•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 456,561 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,494 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 4031 | Replies: 3
 |
| |
•
•
Join Date: May 2004
Posts: 10
Reputation: 
Rep Power: 5
Solved Threads: 0
Newbie Poster
I am running Win98Se. I have ran Adaware & Spybot search & destroy. Adaware didn't find the Vbouncer but Spybot did. Spybot could not remove...restarted and ran Spybot on start up - it still can't remove Vbouncer (7 entries). HIjackthis log to follow. Any help would be greatly appreciated!!
Regards,
Georgia
Logfile of HijackThis v1.97.7
Scan saved at 12:33:25 AM, on 8/15/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\SONY\IMAGESTATION\USB DIRECT CONNECT\SONYC2W.EXE
C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\DESKTOP\YPTF$075.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & DestroyNEW\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [1Win32Cfg] C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.EXE
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SonyC2W] C:\Program Files\Sony\ImageStation\USB Direct Connect\SonyC2W.exe
O4 - HKLM\..\Run: [System32] C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\MWCPYRT.EXE
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/c...b?ver=1,1,0,30
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/c...b?ver=2,0,0,50
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
Regards,
Georgia
Logfile of HijackThis v1.97.7
Scan saved at 12:33:25 AM, on 8/15/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\SONY\IMAGESTATION\USB DIRECT CONNECT\SONYC2W.EXE
C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\DESKTOP\YPTF$075.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & DestroyNEW\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [1Win32Cfg] C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.EXE
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SonyC2W] C:\Program Files\Sony\ImageStation\USB Direct Connect\SonyC2W.exe
O4 - HKLM\..\Run: [System32] C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\MWCPYRT.EXE
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/c...b?ver=1,1,0,30
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/c...b?ver=2,0,0,50
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 456
Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
Delete this file yptf$075.exe from your startup folder & from the desktop.
Run a search for virtualbouncer & manually delete all references to it. You may have to be in safe mode.
Upgrade IE to version 6 for better security.
Post another log from the newer version of hijackthis.
Check in add/remove programs for virtualbouncer.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
Delete this file yptf$075.exe from your startup folder & from the desktop.
Run a search for virtualbouncer & manually delete all references to it. You may have to be in safe mode.
Upgrade IE to version 6 for better security.
Post another log from the newer version of hijackthis.
Check in add/remove programs for virtualbouncer.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: May 2004
Posts: 10
Reputation:
Rep Power: 5
Solved Threads: 0
Newbie Poster
i downloaded new hijackthis and also the update for Internet Explorer. After the Internet Explorer update I was unable to perform any functions on my computer...I unistalled and was finally able to get some programs working...I was able to delete the files associated w/ Vbouncer (7 of them) but now having bigtime computer problems. Won't let me start in safe mode - won't let me run Adaware or Spybot - it starts then locks up. Computer shutting down on it's own then tries to run scandisk on startup w/ surface analysis - which also gets hung up....I am at wit's end!
When I try to run scandisk after Windows has started it states there is something writing to drive C and it can't complete the scanning process.
This is my most recent hijackthis log - if anyone can help I would appreciate it!!!!
Regards,
Georgia
Logfile of HijackThis v1.98.2
Scan saved at 3:06:18 PM, on 8/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\SONY\IMAGESTATION\USB DIRECT CONNECT\SONYC2W.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SonyC2W] C:\Program Files\Sony\ImageStation\USB Direct Connect\SonyC2W.exe
O4 - HKLM\..\Run: [ScanSys32] C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\MWCPYRT.EXE
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/c...b?ver=1,1,0,30
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/c...b?ver=2,0,0,50
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
When I try to run scandisk after Windows has started it states there is something writing to drive C and it can't complete the scanning process.
This is my most recent hijackthis log - if anyone can help I would appreciate it!!!!
Regards,
Georgia
Logfile of HijackThis v1.98.2
Scan saved at 3:06:18 PM, on 8/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\SONY\IMAGESTATION\USB DIRECT CONNECT\SONYC2W.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SonyC2W] C:\Program Files\Sony\ImageStation\USB Direct Connect\SonyC2W.exe
O4 - HKLM\..\Run: [ScanSys32] C:\PROGRAM FILES\EXPLOREANYWHERE\HYPERTIME2\SB32MON.EXE
O4 - Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\MWCPYRT.EXE
O4 - Startup: windows clock patch.lnk = C:\WINDOWS\Desktop\yptf$075.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/c...b?ver=1,1,0,30
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/c...b?ver=2,0,0,50
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 456
You have hijackthis running from a temp folder. Please do the following before we continue;
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
You have a keylogger called *spybuddy* on your comp that needs to be removed.
You need an antivirus & firewall.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
You have a keylogger called *spybuddy* on your comp that needs to be removed.
You need an antivirus & firewall.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Hybrid Mode
- My HiJackThis Log File (Viruses, Spyware and other Nasties)
- hijackThis log file (Viruses, Spyware and other Nasties)
- Could u please have a look on my HijackThis Log file? (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: IE6 won't open links: Hijack This Log
- Next Thread: Rundll stuff, bridge.dll, p2esocks_1012.dll, and other know spyware on startup
