Tech Support Guy banner
Cancel

HELP!! POP-UP city!!

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 6 of 6 Posts
3

· Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
So just recently i had to do a system restore on my computer to fix some problems i was having. Ever since then, i've been getting pop-ups non stop and application error messages that just won't go away. Aswell as the taskbar locking up on me.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:05 AM, on 1/16/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\TWU\command.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\SVCH0ST.EXE
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\services.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\system43.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\SMBOLS~1\winlogon.exe
C:\PROGRA~1\COMMON~1\miku\mikum.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\COMMON~1\miku\mikua.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\WINDOWS\?icrosoft\??anregw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\b116.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\b116.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {2C8EA409-37B3-356D-BFEA-37A67B2FCCC2} - C:\WINDOWS\System32\dft.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C8EA409-37B3-356D-BFEA-37A67B2FCCC2} - C:\WINDOWS\System32\dft.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A1F~1\Bar888.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A1F~1\Bar888.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eAntiSpy] C:\Program Files\eAntiSpyTrial\Alert.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SvcManager] kernelex6.exe
O4 - HKLM\..\Run: [system43.exe] C:\WINDOWS\System32\system43.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\System32\dxdlg32.exe
O4 - HKLM\..\Run: [{C4A1F374-07C9-1033-0718-020403020001}] "C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\SMBOLS~1\winlogon.exe" -vt yazr
O4 - HKCU\..\Run: [Jumgwryw] C:\WINDOWS\?icrosoft\??anregw.exe
O4 - HKCU\..\Run: [miku] C:\PROGRA~1\COMMON~1\miku\mikum.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eAntiSpy Diagnostics.lnk = C:\Program Files\eAntiSpyTrial\Alert.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...=#333333&ModelNameDir=ridgeline&noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://iowacniceweb01.ic.ncs.com/icm/caller.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166371637404
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4227.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWU\command.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Indexings Services - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\systen32.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\System32\Security.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Can anyone help? Thank you :)
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#2 ·
Hi, Welcome to TSG!!

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 
3

· Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
3D Flash Animator 4 beta 3
888Bar
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Alien Skin Image Doctor 1.0 Demo
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
Aqua Bubble 2
ArcSoft PhotoStudio 2000
Artful GIF Animator 1.0
Blaze Audio Wave Creator 3 Trial
BMSE dbl
Canon i550
CD Burning 4
Classic PhoneTools
CLO
Command
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Cowabanga by OIN
Dell | Support
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
DivX 5.0.3 Pro Bundle
DivX Player
Easy CD Creator 5 Basic
Easy RM to MP3 Converter 1.50.30
Elf Bowling - Bocce Style! (remove only)
Enhanced MediaLoads
ESPNMotion
Eye Candy 4000 Demo
Global DiVX Player
Google Earth
Google Toolbar for Internet Explorer
Hanes© T-ShirtMake© Lite
Hijackthis 1.99.1
HijackThis 1.99.1
HyperLoad
IE Help
IE Host
IEC system
ImageMixer VCD/DVD2 for OLYMPUS
InetDctr
Internet Update
iPod for Windows 2006-01-10
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 9
Java 2 Platform, Enterprise Edition 1.4 SDK Developer Release
Java 2 Runtime Environment, SE v1.4.2_05
Lara Croft Tomb Raider The Cradle of Life Screen Saver
Learn2 Player (Uninstall Only)
LightWave 7 Full Install
Logitech QuickCam
Macromedia Director MX
Macromedia Director MX 2004
Macromedia Extension Manager
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Shockwave Player
MaxSpeed
MediaGateway
MediaLoads
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Modem Helper
MSN Add-in for Windows Messenger
MSN Entertainment Download Troubleshooter
MSN Messenger 7.5
MSN Music Assistant
Network Monitor
NPO
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
NYR - Floating Sheilds Screen Saver
OIN
OIN Search
OLYMPUS Master
Optimum Online net guide
Outerinfo
Outlook Express Q837009
Paradise Poker
PartyPoker
Pool Buddy {Y} 4.1
PowerDVD
PRO200WL
Professional CD Label Kit
Puzz-3D Victorian Mansion
QuarkXPress 5.0
QuickTime
RealPlayer
RelevantKnowledge
SE Assistant
SE Help
Search Function
Shockwave
Sound Blaster Live! Value
Spybot - Search & Destroy 1.2
TargetSaver
Viewpoint Media Player
WavePad Uninstall
webHancer Customer Companion
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q321856 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Service Pack 1a
WinMX
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v3
Yahoo! Photos Easy Upload Tool 1v4
Yahoo! Toolbar

----- Thank You :)
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#4 ·
Go to control panel, add/remove programs and remove these:
888Bar
Cowabanga by OIN
IpWins
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_05
MediaGateway
MediaLoads
OIN
OIN Search
Outerinfo
RelevantKnowledge
Spybot - Search & Destroy 1.2
webHancer Customer Companion

Restart your machine and post a new hijackthis log.
 
3

· Registered
Joined
·
3 Posts
Discussion Starter · #5 ·
Logfile of HijackThis v1.99.1
Scan saved at 11:27:01 AM, on 1/17/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\TWU\command.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\SVCH0ST.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\system43.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\miku\mikum.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\miku\mikua.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eAntiSpy] C:\Program Files\eAntiSpyTrial\Alert.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SvcManager] kernelex6.exe
O4 - HKLM\..\Run: [system43.exe] C:\WINDOWS\System32\system43.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\System32\dxdlg32.exe
O4 - HKLM\..\Run: [{C4A1F374-07C9-1033-0718-020403020001}] "C:\Program Files\Common Files\{C4A1F374-07C9-1033-0718-020403020001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [miku] C:\PROGRA~1\COMMON~1\miku\mikum.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eAntiSpy Diagnostics.lnk = C:\Program Files\eAntiSpyTrial\Alert.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...=#333333&ModelNameDir=ridgeline&noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://iowacniceweb01.ic.ncs.com/icm/caller.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166371637404
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4227.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWU\command.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Indexings Services - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\systen32.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\System32\Security.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#6 ·
1 - 6 of 6 Posts
Status
Not open for further replies.
About this Discussion
5 Replies
2 Participants
Last post:
cybertech
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top