1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Problems that need fixing

Discussion in 'Windows XP' started by timchilli, Jan 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Hi, I'd be grateful if anyone could help me with the following problems I'm experiencing on WinXP Home Edition.

    Problem 1
    Explorer.EXE - No Disk
    There is no disk in the drive. Please insert a disk into drive A


    Problem 2
    Internet Explorer keeps shutting down with the following details:
    AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: ntdll.dll

    I have used SmitRem and run all kinds of diagnostics but can't rid my system of these bloody things.

    Here is a HijackThis! logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:41:29, on 10/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ELAN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\vjiqyaaa.exe
    C:\WINDOWS\system32\combo.exe
    C:\WINDOWS\system32\srshost.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4662
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2393BDA8-9CE9-E51F-7B44-9B6338FD3C65} - C:\WINDOWS\System32\loyakuj.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: (no name) - {F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} - (no file)
    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Windows System] vjiqyaaa.exe
    O4 - HKLM\..\Run: [combo.exe] combo.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows System] vjiqyaaa.exe
    O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
    O4 - Startup: Free WebSite Tools.lnk = ?
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31531FEE-C301-4E6F-981A-13EE81E574BE}: NameServer = 62.24.228.9 62.24.228.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: holdapi - C:\WINDOWS\SYSTEM32\holdapi.dll
    O21 - SSODL: IEFilter - {087677A1-7977-4C2E-8945-72644DAAC6C4} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    If anyone could help I would be eternally thankful.

    Many thanks for hearing me out.

    Tim
     
  2. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\vjiqyaaa.exe
    C:\WINDOWS\system32\combo.exe
    C:\WINDOWS\system32\srshost.exe

    are these trojans?
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  4. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    MFDnSC, thanks for your reply.

    Below is the eWido log. The next post will contain the HiJackThis log.

    Is everything ok?

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 19:56:57, 11/01/2006
    + Report-Checksum: AA90FCCB

    + Scan result:

    HKLM\SOFTWARE\Classes\Interface\{B0CE21C5-6A79-45B7-AB9C-0008E75F2DBF} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{CD6B926C-903F-46A4-9C7D-F3839F081788} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
    HKLM\SOFTWARE\GMSoft -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\GMSoft\Dialers -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\IntexusDial -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1844237615-2000478354-725345543-1004\Software\GMSoft -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1844237615-2000478354-725345543-1004\Software\GMSoft\Dialers -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1844237615-2000478354-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
    HKU\S-1-5-21-1844237615-2000478354-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} -> Spyware.CoolWebSearch : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Lucy\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Lucy\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Lucy\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Lucy\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lucy\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lucy\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Phil\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\1CBSGEKL\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\9S2U4WX7\14500[1].exe -> Dropper.Small.na : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\E905MVKF\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\BDERastDx6_30002.dll.bak -> Adware.BrilliantDigital : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\bdesecureinstall.exe.bak -> Adware.BrilliantDigital : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\bdeverify.dll.bak -> Adware.BrilliantDigital : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\bdeverify.exe.bak -> Adware.BrilliantDigital : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Xxxcounter : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Xxxcounter : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022756.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022757.exe -> Proxy.Agent.ig : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022763.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022764.exe -> Proxy.Agent.ig : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022771.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022781.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022787.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0022810.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0023802.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0023808.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP136\A0023813.exe -> Dropper.Small.na : Cleaned with backup
    C:\System Volume Information\_restore{B3FF13EE-92C2-46CF-A694-2E7DECC4B5DA}\RP137\A0023873.exe -> Proxy.Agent.bz : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\sportnet.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\WINDOWS\installer[p2p-10110,de].exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\system32\holdapi.dll -> Trojan.Agent.cs : Cleaned with backup
    C:\WINDOWS\system32\loyakuj.dll -> Spyware.AdultIt : Cleaned with backup
    C:\WINDOWS\system32\srshost.exe -> Proxy.Agent.ig : Cleaned with backup
    C:\WINDOWS\system32\sxdswaaa.exe -> Downloader.Tiny.ao : Cleaned with backup
    C:\WINDOWS\system32\vjiqyaaa.exe -> Backdoor.Rbot : Cleaned with backup
    C:\WINDOWS\system32\winl0gon.exe -> Dropper.Small.na : Cleaned with backup


    ::Report End
     
  5. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    HIJACKTHIS LOG

    Logfile of HijackThis v1.99.1
    Scan saved at 19:57:36, on 11/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4662
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2393BDA8-9CE9-E51F-7B44-9B6338FD3C65} - C:\WINDOWS\System32\loyakuj.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - Startup: Free WebSite Tools.lnk = ?
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: holdapi - C:\WINDOWS\SYSTEM32\holdapi.dll
    O21 - SSODL: IEFilter - {087677A1-7977-4C2E-8945-72644DAAC6C4} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,

    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

    O2 - BHO: (no name) - {2393BDA8-9CE9-E51F-7B44-9B6338FD3C65} - C:\WINDOWS\System32\loyakuj.dll (file missing)

    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll

    O4 - Startup: PowerReg Scheduler V3.exe

    O20 - Winlogon Notify: holdapi - C:\WINDOWS\SYSTEM32\holdapi.dll

    O21 - SSODL: IEFilter - {087677A1-7977-4C2E-8945-72644DAAC6C4} - C:\WINDOWS\system32\IEFilter.dll

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\SYSTEM32\holdapi.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Hi again!

    I followed your instructions exaclty, however I could not delete the C:\WINDOWS\SYSTEM32\holdapi.dll file. The computer wouldn't let me delete it, despite numerous attempts. Any idea what I can do to fix this?

    Here's the latest HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:08:52, on 12/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ELAN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4662
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31531FEE-C301-4E6F-981A-13EE81E574BE}: NameServer = 62.24.228.9 62.24.228.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: holdapi - C:\WINDOWS\SYSTEM32\holdapi.dll
    O21 - SSODL: IEFilter - {E7D75D2C-18D0-425C-8688-514768C5F97E} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    My fault - I wasn't pating attention

    Please print these instructions out for use in Safe Mode.

    Vundo normally gets installed via a security hole in Sun Java so do this please

    go to www.java.com & download the latest version of java 1.5.0.6

    install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java


    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning and a list of forums to seek help at.
      it should look like this
    • At this point press enter one time.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\holdapi.dll
    • Press Enter,
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\ipadloh.*
      If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

    • The fix will run then HijackThis will open.
    • In HijackThis, please place a check next to the following items and click FIX CHECKED:

      • O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll

        O20 - Winlogon Notify: holdapi - C:\WINDOWS\SYSTEM32\holdapi.dll
    • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
    • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
    • Once your machine reboots please continue with the instructions below.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
     
  9. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Hi again. Thanks for all your help with this.

    I followed your instructions as stated. Unfortunately the Internet Explorer error precludes me from running a full ActiveScan (IE shuts down after about 5 minutes into the scan). As such, I can only post the VundoFix log, together with the latest HJT log.

    Any idea why IE keeps shutting down? It's REALLY annoying.



    VundoFix V2.15 by Atri
    --------------------------------------------------------------------------------------

    Listing files contained in the vundofix folder.
    --------------------------------------------------------------------------------------

    killvundo.bat
    process.exe
    ReadMe.txt
    vundo.reg
    vundofix.txt

    --------------------------------------------------------------------------------------

    Filepaths entered
    --------------------------------------------------------------------------------------

    The filepath entered was C:\WINDOWS\system32\holdapi.dll

    The second filepath entered was C:\WINDOWS\system32\ipadloh.*

    --------------------------------------------------------------------------------------

    Log from Process
    --------------------------------------------------------------------------------------


    Killing PID 128 'smss.exe'

    Killing PID 976 'explorer.exe'


    Killing PID 204 'winlogon.exe'
    Killing PID 204 'winlogon.exe'
    --------------------------------------------------------------------------------------

    C:\WINDOWS\system32\holdapi.dll Deleted sucessfully.
    C:\WINDOWS\system32\ipadloh.* Deleted sucessfully.

    Fixing Registry
    --------------------------------------------------------------------------------------


    Logfile of HijackThis v1.99.1
    Scan saved at 23:38:04, on 12/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ELAN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll (file missing)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137108599328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31531FEE-C301-4E6F-981A-13EE81E574BE}: NameServer = 62.24.228.9 62.24.228.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: holdapi - holdapi.dll (file missing)
    O21 - SSODL: IEFilter - {E7D75D2C-18D0-425C-8688-514768C5F97E} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  10. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Would it be advisable to download the latest version of Internet Explorer, then simply uninstall my existing version? Would this resolve the problem?
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\holdapi.dll (file missing)

    O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe

    O20 - Winlogon Notify: holdapi - holdapi.dll (file missing)

    O21 - SSODL: IEFilter - {E7D75D2C-18D0-425C-8688-514768C5F97E} - C:\WINDOWS\system32\IEFilter.dll

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\IEFilter.dll
    C:\WINDOWS\system32\srshost.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  12. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Here's the latest HJT log.

    IE still keeps shutting down. Sorry for the continued hassle, but any ideas?

    Logfile of HijackThis v1.99.1
    Scan saved at 19:52:18, on 13/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\system32\Service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ELAN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpyHunter\SpyHunter.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4662
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: (no name) - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - (no file)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137108599328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31531FEE-C301-4E6F-981A-13EE81E574BE}: NameServer = 62.24.228.9 62.24.228.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: IEFilter - {D5E4095C-64FB-4D09-9670-80EE6569F694} - C:\WINDOWS\system32\IEFilter.dll (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Not done yet – Make sure MS Anti allows these changes

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - (no file)

    O21 - SSODL: IEFilter - {D5E4095C-64FB-4D09-9670-80EE6569F694} - C:\WINDOWS\system32\IEFilter.dll (file missing)



    Please give feedback on what worked/didn’t work and the current status of your system
     
  14. timchilli

    timchilli Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    9
    Done!

    Hopefully this will be it!

    Many thanks for your continued help. I'll make a donation for all your kindness.

    Thanks, Tim.

    Logfile of HijackThis v1.99.1
    Scan saved at 00:26:59, on 14/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\system32\Service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ELAN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
    C:\Documents and Settings\Tim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4662
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB004" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://rmt.mms.co.uk/Citrix/ICAWEB/en/ica32/wficac.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092957168328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137108599328
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31531FEE-C301-4E6F-981A-13EE81E574BE}: NameServer = 62.24.228.9 62.24.228.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/432945

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice