More from hijackthis...

rymark · 10-08-2004, 06:13 AM

Please help me with this hijackthislog.

First, here's the problems I experience in XP. I'm running Norman virus control wirh firewall and ad-aware se together with sysweeper.

Everytime I open IE I get this annoying toolbar-like thing at the bottom of my screen.

How can I get rid of it??

Also if i go to control panel/add remove programs then the first "program" is ?=/"//("?#"=/)"!#¤ (or at leats a lot of weird signs, like chinese or so).

And final in my internet settings in IE under "Advanced" there are more "chinese signs" at the top of the list - under !IE Search.

Can anyone help me?!?

rymark · 10-08-2004, 06:14 AM

And the log...

Logfile of HijackThis v1.97.7
Scan saved at 12:02:14, on 08-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmer\Logitech\MouseWare\System\Em_exec.ex e
C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Downloaded\Programmer\System\Spyware\HijackThis .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/...Wyq6KA29Lg.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {0249D7EC-9AD6-B5F5-AB2A-2B1A8B34E882} - C:\PROGRA~1\CDROMB~1\Owns cast.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {598A224A-0708-B1AD-FD13-30FC4FE1704E} - C:\PROGRA~1\CDROMB~1\Owns cast.exe
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg
O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: °Ù¶ÈËÑË÷°éÂÂ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [!IESearch] !IESearch
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093900019343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/a.../e-Safekey.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

wead · 10-08-2004, 06:20 PM

Yo dude. I can help you out here.
First off anything related to IE in that list get rid of.
Now instead of going through each particular thing Ima just tell you how to get rid of adware/spyware/browser hijacks/etc...
Ima put it in steps.
1. Goto www.lavasoftusa.com and download adawareSE personal edition (free)
2. Run adaware and it automatically updates the definitions. After this close it we will come back to this later.
3. Download kerio personal firewallfrom www.kerio.com (free). If you dont have a firewall.
4. Install it.
5. Update your anti-virus definitions and stuff (if you don't have AV goto the downloads section here they have some links to free AV)
6. Make sure adaware and kerio are installed and make sure your hijack this is the newest one.
7. RESTART in safe mode with networking support.
8. Run adaware, run av, it will detect and get rid of all that spyware and stuff.
9. After that goto add/rem program in the Control Panel and remove anything suspicious "(EX: Easymoneytoolbar or GAIN)
10. Turn off system restore (depends on your OS how to do it research it on google beforehand most likely in my computer propertites (sys prop).
11. Do a windows update then Restart.
12. Re-run adaware make sure its all gone.
13. Take note of anything that is there again and google them.
Usually there is a removal tool (coolwebsearch has one for example).
If that doesn't get rid of it. I suggest dumping IE and going with mozilla firefox its so much better trust me. www.mozilla.org man you will thank me.

Also I suggest www.winpatrol.com winpatrol. It lets you know when shady things happen.

rymark · 10-09-2004, 08:11 AM

The new log...

Logfile of HijackThis v1.98.2
Scan saved at 15:10:45, on 09-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Programmer\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Dudez\ProtoWall.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Downloaded\Programmer\System\Spyware\HijackThis .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/...Wyq6KA29Lg.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg
O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe
O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093900019343
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/a.../e-Safekey.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)

Roshi229 · 01-20-2005, 09:54 AM

rymark,

We have noticed that a few threads have been open for some time and would like to check up on your status. Please let us know if we can: help you further in any way or if your problem has been resolved. Sorry for the delay in our response, but we would like to make sure that all your needs have been met. Thank your for your patience in this matter.
Regards
~KB

--==:::Note:::==--
If we receive no response from you in a reasonable amount of time we will assume that you are well and happy. If this happens, pleas PM or Email Southernlady or DMo224 to have the thread reopened.
Thanks again.

southernlady · 01-27-2005, 11:08 AM

Closed due to lack of activity. Liz

10-08-2004, 06:13 AM	#1 (permalink)
rymark Newb Techie Join Date: Oct 2004 Posts: 3	More from hijackthis... Please help me with this hijackthislog. First, here's the problems I experience in XP. I'm running Norman virus control wirh firewall and ad-aware se together with sysweeper. Everytime I open IE I get this annoying toolbar-like thing at the bottom of my screen. How can I get rid of it?? Also if i go to control panel/add remove programs then the first "program" is ?=/"//("?#"=/)"!#¤ (or at leats a lot of weird signs, like chinese or so). And final in my internet settings in IE under "Advanced" there are more "chinese signs" at the top of the list - under !IE Search. Can anyone help me?!?

10-08-2004, 06:20 PM	#3 (permalink)
wead Junior Techie Join Date: Sep 2004 Posts: 97	Yo dude. I can help you out here. First off anything related to IE in that list get rid of. Now instead of going through each particular thing Ima just tell you how to get rid of adware/spyware/browser hijacks/etc... Ima put it in steps. 1. Goto www.lavasoftusa.com and download adawareSE personal edition (free) 2. Run adaware and it automatically updates the definitions. After this close it we will come back to this later. 3. Download kerio personal firewallfrom www.kerio.com (free). If you dont have a firewall. 4. Install it. 5. Update your anti-virus definitions and stuff (if you don't have AV goto the downloads section here they have some links to free AV) 6. Make sure adaware and kerio are installed and make sure your hijack this is the newest one. 7. RESTART in safe mode with networking support. 8. Run adaware, run av, it will detect and get rid of all that spyware and stuff. 9. After that goto add/rem program in the Control Panel and remove anything suspicious "(EX: Easymoneytoolbar or GAIN) 10. Turn off system restore (depends on your OS how to do it research it on google beforehand most likely in my computer propertites (sys prop). 11. Do a windows update then Restart. 12. Re-run adaware make sure its all gone. 13. Take note of anything that is there again and google them. Usually there is a removal tool (coolwebsearch has one for example). If that doesn't get rid of it. I suggest dumping IE and going with mozilla firefox its so much better trust me. www.mozilla.org man you will thank me. Also I suggest www.winpatrol.com winpatrol. It lets you know when shady things happen. __________________ -Download wead antivirus today using your brain!-

01-20-2005, 09:54 AM	#5 (permalink)
Roshi229 Ultra Techie Join Date: Oct 2004 Posts: 600	rymark, We have noticed that a few threads have been open for some time and would like to check up on your status. Please let us know if we can: help you further in any way or if your problem has been resolved. Sorry for the delay in our response, but we would like to make sure that all your needs have been met. Thank your for your patience in this matter. Regards ~KB --==:::Note:::==-- If we receive no response from you in a reasonable amount of time we will assume that you are well and happy. If this happens, pleas PM or Email Southernlady or DMo224 to have the thread reopened. Thanks again. __________________ http://www.kbdigisol.com powered by emily .

01-27-2005, 11:08 AM	#6 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	Closed due to lack of activity. Liz __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10-08-2004, 06:14 AM	#2 (permalink)
rymark Newb Techie Join Date: Oct 2004 Posts: 3	And the log... Logfile of HijackThis v1.97.7 Scan saved at 12:02:14, on 08-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Norman\Nvc\Bin\Zanda.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE C:\WINDOWS\System32\alg.exe C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WISPTIS.EXE C:\Programmer\Logitech\MouseWare\System\Em_exec.ex e C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe C:\Programmer\Messenger Plus! 3\MsgPlus.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Downloaded\Programmer\System\Spyware\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/...Wyq6KA29Lg.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {0249D7EC-9AD6-B5F5-AB2A-2B1A8B34E882} - C:\PROGRA~1\CDROMB~1\Owns cast.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {598A224A-0708-B1AD-FD13-30FC4FE1704E} - C:\PROGRA~1\CDROMB~1\Owns cast.exe O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: Opslag (HKLM) O9 - Extra button: °Ù¶ÈËÑË÷°éÂÂ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [!IESearch] !IESearch O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093900019343 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/a.../e-Safekey.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

10-09-2004, 08:11 AM	#4 (permalink)
rymark Newb Techie Join Date: Oct 2004 Posts: 3	The new log... Logfile of HijackThis v1.98.2 Scan saved at 15:10:45, on 09-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE C:\Programmer\Norman\Nvc\Bin\Zanda.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE C:\WINDOWS\Mixer.exe C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Programmer\Skype\Phone\Skype.exe C:\Programmer\Dudez\ProtoWall.exe C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe C:\Programmer\MSN Messenger\msnmsgr.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\Downloaded\Programmer\System\Spyware\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/...Wyq6KA29Lg.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093900019343 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/a.../e-Safekey.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)