1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Absolutely Desperate

Discussion in 'Virus & Other Malware Removal' started by zeedeveel7, Feb 16, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    Oh my goodness. After returning from a nice vacation I came back only to find my computer in spyware and general virus ruins.

    First off, I'm running AVG, Spybot search and destroyer, and Adaware.
    Now though, my AIM has a kernel32 error msg everytime I attempt to log on. And everyone knows aol is essential to anyone's social life. ;)
    I cant open "search" or the control panel.
    I disabled every startup item but the basics, but everytime I reboot there are over 50 applications running. A friend and I have been working on it for the past two days, but nothing is getting accomplished. I really need some help on this. Thanks a ton.
     
  2. Ihatemy_comp

    Ihatemy_comp

    Joined:
    Feb 11, 2005
    Messages:
    30
    http://forums.techguy.org/t110854.html

    Go Here and download Hijack This 1.99.0 Do a scan and post the log here please

    Post this log so someone with a bit more experience can help ya out....dont select anything to be removed, just run Highjack This and make sure the save log is ticked....copy and past log to this thread
     
  3. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    mmm, I hope this was what you were referring to

    Logfile of HijackThis v1.99.1
    Scan saved at 5:34:40 PM, on 2/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    C:\documents and settings\owner\local settings\temp\wpC.exe
    C:\documents and settings\owner\local settings\temp\wpC.exe
    C:\documents and settings\owner\local settings\temp\Ts43Ni.exe
    C:\windows\system32\RJtXv.exe
    C:\windows\system32\qarbpvmc.exe
    C:\WINDOWS\system32\mshz.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system32\packager.exe
    C:\Documents and Settings\Owner\Desktop\DO NOT DELETE!!!!!!!!!!!!\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\documents and settings\owner\local settings\temp\FlU.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\tibs5.exe
    C:\WINDOWS\system32\d?xplore.exe
    C:\Documents and Settings\Owner\Application Data\wtta.exe
    C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\PROGRA~1\Web Offer\wo.exe
    C:\PROGRA~1\ezula\mmod.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\apikb.exe
    C:\WINDOWS\System32\dhcpmon.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\DOCUME~1\OWNER\LOCALS~1\TEMP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mlmue.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5DBD25EB-EA8A-07D7-E366-2146A2ECD99B} - C:\WINDOWS\d3cs32.dll
    O4 - HKLM\..\Run: [mshost mngr] C:\WINDOWS\System32\Rtdx119.dat
    O4 - HKLM\..\Run: [ykUmaN.exe] C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    O4 - HKLM\..\Run: [ykUmaN] C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    O4 - HKLM\..\Run: [xghiuc] C:\WINDOWS\System32\xghiuc.exe
    O4 - HKLM\..\Run: [wpC.exe] C:\documents and settings\owner\local settings\temp\wpC.exe
    O4 - HKLM\..\Run: [wpC] C:\documents and settings\owner\local settings\temp\wpC.exe
    O4 - HKLM\..\Run: [wktrwaw] C:\WINDOWS\System32\qeumyjx\wktrwaw.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Ts43Ni.exe] C:\documents and settings\owner\local settings\temp\Ts43Ni.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [tEGgV1.exe] C:\documents and settings\owner\local settings\temp\tEGgV1.exe
    O4 - HKLM\..\Run: [tEGgV1] C:\documents and settings\owner\local settings\temp\tEGgV1.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [sawtm] C:\WINDOWS\System32\sawtm.exe
    O4 - HKLM\..\Run: [s7nV32g] bdbobj.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [rkwkst] C:\WINDOWS\System32\rkwkst.exe
    O4 - HKLM\..\Run: [RJtXv.exe] C:\windows\system32\RJtXv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [qarbpvmc] c:\windows\system32\qarbpvmc.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\system32\wvrguw.exe
    O4 - HKLM\..\Run: [mvcore2w] C:\WINDOWS\System32\mvcore2w.exe
    O4 - HKLM\..\Run: [mshz.exe] C:\WINDOWS\system32\mshz.exe
    O4 - HKLM\..\Run: [mfcvm.exe] C:\WINDOWS\system32\mfcvm.exe
    O4 - HKLM\..\Run: [l_anets] C:\WINDOWS\System32\l_anets.exe
    O4 - HKLM\..\Run: [kucsyicha] C:\WINDOWS\system32\qarbpvmc.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Owner\Desktop\DO NOT DELETE!!!!!!!!!!!!\iTunesHelper.exe
    O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ggkdwe] "C:\WINDOWS\System32\ggkdwe.exe"
    O4 - HKLM\..\Run: [GB.exe] C:\documents and settings\owner\local settings\temp\GB.exe
    O4 - HKLM\..\Run: [FlU.exe] C:\documents and settings\owner\local settings\temp\FlU.exe
    O4 - HKLM\..\Run: [flkpkyw] C:\WINDOWS\System32\rxffiuf\flkpkyw.exe
    O4 - HKLM\..\Run: [e0d44eb0f374] C:\WINDOWS\system32\BOCOLE09.exe
    O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\System32\dpcproxy.exe
    O4 - HKLM\..\Run: [crad.exe] C:\WINDOWS\system32\crad.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [B6Qe.exe] C:\documents and settings\owner\local settings\temp\B6Qe.exe
    O4 - HKLM\..\Run: [B6Qe] C:\documents and settings\owner\local settings\temp\B6Qe.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AutoLoaders04p1MdfZMPW] "C:\WINDOWS\System32\bdbobj.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [apicb32.exe] C:\WINDOWS\system32\apicb32.exe
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [8bee6022321d] C:\WINDOWS\System32\ANSMTP88.exe
    O4 - HKLM\..\Run: [01mpegsendsign] C:\Documents and Settings\All Users\Application Data\face plan 01 mpeg\bait time.exe
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
    O4 - HKLM\..\RunOnce: [apikb.exe] C:\WINDOWS\apikb.exe
    O4 - HKCU\..\Run: [Zssre] C:\WINDOWS\system32\d?xplore.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\system32\mscif.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Owner\HXIUL.EXE
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\Run: [dhcpmon] C:\WINDOWS\System32\dhcpmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Ahst] C:\Documents and Settings\Owner\Application Data\iebs.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25c18cf6cd8717f19702/netzip/RdxIE601.cab
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {68E53982-CCCE-48C2-89B9-C3C97638F9B4} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Eapjqd32.dll (file missing)
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Installer Service (Installer) - Unknown owner - C:\WINDOWS\System32\installer.exe (file missing)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\apiyj.exe (file missing)
     
  4. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    run hijack this again and scan and then put checks next to all these and press fixed checked
    O4 - HKLM\..\Run: [GB.exe] C:\documents and settings\owner\local settings\temp\GB.exe
    O4 - HKLM\..\Run: [FlU.exe] C:\documents and settings\owner\local settings\temp\FlU.exe
    O4 - HKLM\..\Run: [flkpkyw] C:\WINDOWS\System32\rxffiuf\flkpkyw.exe
    O4 - HKLM\..\Run: [e0d44eb0f374] C:\WINDOWS\system32\BOCOLE09.exe
    O4 - HKLM\..\Run: [crad.exe] C:\WINDOWS\system32\crad.exe
    O4 - HKLM\..\Run: [B6Qe.exe] C:\documents and settings\owner\local settings\temp\B6Qe.exe
    O4 - HKLM\..\Run: [B6Qe] C:\documents and settings\owner\local settings\temp\B6Qe.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKLM\..\Run[AutoLoaders04p1MdfZMPW] "C:\WINDOWS\System32\bdbobj.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [apicb32.exe] C:\WINDOWS\system32\apicb32.exe
    O4 - HKLM\..\Run: [8bee6022321d] C:\WINDOWS\System32\ANSMTP88.exe
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
    O4 - HKLM\..\RunOnce: [apikb.exe] C:\WINDOWS\apikb.exe
    O4 - HKCU\..\Run: [Zssre] C:\WINDOWS\system32\d?xplore.exe
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    fix these so far ok
    get rid of kazaa i will provide u with better software

    uninstall kazaa

    then use this:

    http://www.spychecker.com/download/download_winsockxpfix.html

    download it

    then run it and press the button reg backup and press ok

    then do a fix

    then post a new hijack this log
     
  5. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    I know!! I dont know what to do :( !!
     
  6. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    I miss my Mac.
     
  7. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    mmk, I "fixed" those ..and I uninstalled kazaa awhile back..strange how its still there..but yes..so problem fixed?
     
  8. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    did u run that program if so then reboot after u use that program
     
  9. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    Then after you reboot from running that program go download this

    http://files3.majorgeeks.com/files/c27181a18d3b30d14d66a1a56c068548/spyware/aawsepersonal.exe

    then first go to the world icon and check for updates

    if there are updates click yes and then click finish after its done and then

    go to the purple icon and click it and set the setting as follows:

    Now do the following:
    - Under Ad-aware > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."

    - Under Ad-aware > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."


    Press "Scan Now"
    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"


    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware

    after this

    reboot into safe mode and search for these files and delete em:

    C:\documents and settings\owner\local settings\temp\GB.exe
    C:\documents and settings\owner\local settings\temp\FlU.exe
    C:\WINDOWS\System32\rxffiuf\flkpkyw.exe
    C:\WINDOWS\system32\BOCOLE09.exe
    C:\WINDOWS\system32\crad.exe
    C:\documents and settings\owner\local settings\temp\B6Qe.exe
    C:\documents and settings\owner\local settings\temp\B6Qe.exe
    C:\PROGRA~1\Web Offer\wo.exe
    C:\PROGRA~1\ezula\mmod.exe
    C:\WINDOWS\system32\apicb32.exe
    C:\WINDOWS\System32\ANSMTP88.exe
    C:\WINDOWS\system32\tibs5.exe
    C:\WINDOWS\apikb.exe
    C:\WINDOWS\system32\d?xplore.exe

    and delete em and reboot into normal mode and then create a restore point...
     
  10. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    alright, I rebooted...and the problems still persist
     
  11. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    follow the steps i posted about getting that ad-aware program and deleting all those files

    but first before u follow deleting thsoe files

    create a restore point

    by clicking on start button then go to programs then accesories then system tools then system restore and create one
     
  12. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    when you say "check" do you mean ..decheck, because i have this program and they're already checked
     
  13. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    i sent you a pm
     
  14. Meangean

    Meangean

    Joined:
    Apr 18, 2004
    Messages:
    216
    tell me when you have done all these steps and then post a new hijack this log
     
  15. zeedeveel7

    zeedeveel7 Thread Starter

    Joined:
    Feb 16, 2005
    Messages:
    24
    Logfile of HijackThis v1.99.1
    Scan saved at 6:42:47 PM, on 2/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mshz.exe
    C:\HP\KBD\KBD.EXE
    C:\Documents and Settings\Owner\Desktop\DO NOT DELETE!!!!!!!!!!!!\iTunesHelper.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Documents and Settings\Owner\Application Data\wtta.exe
    C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    C:\WINDOWS\System32\dhcpmon.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\8F.tmp
    C:\WINDOWS\system32\tibs5.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\mfcnd32.exe
    C:\Documents and Settings\Owner\Desktop\DO NOT DELETE!!!!!!!!!!!!\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tpkgi.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5DBD25EB-EA8A-07D7-E366-2146A2ECD99B} - C:\WINDOWS\d3cs32.dll
    O4 - HKLM\..\Run: [mshost mngr] C:\WINDOWS\System32\Rtdx119.dat
    O4 - HKLM\..\Run: [ykUmaN.exe] C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    O4 - HKLM\..\Run: [ykUmaN] C:\documents and settings\owner\local settings\temp\ykUmaN.exe
    O4 - HKLM\..\Run: [xghiuc] C:\WINDOWS\System32\xghiuc.exe
    O4 - HKLM\..\Run: [wpC.exe] C:\documents and settings\owner\local settings\temp\wpC.exe
    O4 - HKLM\..\Run: [wpC] C:\documents and settings\owner\local settings\temp\wpC.exe
    O4 - HKLM\..\Run: [wktrwaw] C:\WINDOWS\System32\qeumyjx\wktrwaw.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Ts43Ni.exe] C:\documents and settings\owner\local settings\temp\Ts43Ni.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [tEGgV1.exe] C:\documents and settings\owner\local settings\temp\tEGgV1.exe
    O4 - HKLM\..\Run: [tEGgV1] C:\documents and settings\owner\local settings\temp\tEGgV1.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [sawtm] C:\WINDOWS\System32\sawtm.exe
    O4 - HKLM\..\Run: [s7nV32g] bdbobj.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [rkwkst] C:\WINDOWS\System32\rkwkst.exe
    O4 - HKLM\..\Run: [RJtXv.exe] C:\windows\system32\RJtXv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [qarbpvmc] c:\windows\system32\qarbpvmc.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [mvcore2w] C:\WINDOWS\System32\mvcore2w.exe
    O4 - HKLM\..\Run: [mshz.exe] C:\WINDOWS\system32\mshz.exe
    O4 - HKLM\..\Run: [mfcvm.exe] C:\WINDOWS\system32\mfcvm.exe
    O4 - HKLM\..\Run: [l_anets] C:\WINDOWS\System32\l_anets.exe
    O4 - HKLM\..\Run: [kucsyicha] C:\WINDOWS\system32\qarbpvmc.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Owner\Desktop\DO NOT DELETE!!!!!!!!!!!!\iTunesHelper.exe
    O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ggkdwe] "C:\WINDOWS\System32\ggkdwe.exe"
    O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\System32\dpcproxy.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [01mpegsendsign] C:\Documents and Settings\All Users\Application Data\face plan 01 mpeg\bait time.exe
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
    O4 - HKLM\..\Run: [8F.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\8F.tmp.exe 1 10001
    O4 - HKLM\..\RunOnce: [apikb.exe] C:\WINDOWS\apikb.exe
    O4 - HKLM\..\RunOnce: [mfcnd32.exe] C:\WINDOWS\system32\mfcnd32.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Owner\HXIUL.EXE
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe
    O4 - HKCU\..\Run: [dhcpmon] C:\WINDOWS\System32\dhcpmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Ahst] C:\Documents and Settings\Owner\Application Data\iebs.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25c18cf6cd8717f19702/netzip/RdxIE601.cab
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {68E53982-CCCE-48C2-89B9-C3C97638F9B4} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Eapjqd32.dll (file missing)
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Installer Service (Installer) - Unknown owner - C:\WINDOWS\System32\installer.exe (file missing)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\apiyj.exe (file missing)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/331419

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice