Princess Posted October 18, 2004 Report Share Posted October 18, 2004 Logfile of HijackThis v1.98.2Scan saved at 6:21:05 PM, on 10/18/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\MSN Messenger\msnmsgr.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\WINDOWS\system32\LVComS.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Ayn-Marie\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostN3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing)O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exeO4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exeO16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab Link to post Share on other sites
therock247uk Posted October 18, 2004 Report Share Posted October 18, 2004 (edited) 1. Move Hijackthis to a permanent folder like c:/hjt so backups can be made. Open Hijackthis from c:/hjt press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ybhnjjvtuxiajsk.info/RQNj/2hUQm..._B7tVIw_nm.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jfnpecvzmihzck.com/RQNj/2hUQmRc...a_B7tVIw_nm.htmO2 - BHO: (no name) - {19D93A19-C737-13F3-BD1E-855D7C1967F3} - C:\PROGRA~1\EQFLAG~1\meta test.exe (file missing)O2 - BHO: (no name) - {421ACFBF-5AE9-17AB-EB27-9EBBB8CCFF3F} - C:\DOCUME~1\AYN-MA~1\APPLIC~1\EQFLAG~1\meta test.exeO4 - HKLM\..\Run: [burn bird barb trans] C:\Documents and Settings\All Users\Application Data\tonsbatburnbird\balmhole.exeO4 - HKLM\..\Run: [thunk soap blah multi] C:\Documents and Settings\All Users\Application Data\win about thunk soap\PLAYMULTI.exeO4 - HKCU\..\Run: [hidesize] C:\DOCUME~1\AYN-MA~1\APPLIC~1\ADMINS~1\pure peak.exe2. Reboot and delete the folders.C:\Program Files\EQFLAG~1\ < Folder starts with EQFLAGC:\Documents and Settings\AYN-MA~1\Application Data\EQFLAG~1\ < Folder starts with EQFLAGC:\Documents and Settings\All Users\Application Data\tonsbatburnbird\C:\Documents and Settings\All Users\Application Data\win about thunk soap\C:\Documents and Settings\AYN-MA~1\Application Data\ADMINS~1\ < Folder starts with ADMINS3. Then post a new Hijackthis log here in a reply. Edited October 18, 2004 by therock247uk Link to post Share on other sites
Princess Posted October 19, 2004 Author Report Share Posted October 19, 2004 Logfile of HijackThis v1.98.2Scan saved at 9:25:17 PM, on 10/18/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\WINDOWS\system32\LVComS.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Ayn-Marie\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostN3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exeO16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab Link to post Share on other sites
therock247uk Posted October 19, 2004 Report Share Posted October 19, 2004 (edited) 1. Please Move Hijackthis to a permenet folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okretcctutoyskfgmgvdxacg.com/RQ...K_B7tVIw_nm.jspN3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bppormeyqbspdsuqo.com/TNA8OBalZldFQy97ySXF5ptsL91FyjrdKQMNn/AUAzk.html"); (C:\Documents and Settings\Ayn-Marie\Application Data\Mozilla\Profiles\default\e8p6egms.slt\prefs.js)2. Reboot and post a new Hijackthis log here in a reply. Edited October 19, 2004 by therock247uk Link to post Share on other sites
Princess Posted October 30, 2004 Author Report Share Posted October 30, 2004 Logfile of HijackThis v1.98.2Scan saved at 5:27:23 PM, on 10/30/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exeC:\WINDOWS\System32\rsvp.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Messenger\MSMSGS.EXEC:\Program Files\Microsoft Office\Office\OSA.EXEC:\WINDOWS\system32\LVComS.exeC:\Documents and Settings\Ayn-Marie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exeO16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab Link to post Share on other sites
therock247uk Posted October 31, 2004 Report Share Posted October 31, 2004 Log is clean What problems are you having? Link to post Share on other sites
Recommended Posts