Help!! Winpup!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

_ViRuS_

Thread Starter
Joined
Sep 22, 2003
Messages
15
Help me! I can't use Internet explorer any more!

I paste you the hijackthis result:

Logfile of HijackThis v1.97.2
Scan saved at 15.30.02, on 22/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ROLAND\VSC30\VSC88CNF.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\PGP FOR WINDOWS 98\PGPSERVICE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\TIMESINK\ADGATEWAY\TSADBOT.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\FILE COMUNI\CMEII\CMESYS.EXE
C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMMI\ROLAND\VSC30\VSCVOL88.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAMMI\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMI\NETRATINGS\PREMETER\PRMT.EXE
C:\PROGRAMMI\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\GMSOFT\DIALERS\EASYDATES_IT\EASYDATES_IT.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\CD_LOAD.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\PGP FOR WINDOWS 98\PGPTRAY.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\GATOR.COM\GATOR\GATOR.EXE
C:\PROGRAMMI\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAMMI\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAMMI\RUTHERE\RUTH.EXE
C:\PROGRAMMI\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXE
C:\PROGRAMMI\TINMESSENGER\TINMESSENGER.EXE
C:\PROGRAMMI\FILE COMUNI\GMT\GMT.EXE
C:\PROGRAMMI\SYMANTEC\LIVEUPDATE\NDETECT.EXE
C:\DOCUMENTI\DOCUMENTI CONDIVISI\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tdmy.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe rpiyvhchm.exe
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D} - C:\PROGRAMMI\UCMORE\UCMIE.DLL
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAMMI\COMET\BIN\CSBHO.DLL
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\JWQITRFROA.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O3 - Toolbar: UCmore Toolbar - {53CBEE82-D747-11d3-9ED0-005004189684} - C:\PROGRAMMI\UCMORE\UCMIE.DLL
O3 - Toolbar: Comet Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAMMI\COMET\BIN\CSIETB.DLL
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\WINDOWS\APPLICATION DATA\JWQITRFROA.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroPopUp Bar - {72A58725-2635-4725-8C53-676DFD1FEB8D} - C:\WINDOWS\SYSTEM\ZEROPO~5.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAMMI\ISTBAR\ISTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Programmi\TimeSink\AdGateway\TSADBOT.EXE"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMMI\FILE COMUNI\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.reg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [vsc88cnf.wnd] C:\Programmi\Roland\VSC30\vsc88cnf.exe
O4 - HKLM\..\Run: [vscvol88.exe] C:\Programmi\Roland\VSC30\vscvol88.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmi\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\PREMETER\PRMT.EXE
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [EasyDates_it] C:\Program Files\GMSoft\Dialers\EasyDates_it\EasyDates_it.exe /dontdial
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
O4 - HKLM\..\RunServices: [PGPSERVICE] C:\Programmi\Network Associates\PGP for Windows 98\PGPservice.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\chost00000\2710214.EXE -remove
O4 - Startup: vpsched.lnk = C:\Programmi\Matrox - Strumenti video\vpsched.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PGPtray.lnk = C:\Programmi\Network Associates\PGP for Windows 98\PGPtray.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GatorRes.dll
O4 - Startup: Gator eWallet.lnk = ?
O4 - Startup: PrecisionTime.lnk = C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\PROGRA~1\Date Manager\DateManager.exe
O4 - Startup: Ruth.lnk = C:\Programmi\RUThere\ruth.cur
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\bin\WinCinemaMgr.exe
O4 - Startup: C6 Client.LNK = C:\Programmi\TinMessenger\TinMessenger.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\ZEROPO~5.DLL/MENUSEARCH.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: LingoWare Translator... (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .bat: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5547106481

HELP ME!!!
THANKS!!!

Dave
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
This is the worst mess I've seen in a LONG time. You appear to have every form of malware known to man...

Let's first get rid of everything you don;t need:
In Hijack This, check all of the following items, then close all browser windows, and press "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tdmy.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F0 - system.ini: Shell=Explorer.exe rpiyvhchm.exe

O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D} - C:\PROGRAMMI\UCMORE\UCMIE.DLL
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAMMI\COMET\BIN\CSBHO.DLL
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\JWQITRFROA.DLL
O2 - BHO: (no name) - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL

O3 - Toolbar: UCmore Toolbar - {53CBEE82-D747-11d3-9ED0-005004189684} - C:\PROGRAMMI\UCMORE\UCMIE.DLL
O3 - Toolbar: Comet Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAMMI\COMET\BIN\CSIETB.DLL
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\WINDOWS\APPLICATION DATA\JWQITRFROA.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\SYSTEM\shdocvw.dll
O3 - Toolbar: ZeroPopUp Bar - {72A58725-2635-4725-8C53-676DFD1FEB8D} - C:\WINDOWS\SYSTEM\ZEROPO~5.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAMMI\ISTBAR\ISTBAR.DLL

O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Programmi\TimeSink\AdGateway\TSADBOT.EXE"
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMMI\FILE COMUNI\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.reg
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\PREMETER\PRMT.EXE
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [EasyDates_it] C:\Program Files\GMSoft\Dialers\EasyDates_it\EasyDates_it.exe /dontdial
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\chost00000\2710214.EXE -remove
O4 - Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GatorRes.dll
O4 - Startup: Gator eWallet.lnk = ?
O4 - Startup: PrecisionTime.lnk = C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\PROGRA~1\Date Manager\DateManager.exe

O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer



Now RESTART your computer, and delete ALL of the following folders in their entirety:

C:\PROGRAM FILES\WEBHANCER
C:\PROGRAMMI\UCMORE
C:\PROGRAMMI\COMET
C:\WINDOWS\SYSTEM\Zeropopup
C:\PROGRAMMI\ISTBAR
C:\Programmi\TimeSink
C:\PROGRAMMI\FILE COMUNI\CMEII
C:\Program Files\Netratings
C:\Programmi\ISTsvc
C:\Program Files\GMSoft
C:\WINDOWS\SYSTEM\P2P NETWORKING
c:\program files\GlobalDialer
C:\Programmi\File comuni\GMT

And the C:\WINDOWS\sp.reg file


That will still not restore your Internet connectivity, but download this Winsock2 fix to a floppy, and run it on the affected machine: http://digital-solutions.co.uk/lavasoft/whndnfix.zip

It does a fine job restoring internet connectivity caused by a corrupted LSP stack on Win 98 and ME systems.

When everything works again, Download Spybot - Search & Destroy
After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds.

Then re-run Hijack This, and show us a fresh log.

And you may find this a useful read:
So how did I get infected with all that spyware in the first place?

Good luck,
 

_ViRuS_

Thread Starter
Joined
Sep 22, 2003
Messages
15
Thanks a lot! but I think I haven't cancelled all the problems yet.

Whatch this:

Logfile of HijackThis v1.97.2
Scan saved at 19.28.04, on 22/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ROLAND\VSC30\VSC88CNF.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\PGP FOR WINDOWS 98\PGPSERVICE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\ROLAND\VSC30\VSCVOL88.EXE
C:\PROGRAMMI\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMI\ISTSVC\ISTSVC.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\PGP FOR WINDOWS 98\PGPTRAY.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAMMI\TINMESSENGER\TINMESSENGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\DAP\DAP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [vsc88cnf.wnd] C:\Programmi\Roland\VSC30\vsc88cnf.exe
O4 - HKLM\..\Run: [vscvol88.exe] C:\Programmi\Roland\VSC30\vscvol88.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmi\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
O4 - HKLM\..\RunServices: [PGPSERVICE] C:\Programmi\Network Associates\PGP for Windows 98\PGPservice.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe /background
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAMMI\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - Startup: vpsched.lnk = C:\Programmi\Matrox - Strumenti video\vpsched.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PGPtray.lnk = C:\Programmi\Network Associates\PGP for Windows 98\PGPtray.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ruth.lnk = C:\Programmi\RUThere\ruth.cur
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\bin\WinCinemaMgr.exe
O4 - Startup: C6 Client.LNK = C:\Programmi\TinMessenger\TinMessenger.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\SYSTEM\ZEROPO~5.DLL/MENUSEARCH.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: LingoWare Translator... (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .bat: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5547106481


That's all! :)

Dave
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Well, it sure looks a lot better.

This is the only item which remains to be fixed:

O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe

After rebooting, delete that C:\Programmi\ISTsvc folder, if still there. Otherwise it's a clean log! :)

More importantly, were you able to restore your internet connectivity using the Winsock2 fix?
 

_ViRuS_

Thread Starter
Joined
Sep 22, 2003
Messages
15
YEAH!! It's perfect!!!

Ehy guys, ... I LOVE YOU!!!

See you soon!!!

Dave
 
Joined
Mar 20, 2003
Messages
4,823
If I may just add one

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

This tends to hog resources in the background and isn't necessary unless you're a developer
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top