO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\SYSTEM\NAVSHEXT1.DLLO2 - BHO: (no name) - {E9393938-7926-1B6B-505E-1D137A755E23} - C:\WINDOWS\Frpipirv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLLO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLLO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLLO3 - Toolbar: Search - {6AC11E9A-DCC3-E912-4E5E-A8E9441C5D4B} - C:\WINDOWS\Frpipirv.dllO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [irMon] irmon.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exeO4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\SYSTEM\aupdate.exeO4 - HKLM\..\Run: [Command] C:\WINDOWS\ZGVmYXVsdAAA\command.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXEO4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -wO4 - HKCU\..\Run: [Pica] "C:\Program Files\uuar\aoat.exe" -vt yazrO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /backgroundO4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htmO8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXEO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cabO16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CABO21 - SSODL: aAaXiHwrZ - {1D3614EC-B79C-BE46-F0CF-019858310D48} - C:\WINDOWS\SYSTEM\GDV.DLL Edited December 5, 2005 by mE- Link to post Share on other sites
bozodog Posted December 5, 2005 Report Share Posted December 5, 2005 I'm not an expert, but I don't see and anti-virus, firewall, or TheseDo what you can to clean up the system with SpyBot and AdAware. Try a few on-line scans, like Trend Micro or Panda. Then post a new log. Link to post Share on other sites
Matt Posted December 5, 2005 Report Share Posted December 5, 2005 Hi mE-! Welcome to Besttechie! I will be assisting you in cleaning up your computer!.Please print out all directions given for use if/when you do not have access to this page.You have one or more viruses on your machine. Let's do a scan to see if we can't clean them up.Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido security suite.Reply back with a fresh HJT log, and the generated Ewido report.Matt Link to post Share on other sites
kG_0o Posted December 5, 2005 Author Report Share Posted December 5, 2005 err.. I'm using Windows ME here? :S It needs 2000 to be installed. Error msg.. i can't install it. Link to post Share on other sites
kG_0o Posted December 6, 2005 Author Report Share Posted December 6, 2005 (edited) okKAY.. I did a couple o things. First i ran the Spybot Search and Destroy. Secondly, i ran the Ad-Aware SE thingy. This is what my HJT log looks like now. .. Any better? :S My IE's still screwed coz when i type in a url, it redirects me to this search page. .. I'm tellin ya my comp's gone crazy ..Logfile of HijackThis v1.99.1Scan saved at 7:18:53 PM, on 12/5/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\THOTKEY.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\IRMON.EXEC:\WINDOWS\SYSTEM\TPWRTRAY.EXEC:\WINDOWS\SYSTEM\ALISNDMG.EXEC:\PROGRAM FILES\APOINT\APOINT.EXEC:\WINDOWS\SYSTEM\TFNCKY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\WINDOWS\ZGVMYXVSDAAA\COMMAND.EXEC:\WINDOWS\SYSTEM\CTFMON.EXEC:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEC:\PROGRAM FILES\UUAR\AOAT.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\DESKTOP\SETUPS, CLEANERS, ETC\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearchR3 - URLSearchHook: (no name) - {EA3D0069-503C-67C5-F746-69D27C47029F} - C:\WINDOWS\Frpipirv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLLO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLLO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO2 - BHO: (no name) - {E9393938-7926-1B6B-505E-1D137A755E23} - C:\WINDOWS\Frpipirv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLLO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLLO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLLO3 - Toolbar: Search - {6AC11E9A-DCC3-E912-4E5E-A8E9441C5D4B} - C:\WINDOWS\Frpipirv.dllO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [irMon] irmon.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exeO4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\SYSTEM\aupdate.exeO4 - HKLM\..\Run: [Command] C:\WINDOWS\ZGVmYXVsdAAA\command.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXEO4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -wO4 - HKCU\..\Run: [Pica] "C:\Program Files\uuar\aoat.exe" -vt yazrO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /backgroundO4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htmO8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXEO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cabO16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CABO21 - SSODL: aAaXiHwrZ - {1D3614EC-B79C-BE46-F0CF-019858310D48} - C:\WINDOWS\SYSTEM\GDV.DLL Edited December 6, 2005 by mE- Link to post Share on other sites
Matt Posted December 6, 2005 Report Share Posted December 6, 2005 (edited) mE-, my fault. You are not currently running an anti-virus. Please download, install, update, and scan with AVG FREE. An anti virus is vital tool that will prevent infections from getting on your PC. Also, please download a firewall. This will also stop intruders from getting onto your machine. Might I suggest Zone Alarm Free. Without these tools, both of us are waisting our time, as you need these to remain protected. Once you have installed both tools, and scanned with the AV, please post a new HJT log. Matt Edited December 6, 2005 by Matt Link to post Share on other sites
kG_0o Posted December 7, 2005 Author Report Share Posted December 7, 2005 i tried that it said i've got sum virus but my comp's so screwed that it hangs everytime i try to fix it... can u clean my HJT log plz .Logfile of HijackThis v1.99.1Scan saved at 8:20:22 PM, on 12/6/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\THOTKEY.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\IRMON.EXEC:\WINDOWS\SYSTEM\TPWRTRAY.EXEC:\WINDOWS\SYSTEM\ALISNDMG.EXEC:\PROGRAM FILES\APOINT\APOINT.EXEC:\WINDOWS\SYSTEM\TFNCKY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\WINDOWS\ZGVMYXVSDAAA\COMMAND.EXEC:\WINDOWS\SYSTEM\CTFMON.EXEC:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEC:\PROGRAM FILES\UUAR\AOAT.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\DESKTOP\SETUPS, CLEANERS, ETC\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearchR3 - URLSearchHook: (no name) - {EA3D0069-503C-67C5-F746-69D27C47029F} - C:\WINDOWS\Frpipirv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLLO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLLO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO2 - BHO: (no name) - {E9393938-7926-1B6B-505E-1D137A755E23} - C:\WINDOWS\Frpipirv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLLO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLLO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLLO3 - Toolbar: Search - {6AC11E9A-DCC3-E912-4E5E-A8E9441C5D4B} - C:\WINDOWS\Frpipirv.dllO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [irMon] irmon.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exeO4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\SYSTEM\aupdate.exeO4 - HKLM\..\Run: [Command] C:\WINDOWS\ZGVmYXVsdAAA\command.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXEO4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -wO4 - HKCU\..\Run: [Pica] "C:\Program Files\uuar\aoat.exe" -vt yazrO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /backgroundO4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htmO8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXEO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cabO16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CABO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37460.cabO21 - SSODL: aAaXiHwrZ - {1D3614EC-B79C-BE46-F0CF-019858310D48} - C:\WINDOWS\SYSTEM\GDV.DLL (file missing) Link to post Share on other sites
Matt Posted December 7, 2005 Report Share Posted December 7, 2005 Alright mE-, let's get started, shall we?Please print out these directions for use if/when you cannot access this page.Scan with HJT, and place a check next to the following items:R3 - URLSearchHook: (no name) - {EA3D0069-503C-67C5-F746-69D27C47029F} - C:\WINDOWS\Frpipirv.dllO2 - BHO: (no name) - {E9393938-7926-1B6B-505E-1D137A755E23} - C:\WINDOWS\Frpipirv.dllO3 - Toolbar: Search - {6AC11E9A-DCC3-E912-4E5E-A8E9441C5D4B} - C:\WINDOWS\Frpipirv.dllO4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\SYSTEM\aupdate.exeO4 - HKLM\..\Run: [Command] C:\WINDOWS\ZGVmYXVsdAAA\command.exeO4 - HKCU\..\Run: [Pica] "C:\Program Files\uuar\aoat.exe" -vt yazrO21 - SSODL: aAaXiHwrZ - {1D3614EC-B79C-BE46-F0CF-019858310D48} - C:\WINDOWS\SYSTEM\GDV.DLL (file missing)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Once in safe mode, find and delete the follwoing files/folders:C:\WINDOWS\Frpipirv.dllC:\WINDOWS\SYSTEM\aupdate.exeC:\WINDOWS\ZGVmYXVsdAAA\ (folder)C:\Program Files\uuar\ (folder)C:\WINDOWS\SYSTEM\GDV.DLLThen, reboot your computer normally, and post a new HJT log.Matt Link to post Share on other sites
kG_0o Posted December 7, 2005 Author Report Share Posted December 7, 2005 thankx a billion.. here --->Logfile of HijackThis v1.99.1Scan saved at 10:10:27 PM, on 12/6/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\THOTKEY.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\IRMON.EXEC:\WINDOWS\SYSTEM\TPWRTRAY.EXEC:\WINDOWS\SYSTEM\ALISNDMG.EXEC:\PROGRAM FILES\APOINT\APOINT.EXEC:\WINDOWS\SYSTEM\TFNCKY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\WINDOWS\SYSTEM\CTFMON.EXEC:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEC:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\DESKTOP\SETUPS, CLEANERS, ETC\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearchO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLLO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLLO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLLO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLLO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLLO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [irMon] irmon.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exeO4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXEO4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -wO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /backgroundO4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htmO8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLLO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXEO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXEO12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cabO16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CABO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37460.cab Link to post Share on other sites
Matt Posted December 7, 2005 Report Share Posted December 7, 2005 Congrats! Your log is clean! Is everything running ok now?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony KleinMatt Link to post Share on other sites
kG_0o Posted December 7, 2005 Author Report Share Posted December 7, 2005 yes it is :D thankYoou soOOoo much man. SOme o the forums aren't even replying . but nice . thanks a bunch. and i've already got some o those progs up thre :$.. Link to post Share on other sites
Dan Posted December 7, 2005 Report Share Posted December 7, 2005 Topic closed Link to post Share on other sites
Recommended Posts