 |  |  |  |  |  |  |  |
Please help my friends computer
 |
k guys im sorry for the persistant buggin but im at my friends house on his dads laptop and there is soo much spyware
there is this background that u cant change and i once removed it on my other friends computer by dragging the window then exiting it
here is his log
Logfile of HijackThis v1.98.2
Scan saved at 9:20:33 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\qwiskh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JR\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sfxwmpokgmvqciyi.com/oeo8...uK7bdNanU.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
thanks for whatever you can do and btw i removed the obvious stuff (im learning from u guys!!!!!)
there is this background that u cant change and i once removed it on my other friends computer by dragging the window then exiting it
here is his log
Logfile of HijackThis v1.98.2
Scan saved at 9:20:33 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\qwiskh.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JR\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sfxwmpokgmvqciyi.com/oeo8...uK7bdNanU.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
thanks for whatever you can do and btw i removed the obvious stuff (im learning from u guys!!!!!)
First off if you can dowload the newst version of hijack this here also while scanning close all running programs.
PETA People for the Eating of Tasty Animals.
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
k here is my log with the newest version
Logfile of HijackThis v1.99.1
Scan saved at 10:03:07 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\JR\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvtnhtwfimxfwnc.us/oeo8Bv...ruK7bdNanU.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 10:03:07 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\JR\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvtnhtwfimxfwnc.us/oeo8Bv...ruK7bdNanU.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
•
•
Join Date: Feb 2004
Posts: 10,117
Reputation: 
Solved Threads: 770
First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvtnhtwfimxfwnc.us/oeo8B...ZruK7bdNanU.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Now delete the following;
C:\DOCUME~1\JR\APPLIC~1\LISTAN~1<----folder
C:\DOCUME~1\JR\LOCALS~1\Temp<----folder contents
C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne<----folder
C:\Documents and Settings\All Users\Application Data\Name Enc About Upload<----folder
C:\Program Files\ISTsvc<----folder
C:\DOCUME~1\JR\APPLIC~1\EXITTY~1<----folder
C:\WINDOWS\system32\zogziq.exe<----file
C:\WINDOWS\qwiskh.exe<----file
C:\WINDOWS\farmmext.exe<----file
C:\WINDOWS\System32\spoolsrv32.exe<----file
C:\WINDOWS\system32\winproc32.exe<----file
In order to view these files you will have to select 'show hidden files/folders.' Instructions on how to here.
Go here to TrendMicro for an on-line scan & set it to autoclean for you. When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Try this scan at Panda as well.
The scan here does not require an active X install.
http://fr.trendmicro-europe.com/cons...all_launch.php
Reboot when done and post another log please.
http://members.rogers.com/rjmac/new_uninstall.exe
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvtnhtwfimxfwnc.us/oeo8B...ZruK7bdNanU.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://82.179.166.163/index.php?v=6&aff=3711654
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {85E9FDA8-888D-4A83-2768-EE7A17344F7C} - C:\DOCUME~1\JR\APPLIC~1\LISTAN~1\extragram.exe
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\JR\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [greatonefivebrowse] C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne\Proxy Knob.exe
O4 - HKLM\..\Run: [ssdlsspu] C:\WINDOWS\system32\zogziq.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uqka] C:\WINDOWS\qwiskh.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AboutUploadEqScr] C:\Documents and Settings\All Users\Application Data\Name Enc About Upload\Baitfind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [camp 01] C:\DOCUME~1\JR\APPLIC~1\EXITTY~1\Wipe Support Dead.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Now delete the following;
C:\DOCUME~1\JR\APPLIC~1\LISTAN~1<----folder
C:\DOCUME~1\JR\LOCALS~1\Temp<----folder contents
C:\Documents and Settings\All Users\Application Data\ElseDartGreatOne<----folder
C:\Documents and Settings\All Users\Application Data\Name Enc About Upload<----folder
C:\Program Files\ISTsvc<----folder
C:\DOCUME~1\JR\APPLIC~1\EXITTY~1<----folder
C:\WINDOWS\system32\zogziq.exe<----file
C:\WINDOWS\qwiskh.exe<----file
C:\WINDOWS\farmmext.exe<----file
C:\WINDOWS\System32\spoolsrv32.exe<----file
C:\WINDOWS\system32\winproc32.exe<----file
In order to view these files you will have to select 'show hidden files/folders.' Instructions on how to here.
Go here to TrendMicro for an on-line scan & set it to autoclean for you. When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Try this scan at Panda as well.
The scan here does not require an active X install.
http://fr.trendmicro-europe.com/cons...all_launch.php
Reboot when done and post another log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
i couldnt delete C:\WINDOWS\System32\spoolsrv32.exe, im thinking its because its running for some reason
both scans, trendmicro and panda are messing up, but i will persist trying them
both scans, trendmicro and panda are messing up, but i will persist trying them
•
•
Join Date: Feb 2004
Posts: 10,117
Reputation:
Solved Threads: 770
Please try deleting that file in safe mode and let me know if you were successful.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Computer Won't Start! (Troubleshooting Dead Machines)
- Computer freezes after startup (Windows NT / 2000 / XP)
- Norton crashed my computer??!! (Viruses, Spyware and other Nasties)
- My computer is REALLY slow. (Viruses, Spyware and other Nasties)
- Trying to find a way to boost my friends wireless connection (Networking Hardware Configuration)
- Open ports on XP Home computer (Viruses, Spyware and other Nasties)
- computer on, but not doing POST (Troubleshooting Dead Machines)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HJT Log //Read the Read Me's
- Next Thread: My PC is on it's last legs being eaten away by spyware !
Views: 2588 | Replies: 5
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware antivirus apple audio avg botnet botnets censorship combofix commercial commercials conficker crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit explorer facebook firefox gaming gtaiv gumblar halloween herss.exe hosting ie8 internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news norton obama onlinethreats paedophile panel patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
