Tech Support Guy banner
Cancel

Z1 Adserver and HJT log

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 4 of 4 Posts
M

· Registered
Joined
·
219 Posts
Discussion Starter · #1 ·
Hi,

I'm getting killed with non-stop popups even after several Adaware and Spybot and x-cleaner runs.

I'm getting Napster, Match, Golden Casino, Career Builder, MusicMatch and more. Here's my HJT log -- and help would be truly appreciated!!
Logfile of HijackThis v1.98.2
Scan saved at 3:56:04 PM, on 1/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\PRIMEDIA VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Asset Services Management\ASMAgent.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\garpwvs.exe
C:\WINNT\system32\atl94024.exe
C:\WINNT\Xhrmy.exe
C:\documents and settings\dfay\local settings\temp\R2OPE.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
C:\WINNT\system32\ZukOJ3.exe
C:\WINNT\system32\Bwd0n.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\PRIMED~1\IPSECD~1.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack This\HiJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pffc-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inet.primediabusiness.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primedia Business
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\program files\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\program files\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\dfay\Local Settings\Temp\pKh8G1m.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\program files\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Is3DW3D.exe] C:\documents and settings\dfay\local settings\temp\Is3DW3D.exe
O4 - HKLM\..\Run: [eCnFybF] C:\WINNT\garpwvs.exe
O4 - HKLM\..\Run: [n.exe] C:\documents and settings\dfay\local settings\temp\n.exe
O4 - HKLM\..\Run: [c48c16a26e84] C:\WINNT\system32\atl94024.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINNT\Xhrmy.exe
O4 - HKLM\..\Run: [R2OPE.exe] C:\documents and settings\dfay\local settings\temp\R2OPE.exe
O4 - HKLM\..\Run: [[email protected]#L2] C:\WINNT\system32\PikqWgd1.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Etbo] C:\Documents and Settings\dfay\Application Data\nish.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Start Pluck.lnk = C:\Program Files\Pluck Corporation\Pluck\PluckTray.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O14 - IERESET.INF: START_PAGE_URL=http://inet.primediabusiness.com
O15 - Trusted Zone: *.intertec.com
O15 - Trusted Zone: *.primediabusiness.com
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://ftp.gurunet.com/pub/AnswersSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF62DB34-DFDD-41D1-A6EB-209F1EB0BF76}: NameServer = 192.168.2.15,192.168.88.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = intertec.com,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = intertec.com,
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

:eek:
 
K

· Registered
Joined
·
12,302 Posts
#2 ·
hi, welcome to TSG. make sure spybot and adaware are up to date.

First, we need to get rid of the Peper.A infection.

Download and run this tool (you must remain online while running it):

http://zerosrealm.com/downloads/uninst.exe

There'll be no window nor any dialogue ... it will just run and quit. You must restart your computer afterwards.

go to this site and download these tools and once you get both
adaware and spybot, update both of them.Set adaware to deep scan and
Delete everything adaware finds and delete what spybot finds marked in red.
With cwshredder close all browsers and programmes and select the fix button.

. cwshredder

http://www.majorgeeks.com/downloads31.html

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://support.f-secure.com/enu/home/ols.shtml

make sure autoclean is enabled on the scans

post another log after cleaning up
 
M

· Registered
Joined
·
219 Posts
Discussion Starter · #3 ·
Logfile of HijackThis v1.98.2
Scan saved at 11:47:45 AM, on 1/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\PRIMEDIA VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Asset Services Management\ASMAgent.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\atl94024.exe
C:\documents and settings\dfay\local settings\temp\R2OPE.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Adobe\Acrobat\Acrobat.exe
C:\Program Files\PRIMED~1\IPSECD~1.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\ACT\act.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dfay\Desktop\Security\HiJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pffc-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inet.primediabusiness.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primedia Business
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\program files\adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\program files\adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\dfay\Local Settings\Temp\iZAdXyJA.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\program files\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Is3DW3D.exe] C:\documents and settings\dfay\local settings\temp\Is3DW3D.exe
O4 - HKLM\..\Run: [n.exe] C:\documents and settings\dfay\local settings\temp\n.exe
O4 - HKLM\..\Run: [c48c16a26e84] C:\WINNT\system32\atl94024.exe
O4 - HKLM\..\Run: [R2OPE.exe] C:\documents and settings\dfay\local settings\temp\R2OPE.exe
O4 - HKLM\..\Run: [[email protected]#L2] C:\WINNT\system32\PikqWgd1.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Etbo] C:\Documents and Settings\dfay\Application Data\nish.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Start Pluck.lnk = C:\Program Files\Pluck Corporation\Pluck\PluckTray.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O14 - IERESET.INF: START_PAGE_URL=http://inet.primediabusiness.com
O15 - Trusted Zone: *.intertec.com
O15 - Trusted Zone: *.primediabusiness.com
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://ftp.gurunet.com/pub/AnswersSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF62DB34-DFDD-41D1-A6EB-209F1EB0BF76}: NameServer = 192.168.2.15,192.168.88.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = intertec.com,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intertec.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = intertec.com,
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
 
K

· Registered
Joined
·
12,302 Posts
#4 ·
have hijack this fix these entries.

O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\dfay\Local Settings\Temp\iZAdXyJA.dll
O4 - HKLM\..\Run: [Is3DW3D.exe] C:\documents and settings\dfay\local settings\temp\Is3DW3D.exe
O4 - HKLM\..\Run: [n.exe] C:\documents and settings\dfay\local settings\temp\n.exe
O4 - HKLM\..\Run: [c48c16a26e84] C:\WINNT\system32\atl94024.exe
O4 - HKLM\..\Run: [R2OPE.exe] C:\documents and settings\dfay\local settings\temp\R2OPE.exe
O4 - HKLM\..\Run: [[email protected]#L2] C:\WINNT\system32\PikqWgd1.exe
O4 - HKCU\..\Run: [Etbo] C:\Documents and Settings\dfay\Application Data\nish.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe (file missing)
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll (file missing)

boot to safe mode and find and dlete these files

C:\Program Files\eSyndicate\esyn.dll
C:\Documents and Settings\dfay\Local Settings\Temp\iZAdXyJA.dll
C:\documents and settings\dfay\local settings\temp\Is3DW3D.exe
C:\documents and settings\dfay\local settings\temp\n.exe
C:\WINNT\system32\atl94024.exe
C:\documents and settings\dfay\local settings\temp\R2OPE.exe
C:\WINNT\system32\PikqWgd1.exe
C:\Documents and Settings\dfay\Application Data\nish.exe

post another log
 
1 - 4 of 4 Posts
Status
Not open for further replies.
About this Discussion
3 Replies
2 Participants
Last post:
khazars
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top