1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?

Discussion in 'Windows - Virus and spyware problems' started by CJC, Nov 21, 2004.

Thread Status:
Not open for further replies.
  1. shdwsfall

    shdwsfall Regular member

    Joined:
    Jan 3, 2004
    Messages:
    295
    Likes Received:
    0
    Trophy Points:
    26
    Hey all, I really hope someone can help me...I have been pulling my hair out with this.

    First off, I was cleaning up my files and all, deleting ones I have no use for anymore. Somewhere in there I came across counter.cab(or counter.exe...dont remember which it was1) But I deleted it. It had shown up in norton anitivirus scans, so I knew it was bad.

    Now, the file is in my recycle bin. No problem, so I empty my recycle bin. Then the file goes to C:/RECYCLER
    Now this is where I am totally lost. I have system and hidden files viewable. Inside C:/RECYCLER, there are 2 recycler folders, all named something like: S-1-5-21-1757981266-1788223648-839522115-1003

    Now, if I open these it takes me into a folder with nothing to be displayed. However, if I go back and right-click on the recycler folder..it says there is 100MB worth of files in here. This is also where norton says the infected file is.

    Norton says: The compressed file counter.exe within C:\RECYCLER\S-1-5-21-1757981266-1788223648-839522115-1003\Dc180.cab is infected with the Download.Trojan virus.


    I dont understand though, I have hidden files, and system files viewable, yet I cannont see these files for the life of me. I have tried in safe mode...still cant see them. Norton cannont delete, or quarentine this either. I figured I would run a system restore to get the file back out of the recycler...however...my system restore had been turned of, when I was 100% sure it was on >_< So, no restore dates for me.

    Ad-aware and spybot S&D do not even find this file.

    I will post my hijack-this log, as well as link to some screenshots I took for your viewing pleasure.


    Screens:

    http://img9.exs.cx/img9/4808/screen10el.jpg
    http://img9.exs.cx/img9/4236/screen29cz.jpg
    http://img9.exs.cx/img9/9796/screen30vl.jpg


    Hijack-This Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:17:41 PM, on 3/23/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Utopia\Angel\Angel.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Chris\My Documents\Install apps\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.21.81.001
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {39AF3357-E436-0BBB-830A-67550D87781F} - C:\WINDOWS\system32\pso.dll (file missing)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe" DO_NOT_START
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = ?
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB




    Please help!!!



    ***Edit***

    I have windows XP
    I have tried to set my recycle bin to hold 0% of my hard drive space...still didnt work.
     
    Last edited: Mar 23, 2005
  2. gamefrik1

    gamefrik1 Member

    Joined:
    Mar 28, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Hey everyone,

    I got these 5 programs and my computer is amazing!

    1.Avast! Antivirus, it detects virusses other A\Vs dont.

    2.Spyware doctor-the best

    3.Ad-aware(remember to update regularly)

    4.Spybot S&D

    5.CCleaner (deletes all history and stuff)
     
  3. piscis319

    piscis319 Guest

    I have been experiencing problems with the Trojan.Adwaheck virus infecting the counter.exe file within C:\counter.cab. Norton was unable to get rid of it, so I sent this file to my recycle bin. Is it safe to delete it? Do I need this counter.exe file?
     
  4. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
  5. izzysmom

    izzysmom Guest

    Thank you so much CJC for your posting about the anti adware programs. I followed your advice and my computer finally scanned clean (it had alot of that crap)and was running like lightning again - as if I reformatted. Adware away seemed the best and I think using only that might work. My Norton AV 2005 is brand new and constantly updated, and I run scans all the time, but I can't believe how much it missed. I just found this site and am learning so much - thanks!
     
  6. izzysmom

    izzysmom Guest

    I have a question. Has anyone had trouble with adware called GAIN or gator something? I ran all these scans last night and got everything cleaned out and this stuff is back again - I just cleaned it out again. I have a cable modem and generally leave my computer on but close my browser. I am also participating in the "shareware" programs Shareaza and Kazaa. I suspect that Kazaa is letting it in and I am ready to disconnect and erase the program(s), but anyone can tell I am fairly new at all this and could really use some feedback.
     
  7. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    gain/gator is in kazaa. download & run ccleaner from www.ccleaner.com to clean the crap out of windows. run adaware & your other programs in safe mode to see if find more crap. do an online virus/spyware scan with www.antivirus.com free housecall
     
  8. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    @izzysmom

    No problems, glad it can help people out. Working at an ISP, i get all cases of customers computers come in....
    Lets put it this way, i had one that found 900 Critical objects in Adaware and 100 in Spybot.
    Plus i had to manually delete ALOT of files and crap...

    I have 1 word for Kazaa.. NOOOOOOOOOOOOOOOOOOO!!!!

    Get rid of Kazaa FULL STOP. It will just keep re-infecting you over, and over, and over.

    Your best to use something like Ares (remember, to uncheck the adware when installed)
    Runs nice.

    CJC
     
  9. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    CJC, i had a customer with about 1740 spywares on her computer. has my record for most spywares on a computer
     
  10. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    Shit...

    Most people dont do anything about their computer, just keep using it and bitch when it doesnt work.

    I compare the computer to your house.

    Would you go out and leave all your windows and doors open?
    Do you leave crap lying around everywhere?
    Do you clean your house?

    Well, a computer is basically the same.
    You need to 'lock the windows and doors' and keep the 'house clean'

    But still, some people just dont give a shit at all.

    CJC
     
  11. ScubaBud

    ScubaBud Regular member

    Joined:
    Dec 29, 2004
    Messages:
    1,951
    Likes Received:
    0
    Trophy Points:
    46
    CJC

    I ran all the programs that you suggested and I got this message;

    Your PC seems to be in great shape but you do have one problem…

    [bold]PEBKAC[/bold]

    What should I do??? <G> J/K




    I just saw this thread and want to thank you for the links and also the instructions given. This should be mandatory reading for all before any posts about problems.

    ddp, for example always suggests in the threads he participates in where folks are running into problems these options to help determine if they can help with the cure.

    I personally have Ad-Aware SE Plus and use it weekly along with NAV 2005. I did down load SpyBot and Adware Away and was happy to see that I was A-OK in those departments as well, so I guess I do keep a “tidy house”, also a very good correlation to use down the road if I may.

    Once again thank you for taking the time to list all your suggestions links and procedures here on this thread!! :)


    PS... That computer ddp was refering to was actually his own, don't let him kid you on that... <G>

    Just kidding ddp :)

     
    Last edited: Apr 2, 2005
  12. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    most of the time they don't know just like we did but we caught on quick & others didn't so we fix the others!!
     
  13. haimback

    haimback Regular member

    Joined:
    Dec 20, 2004
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    26
    Hello folks,iv got AVG and NAV both installed wondering will they conflict at all?Is there any point in having both or am i just wasting space?
     
  14. izzysmom

    izzysmom Guest

    OK - I ran all the programs CJC suggested (thanks, BTW), was told get rid of Kazaa, dumped it, ran all those scans again as well as CCleaner, MS Antispy, Yahoo Antispy, Norton AV, AND Spysweep. Every scan found something, and I deleted all the threats. My computer is still acting strange - freezing up, apps not opening, paging very slowly, and showing weird little windows about programs that can't open that I've never heard of. HELP!
    P.S. I got Spysweep from download.com, but it was one of the sponsored links - can I trust it?
     
  15. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    ScubaBud, not my system as it is clean as a whistle!!
    izzysmom, download, update & run spybot s&d to see if find anything also goto www.antivirus.com freehousecall to see if have any viruses & spyware on your system
     
  16. vans12

    vans12 Regular member

    Joined:
    Jan 10, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    yea cjc is right these are the programs i use. and i do this for a living.
     
  17. fixthis

    fixthis Member

    Joined:
    Apr 4, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    CJC fixthis:

    Logfile of HijackThis v1.98.2
    Scan saved at 12:08:47 AM, on 4/5/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\WINDOWS\System32\cckavwgt\ifhx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\xxisy\qdswne.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\system32\tdxregvs.exe
    C:\WINDOWS\System32\hfisysi6.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
    C:\WINDOWS\System32\coeqtc\hglisfqt.exe
    C:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE
    C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
    C:\WINDOWS\System32\dvsdo\jccyotff.exe
    C:\WINDOWS\IEXPLOR.EXE
    C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
    C:\WINDOWS\System32\scrsvc.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\WinTask.exe
    C:\WINDOWS\System32\fnwli\edavtrw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\WINDOWS\System32\jsmvqtqw\nhgo.exe
    C:\WINDOWS\System32\lhvwjg\klwyorf.exe
    C:\WINDOWS\System32\kldmtlhg\hkhqtb.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
    C:\Program Files\ACT\SideACT.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ken\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 66.180.173.39 www.google.ae
    O1 - Hosts: 66.180.173.39 www.google.am
    O1 - Hosts: 66.180.173.39 www.google.as
    O1 - Hosts: 66.180.173.39 www.google.at
    O1 - Hosts: 66.180.173.39 www.google.az
    O1 - Hosts: 66.180.173.39 www.google.be
    O1 - Hosts: 66.180.173.39 www.google.bi
    O1 - Hosts: 66.180.173.39 www.google.ca
    O1 - Hosts: 66.180.173.39 www.google.cd
    O1 - Hosts: 66.180.173.39 www.google.cg
    O1 - Hosts: 66.180.173.39 www.google.ch
    O1 - Hosts: 66.180.173.39 www.google.ci
    O1 - Hosts: 66.180.173.39 www.google.cl
    O1 - Hosts: 66.180.173.39 www.google.co.cr
    O1 - Hosts: 66.180.173.39 www.google.co.hu
    O1 - Hosts: 66.180.173.39 www.google.co.il
    O1 - Hosts: 66.180.173.39 www.google.co.in
    O1 - Hosts: 66.180.173.39 www.google.co.je
    O1 - Hosts: 66.180.173.39 www.google.co.jp
    O1 - Hosts: 66.180.173.39 www.google.co.ke
    O1 - Hosts: 66.180.173.39 www.google.co.kr
    O1 - Hosts: 66.180.173.39 www.google.co.ls
    O1 - Hosts: 66.180.173.39 www.google.co.nz
    O1 - Hosts: 66.180.173.39 www.google.co.th
    O1 - Hosts: 66.180.173.39 www.google.co.ug
    O1 - Hosts: 66.180.173.39 www.google.co.uk
    O1 - Hosts: 66.180.173.39 www.google.co.ve
    O1 - Hosts: 66.180.173.39 www.google.com
    O1 - Hosts: 66.180.173.39 www.google.com.ag
    O1 - Hosts: 66.180.173.39 www.google.com.ar
    O1 - Hosts: 66.180.173.39 www.google.com.au
    O1 - Hosts: 66.180.173.39 www.google.com.br
    O1 - Hosts: 66.180.173.39 www.google.com.co
    O1 - Hosts: 66.180.173.39 www.google.com.cu
    O1 - Hosts: 66.180.173.39 www.google.com.do
    O1 - Hosts: 66.180.173.39 www.google.com.ec
    O1 - Hosts: 66.180.173.39 www.google.com.fj
    O1 - Hosts: 66.180.173.39 www.google.com.gi
    O1 - Hosts: 66.180.173.39 www.google.com.gr
    O1 - Hosts: 66.180.173.39 www.google.com.gt
    O1 - Hosts: 66.180.173.39 www.google.com.hk
    O1 - Hosts: 66.180.173.39 www.google.com.ly
    O1 - Hosts: 66.180.173.39 www.google.com.mt
    O1 - Hosts: 66.180.173.39 www.google.com.mx
    O1 - Hosts: 66.180.173.39 www.google.com.my
    O1 - Hosts: 66.180.173.39 www.google.com.na
    O1 - Hosts: 66.180.173.39 www.google.com.nf
    O1 - Hosts: 66.180.173.39 www.google.com.ni
    O1 - Hosts: 66.180.173.39 www.google.com.np
    O1 - Hosts: 66.180.173.39 www.google.com.pa
    O1 - Hosts: 66.180.173.39 www.google.com.pe
    O1 - Hosts: 66.180.173.39 www.google.com.ph
    O1 - Hosts: 66.180.173.39 www.google.com.pk
    O1 - Hosts: 66.180.173.39 www.google.com.pr
    O1 - Hosts: 66.180.173.39 www.google.com.py
    O1 - Hosts: 66.180.173.39 www.google.com.sa
    O1 - Hosts: 66.180.173.39 www.google.com.sg
    O1 - Hosts: 66.180.173.39 www.google.com.sv
    O1 - Hosts: 66.180.173.39 www.google.com.tr
    O1 - Hosts: 66.180.173.39 www.google.com.tw
    O1 - Hosts: 66.180.173.39 www.google.com.ua
    O1 - Hosts: 66.180.173.39 www.google.com.uy
    O1 - Hosts: 66.180.173.39 www.google.com.vc
    O1 - Hosts: 66.180.173.39 www.google.com.vn
    O1 - Hosts: 66.180.173.39 www.google.de
    O1 - Hosts: 66.180.173.39 www.google.dj
    O1 - Hosts: 66.180.173.39 www.google.dk
    O1 - Hosts: 66.180.173.39 www.google.es
    O1 - Hosts: 66.180.173.39 www.google.fi
    O1 - Hosts: 66.180.173.39 www.google.fm
    O1 - Hosts: 66.180.173.39 www.google.fr
    O1 - Hosts: 66.180.173.39 www.google.gg
    O1 - Hosts: 66.180.173.39 www.google.gl
    O1 - Hosts: 66.180.173.39 www.google.gm
    O1 - Hosts: 66.180.173.39 www.google.hn
    O1 - Hosts: 66.180.173.39 www.google.ie
    O1 - Hosts: 66.180.173.39 www.google.it
    O1 - Hosts: 66.180.173.39 www.google.kz
    O1 - Hosts: 66.180.173.39 www.google.li
    O1 - Hosts: 66.180.173.39 www.google.lt
    O1 - Hosts: 66.180.173.39 www.google.lu
    O1 - Hosts: 66.180.173.39 www.google.lv
    O1 - Hosts: 66.180.173.39 www.google.mn
    O1 - Hosts: 66.180.173.39 www.google.ms
    O1 - Hosts: 66.180.173.39 www.google.mu
    O1 - Hosts: 66.180.173.39 www.google.mw
    O1 - Hosts: 66.180.173.39 www.google.nl
    O1 - Hosts: 66.180.173.39 www.google.no
    O1 - Hosts: 66.180.173.39 www.google.off.ai
    O1 - Hosts: 66.180.173.39 www.google.pl
    O1 - Hosts: 66.180.173.39 www.google.pn
    O1 - Hosts: 66.180.173.39 www.google.pt
    O1 - Hosts: 66.180.173.39 www.google.ro
    O1 - Hosts: 66.180.173.39 www.google.ru
    O1 - Hosts: 66.180.173.39 www.google.rw
    O1 - Hosts: 66.180.173.39 www.google.se
    O1 - Hosts: 66.180.173.39 www.google.sh
    O1 - Hosts: 66.180.173.39 www.google.sk
    O1 - Hosts: 66.180.173.39 www.google.sm
    O1 - Hosts: 66.180.173.39 www.google.td
    O1 - Hosts: 66.180.173.39 www.google.tm
    O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Ken\LOCALS~1\Temp\oqvtnikgqsx.dll
    O2 - BHO: (no name) - {5B0873A3-0BD4-D23F-4418-10CE41B53E0B} - C:\WINDOWS\System32\jyqprbbb\ngvwuqyn.dll
    O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsf223.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
    O4 - HKLM\..\Run: [TvRemoteVCR] C:\WINDOWS\Tvrmvcr.exe
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Kazaa\My Shared Folder\Games.exe
    O4 - HKLM\..\Run: [docfax] C:\WINDOWS\Config\docfax.exe
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [CSV10P28] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [ZStart] C:\windows\system32\tdxregvs.exe 0
    O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\System32\hfisysi6.exe
    O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteswy32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
    O4 - HKLM\..\Run: [hglisfqt] C:\WINDOWS\System32\coeqtc\hglisfqt.exe
    O4 - HKLM\..\Run: [ifhx] C:\WINDOWS\System32\cckavwgt\ifhx.exe
    O4 - HKLM\..\Run: [qdswne] C:\WINDOWS\System32\xxisy\qdswne.exe
    O4 - HKLM\..\Run: [jccyotff] C:\WINDOWS\System32\dvsdo\jccyotff.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
    O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
    O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
    O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe
    O4 - HKLM\..\Run: [edavtrw] C:\WINDOWS\System32\fnwli\edavtrw.exe
    O4 - HKLM\..\Run: [danagpdq] C:\WINDOWS\System32\muyto\danagpdq.exe
    O4 - HKLM\..\Run: [ubsv] C:\WINDOWS\System32\mjhxaagm\ubsv.exe
    O4 - HKLM\..\Run: [cqrtw] C:\WINDOWS\System32\yfwqwpj\cqrtw.exe
    O4 - HKLM\..\Run: [klwyorf] C:\WINDOWS\System32\lhvwjg\klwyorf.exe
    O4 - HKLM\..\Run: [hkhqtb] C:\WINDOWS\System32\kldmtlhg\hkhqtb.exe
    O4 - HKLM\..\Run: [nhgo] C:\WINDOWS\System32\jsmvqtqw\nhgo.exe
    O4 - HKLM\..\Run: [dskcrivs] c:\windows\system32\dskcrivs.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112658554436
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
     
  18. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    @fixthis

    Maybe some manners mine help, eg Can you help, not CJC Fix this......

    As for your computer, you are BADLY infected with CRAP!

    This is one of the MOST infected computers i have ever seen.

    Put a tick in and remove the following (which is basically everything)

    Post a update log when ticked, removed and restarted.

    C:\WINDOWS\System32\cckavwgt\ifhx.exe
    C:\WINDOWS\System32\xxisy\qdswne.exe
    C:\windows\system32\tdxregvs.exe
    C:\WINDOWS\System32\hfisysi6.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
    C:\WINDOWS\System32\coeqtc\hglisfqt.exe
    C:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE
    C:\WINDOWS\System32\dvsdo\jccyotff.exe
    C:\WINDOWS\IEXPLOR.EXE
    C:\WINDOWS\System32\scrsvc.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\WINDOWS\WinTask.exe
    C:\WINDOWS\System32\fnwli\edavtrw.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\WINDOWS\System32\jsmvqtqw\nhgo.exe
    C:\WINDOWS\System32\lhvwjg\klwyorf.exe
    C:\WINDOWS\System32\kldmtlhg\hkhqtb.exe
    C:\Program Files\ACT\SideACT.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 66.180.173.39 www.google.ae
    O1 - Hosts: 66.180.173.39 www.google.am
    O1 - Hosts: 66.180.173.39 www.google.as
    O1 - Hosts: 66.180.173.39 www.google.at
    O1 - Hosts: 66.180.173.39 www.google.az
    O1 - Hosts: 66.180.173.39 www.google.be
    O1 - Hosts: 66.180.173.39 www.google.bi
    O1 - Hosts: 66.180.173.39 www.google.ca
    O1 - Hosts: 66.180.173.39 www.google.cd
    O1 - Hosts: 66.180.173.39 www.google.cg
    O1 - Hosts: 66.180.173.39 www.google.ch
    O1 - Hosts: 66.180.173.39 www.google.ci
    O1 - Hosts: 66.180.173.39 www.google.cl
    O1 - Hosts: 66.180.173.39 www.google.co.cr
    O1 - Hosts: 66.180.173.39 www.google.co.hu
    O1 - Hosts: 66.180.173.39 www.google.co.il
    O1 - Hosts: 66.180.173.39 www.google.co.in
    O1 - Hosts: 66.180.173.39 www.google.co.je
    O1 - Hosts: 66.180.173.39 www.google.co.jp
    O1 - Hosts: 66.180.173.39 www.google.co.ke
    O1 - Hosts: 66.180.173.39 www.google.co.kr
    O1 - Hosts: 66.180.173.39 www.google.co.ls
    O1 - Hosts: 66.180.173.39 www.google.co.nz
    O1 - Hosts: 66.180.173.39 www.google.co.th
    O1 - Hosts: 66.180.173.39 www.google.co.ug
    O1 - Hosts: 66.180.173.39 www.google.co.uk
    O1 - Hosts: 66.180.173.39 www.google.co.ve
    O1 - Hosts: 66.180.173.39 www.google.com
    O1 - Hosts: 66.180.173.39 www.google.com.ag
    O1 - Hosts: 66.180.173.39 www.google.com.ar
    O1 - Hosts: 66.180.173.39 www.google.com.au
    O1 - Hosts: 66.180.173.39 www.google.com.br
    O1 - Hosts: 66.180.173.39 www.google.com.co
    O1 - Hosts: 66.180.173.39 www.google.com.cu
    O1 - Hosts: 66.180.173.39 www.google.com.do
    O1 - Hosts: 66.180.173.39 www.google.com.ec
    O1 - Hosts: 66.180.173.39 www.google.com.fj
    O1 - Hosts: 66.180.173.39 www.google.com.gi
    O1 - Hosts: 66.180.173.39 www.google.com.gr
    O1 - Hosts: 66.180.173.39 www.google.com.gt
    O1 - Hosts: 66.180.173.39 www.google.com.hk
    O1 - Hosts: 66.180.173.39 www.google.com.ly
    O1 - Hosts: 66.180.173.39 www.google.com.mt
    O1 - Hosts: 66.180.173.39 www.google.com.mx
    O1 - Hosts: 66.180.173.39 www.google.com.my
    O1 - Hosts: 66.180.173.39 www.google.com.na
    O1 - Hosts: 66.180.173.39 www.google.com.nf
    O1 - Hosts: 66.180.173.39 www.google.com.ni
    O1 - Hosts: 66.180.173.39 www.google.com.np
    O1 - Hosts: 66.180.173.39 www.google.com.pa
    O1 - Hosts: 66.180.173.39 www.google.com.pe
    O1 - Hosts: 66.180.173.39 www.google.com.ph
    O1 - Hosts: 66.180.173.39 www.google.com.pk
    O1 - Hosts: 66.180.173.39 www.google.com.pr
    O1 - Hosts: 66.180.173.39 www.google.com.py
    O1 - Hosts: 66.180.173.39 www.google.com.sa
    O1 - Hosts: 66.180.173.39 www.google.com.sg
    O1 - Hosts: 66.180.173.39 www.google.com.sv
    O1 - Hosts: 66.180.173.39 www.google.com.tr
    O1 - Hosts: 66.180.173.39 www.google.com.tw
    O1 - Hosts: 66.180.173.39 www.google.com.ua
    O1 - Hosts: 66.180.173.39 www.google.com.uy
    O1 - Hosts: 66.180.173.39 www.google.com.vc
    O1 - Hosts: 66.180.173.39 www.google.com.vn
    O1 - Hosts: 66.180.173.39 www.google.de
    O1 - Hosts: 66.180.173.39 www.google.dj
    O1 - Hosts: 66.180.173.39 www.google.dk
    O1 - Hosts: 66.180.173.39 www.google.es
    O1 - Hosts: 66.180.173.39 www.google.fi
    O1 - Hosts: 66.180.173.39 www.google.fm
    O1 - Hosts: 66.180.173.39 www.google.fr
    O1 - Hosts: 66.180.173.39 www.google.gg
    O1 - Hosts: 66.180.173.39 www.google.gl
    O1 - Hosts: 66.180.173.39 www.google.gm
    O1 - Hosts: 66.180.173.39 www.google.hn
    O1 - Hosts: 66.180.173.39 www.google.ie
    O1 - Hosts: 66.180.173.39 www.google.it
    O1 - Hosts: 66.180.173.39 www.google.kz
    O1 - Hosts: 66.180.173.39 www.google.li
    O1 - Hosts: 66.180.173.39 www.google.lt
    O1 - Hosts: 66.180.173.39 www.google.lu
    O1 - Hosts: 66.180.173.39 www.google.lv
    O1 - Hosts: 66.180.173.39 www.google.mn
    O1 - Hosts: 66.180.173.39 www.google.ms
    O1 - Hosts: 66.180.173.39 www.google.mu
    O1 - Hosts: 66.180.173.39 www.google.mw
    O1 - Hosts: 66.180.173.39 www.google.nl
    O1 - Hosts: 66.180.173.39 www.google.no
    O1 - Hosts: 66.180.173.39 www.google.off.ai
    O1 - Hosts: 66.180.173.39 www.google.pl
    O1 - Hosts: 66.180.173.39 www.google.pn
    O1 - Hosts: 66.180.173.39 www.google.pt
    O1 - Hosts: 66.180.173.39 www.google.ro
    O1 - Hosts: 66.180.173.39 www.google.ru
    O1 - Hosts: 66.180.173.39 www.google.rw
    O1 - Hosts: 66.180.173.39 www.google.se
    O1 - Hosts: 66.180.173.39 www.google.sh
    O1 - Hosts: 66.180.173.39 www.google.sk
    O1 - Hosts: 66.180.173.39 www.google.sm
    O1 - Hosts: 66.180.173.39 www.google.td
    O1 - Hosts: 66.180.173.39 www.google.tm
    O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Ken\LOCALS~1\Temp\oqvtnikgqsx.dll
    O2 - BHO: (no name) - {5B0873A3-0BD4-D23F-4418-10CE41B53E0B} - C:\WINDOWS\System32\jyqprbbb\ngvwuqyn.dll
    O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsf223.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [TvRemoteVCR] C:\WINDOWS\Tvrmvcr.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Kazaa\My Shared Folder\Games.exe
    O4 - HKLM\..\Run: [docfax] C:\WINDOWS\Config\docfax.exe
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [CSV10P28] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [ZStart] C:\windows\system32\tdxregvs.exe 0
    O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\System32\hfisysi6.exe
    O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteswy32.exe
    O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
    O4 - HKLM\..\Run: [hglisfqt] C:\WINDOWS\System32\coeqtc\hglisfqt.exe
    O4 - HKLM\..\Run: [ifhx] C:\WINDOWS\System32\cckavwgt\ifhx.exe
    O4 - HKLM\..\Run: [qdswne] C:\WINDOWS\System32\xxisy\qdswne.exe
    O4 - HKLM\..\Run: [jccyotff] C:\WINDOWS\System32\dvsdo\jccyotff.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
    O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
    O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
    O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe
    O4 - HKLM\..\Run: [edavtrw] C:\WINDOWS\System32\fnwli\edavtrw.exe
    O4 - HKLM\..\Run: [danagpdq] C:\WINDOWS\System32\muyto\danagpdq.exe
    O4 - HKLM\..\Run: [ubsv] C:\WINDOWS\System32\mjhxaagm\ubsv.exe
    O4 - HKLM\..\Run: [cqrtw] C:\WINDOWS\System32\yfwqwpj\cqrtw.exe
    O4 - HKLM\..\Run: [klwyorf] C:\WINDOWS\System32\lhvwjg\klwyorf.exe
    O4 - HKLM\..\Run: [hkhqtb] C:\WINDOWS\System32\kldmtlhg\hkhqtb.exe
    O4 - HKLM\..\Run: [nhgo] C:\WINDOWS\System32\jsmvqtqw\nhgo.exe
    O4 - HKLM\..\Run: [dskcrivs] c:\windows\system32\dskcrivs.exe
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112658554436
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
     
  19. camstuf

    camstuf Guest

    I have Norton 2005,Yahoo pop-up blocker, & anti-spy... and I still get pop-ups, what next?
     
    Last edited by a moderator: Apr 5, 2005
  20. fixthis

    fixthis Member

    Joined:
    Apr 4, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    CJC please pardon my bad manners...actually, I was attempting a little humor by using my handle (fixthis) as the message - to highlight how bad this particular pc is -- like, "see if you can fix this disaster!"

    In deed, I am very grateful for any help you can afford me, and post the following with appreciation.

    I followed your last instructions by ticking all and hitting "fix checked" on the Hijackthis software. There is no "remove" button, that I can see. In any event, I also started up in safe mode and removed all other files you indicated. I rescaned and all the google hosts were still appearing and some of the other items....so I ticked and "fix checked" again.
    After rebooting several times along the way and before this last scan...here are the results:

    Logfile of HijackThis v1.98.2
    Scan saved at 9:10:49 AM, on 4/5/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
    C:\WINDOWS\System32\bootpd.exe
    C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Documents and Settings\Ken\Desktop\hijackthis\HijackThis.exe

    O1 - Hosts: 66.180.173.39 www.google.ae
    O1 - Hosts: 66.180.173.39 www.google.am
    O1 - Hosts: 66.180.173.39 www.google.as
    O1 - Hosts: 66.180.173.39 www.google.at
    O1 - Hosts: 66.180.173.39 www.google.az
    O1 - Hosts: 66.180.173.39 www.google.be
    O1 - Hosts: 66.180.173.39 www.google.bi
    O1 - Hosts: 66.180.173.39 www.google.ca
    O1 - Hosts: 66.180.173.39 www.google.cd
    O1 - Hosts: 66.180.173.39 www.google.cg
    O1 - Hosts: 66.180.173.39 www.google.ch
    O1 - Hosts: 66.180.173.39 www.google.ci
    O1 - Hosts: 66.180.173.39 www.google.cl
    O1 - Hosts: 66.180.173.39 www.google.co.cr
    O1 - Hosts: 66.180.173.39 www.google.co.hu
    O1 - Hosts: 66.180.173.39 www.google.co.il
    O1 - Hosts: 66.180.173.39 www.google.co.in
    O1 - Hosts: 66.180.173.39 www.google.co.je
    O1 - Hosts: 66.180.173.39 www.google.co.jp
    O1 - Hosts: 66.180.173.39 www.google.co.ke
    O1 - Hosts: 66.180.173.39 www.google.co.kr
    O1 - Hosts: 66.180.173.39 www.google.co.ls
    O1 - Hosts: 66.180.173.39 www.google.co.nz
    O1 - Hosts: 66.180.173.39 www.google.co.th
    O1 - Hosts: 66.180.173.39 www.google.co.ug
    O1 - Hosts: 66.180.173.39 www.google.co.uk
    O1 - Hosts: 66.180.173.39 www.google.co.ve
    O1 - Hosts: 66.180.173.39 www.google.com
    O1 - Hosts: 66.180.173.39 www.google.com.ag
    O1 - Hosts: 66.180.173.39 www.google.com.ar
    O1 - Hosts: 66.180.173.39 www.google.com.au
    O1 - Hosts: 66.180.173.39 www.google.com.br
    O1 - Hosts: 66.180.173.39 www.google.com.co
    O1 - Hosts: 66.180.173.39 www.google.com.cu
    O1 - Hosts: 66.180.173.39 www.google.com.do
    O1 - Hosts: 66.180.173.39 www.google.com.ec
    O1 - Hosts: 66.180.173.39 www.google.com.fj
    O1 - Hosts: 66.180.173.39 www.google.com.gi
    O1 - Hosts: 66.180.173.39 www.google.com.gr
    O1 - Hosts: 66.180.173.39 www.google.com.gt
    O1 - Hosts: 66.180.173.39 www.google.com.hk
    O1 - Hosts: 66.180.173.39 www.google.com.ly
    O1 - Hosts: 66.180.173.39 www.google.com.mt
    O1 - Hosts: 66.180.173.39 www.google.com.mx
    O1 - Hosts: 66.180.173.39 www.google.com.my
    O1 - Hosts: 66.180.173.39 www.google.com.na
    O1 - Hosts: 66.180.173.39 www.google.com.nf
    O1 - Hosts: 66.180.173.39 www.google.com.ni
    O1 - Hosts: 66.180.173.39 www.google.com.np
    O1 - Hosts: 66.180.173.39 www.google.com.pa
    O1 - Hosts: 66.180.173.39 www.google.com.pe
    O1 - Hosts: 66.180.173.39 www.google.com.ph
    O1 - Hosts: 66.180.173.39 www.google.com.pk
    O1 - Hosts: 66.180.173.39 www.google.com.pr
    O1 - Hosts: 66.180.173.39 www.google.com.py
    O1 - Hosts: 66.180.173.39 www.google.com.sa
    O1 - Hosts: 66.180.173.39 www.google.com.sg
    O1 - Hosts: 66.180.173.39 www.google.com.sv
    O1 - Hosts: 66.180.173.39 www.google.com.tr
    O1 - Hosts: 66.180.173.39 www.google.com.tw
    O1 - Hosts: 66.180.173.39 www.google.com.ua
    O1 - Hosts: 66.180.173.39 www.google.com.uy
    O1 - Hosts: 66.180.173.39 www.google.com.vc
    O1 - Hosts: 66.180.173.39 www.google.com.vn
    O1 - Hosts: 66.180.173.39 www.google.de
    O1 - Hosts: 66.180.173.39 www.google.dj
    O1 - Hosts: 66.180.173.39 www.google.dk
    O1 - Hosts: 66.180.173.39 www.google.es
    O1 - Hosts: 66.180.173.39 www.google.fi
    O1 - Hosts: 66.180.173.39 www.google.fm
    O1 - Hosts: 66.180.173.39 www.google.fr
    O1 - Hosts: 66.180.173.39 www.google.gg
    O1 - Hosts: 66.180.173.39 www.google.gl
    O1 - Hosts: 66.180.173.39 www.google.gm
    O1 - Hosts: 66.180.173.39 www.google.hn
    O1 - Hosts: 66.180.173.39 www.google.ie
    O1 - Hosts: 66.180.173.39 www.google.it
    O1 - Hosts: 66.180.173.39 www.google.kz
    O1 - Hosts: 66.180.173.39 www.google.li
    O1 - Hosts: 66.180.173.39 www.google.lt
    O1 - Hosts: 66.180.173.39 www.google.lu
    O1 - Hosts: 66.180.173.39 www.google.lv
    O1 - Hosts: 66.180.173.39 www.google.mn
    O1 - Hosts: 66.180.173.39 www.google.ms
    O1 - Hosts: 66.180.173.39 www.google.mu
    O1 - Hosts: 66.180.173.39 www.google.mw
    O1 - Hosts: 66.180.173.39 www.google.nl
    O1 - Hosts: 66.180.173.39 www.google.no
    O1 - Hosts: 66.180.173.39 www.google.off.ai
    O1 - Hosts: 66.180.173.39 www.google.pl
    O1 - Hosts: 66.180.173.39 www.google.pn
    O1 - Hosts: 66.180.173.39 www.google.pt
    O1 - Hosts: 66.180.173.39 www.google.ro
    O1 - Hosts: 66.180.173.39 www.google.ru
    O1 - Hosts: 66.180.173.39 www.google.rw
    O1 - Hosts: 66.180.173.39 www.google.se
    O1 - Hosts: 66.180.173.39 www.google.sh
    O1 - Hosts: 66.180.173.39 www.google.sk
    O1 - Hosts: 66.180.173.39 www.google.sm
    O1 - Hosts: 66.180.173.39 www.google.td
    O1 - Hosts: 66.180.173.39 www.google.tm
    O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Ken\LOCALS~1\Temp\bqsmlgtkniu.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteswy32.exe
    O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

    THANK YOU!
     
Thread Status:
Not open for further replies.

Share This Page