Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Pop-ups To Buy Spyware Softwares


  • Please log in to reply
7 replies to this topic

#1 stupid_for_installing_that_crap

stupid_for_installing_that_crap

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 12 August 2006 - 09:23 AM

I installed IntCodec codecs and BAM!!! :thumbsup: there it was tons of spywares and trojans.

I've used have CA International Antivirus software, AT&T Yahoo spyware software and Spybot spyware software.....but I still have popups..

Here is my Hijack log......Any help would be greatly appreciated :flowers:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:13 AM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Yahoo!\Antivirus\ISafe.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\WINDOWS\system32\gearsec.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\IntCodec\isamonitor.exe
H:\Program Files\IntCodec\pmsngr.exe
H:\Program Files\HP\hpcoretech\hpcmpmgr.exe
H:\WINDOWS\System32\hphmon05.exe
H:\WINDOWS\system32\WgaTray.exe
H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
H:\PROGRA~1\Yahoo!\YOP\yop.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
H:\Program Files\Yahoo!\Antivirus\CAVTray.exe
H:\Program Files\Yahoo!\Antivirus\CAVRID.exe
H:\Program Files\IntCodec\isamini.exe
H:\Program Files\IntCodec\pmmon.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
H:\Program Files\Shareaza\Shareaza.exe
H:\PROGRA~1\Yahoo!\browser\ycommon.exe
H:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\PROGRA~1\WinZip\winzip32.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
H:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - H:\Program Files\IntCodec\isaddon.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - H:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [HP Component Manager] "H:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] H:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] H:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BJCFD] H:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaISSDT] "H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "H:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "H:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] "H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Coast to Coast AM] H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Shareaza] "H:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f....0.60/setup.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - H:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - H:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\system32\gearsec.exe
O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Movielink Core Service - Movielink LLC - D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - H:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:43 AM

Posted 12 August 2006 - 09:39 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - H:\Program Files\IntCodec\isaddon.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - H:\WINDOWS\system32\viruxz.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

David

#3 stupid_for_installing_that_crap

stupid_for_installing_that_crap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 12 August 2006 - 10:16 AM

I perform what you said:


SmitFraudFix v2.81

Scan done at 10:09:39.39, Sat 08/12/2006
Run from H:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

H:\


H:\WINDOWS


H:\WINDOWS\system


H:\WINDOWS\Web


H:\WINDOWS\system32


H:\Documents and Settings\LDJ\Application Data


Start Menu

H:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url FOUND !
H:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !

H:\DOCUME~1\LDJ\FAVORI~1


Desktop


H:\Program Files

H:\Program Files\IntCodec\ FOUND !
H:\Program Files\SpyQuake2.com\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


Scanning wininet.dll infection


End

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:43 AM

Posted 12 August 2006 - 10:26 AM

Hey there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Once in Safe Mode, open the SmitfraudFix folder again.
  • Double-click smitfraudfix.cmd.
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
  • The report can also be found at the root of the system drive, usually at C:\rapport.txt
  • Warning : running option #2 on a non infected computer will remove your Desktop background.
Also post a new Hijackthis log.
David

#5 stupid_for_installing_that_crap

stupid_for_installing_that_crap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 12 August 2006 - 10:57 AM

So far so good......Thanks alot...

SmitFraudFix v2.81

Scan done at 10:32:33.45, Sat 08/12/2006
Run from H:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

H:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
H:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted
H:\Program Files\IntCodec\ Deleted
H:\Program Files\SpyQuake2.com\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



Logfile of HijackThis v1.99.1
Scan saved at 10:48:49 AM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Yahoo!\Antivirus\ISafe.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\WINDOWS\system32\gearsec.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\WgaTray.exe
H:\Program Files\HP\hpcoretech\hpcmpmgr.exe
H:\WINDOWS\System32\hphmon05.exe
H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
H:\Program Files\Yahoo!\Antivirus\CAVTray.exe
H:\Program Files\Yahoo!\Antivirus\CAVRID.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
H:\Program Files\Shareaza\Shareaza.exe
H:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - H:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [HP Component Manager] "H:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] H:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] H:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BJCFD] H:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaISSDT] "H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "H:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "H:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] "H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Coast to Coast AM] H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Shareaza] "H:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f....0.60/setup.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\system32\gearsec.exe
O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Movielink Core Service - Movielink LLC - D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - H:\WINDOWS\system32\YPCSER~1.EXE

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:43 AM

Posted 12 August 2006 - 11:18 AM

Hey there,

You are using the Shareaza p2p file sharing program.
This is not technically malware by itself, but it installs malware in order to run properly.
It also opens the door for every other nasty program you can think of.
I strongly recommend that you remove it from your computer.
Read this article for alternatives that will provide some of the same function without the garbage:
http://www.spywareinfo.com/articles/p2p/

I suggest you remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
Shareaza

This is another article you can read:
http://www.cexx.org/adware.htm

Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

David

#7 stupid_for_installing_that_crap

stupid_for_installing_that_crap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 13 August 2006 - 10:54 AM

Panda Scan:

Incident Status Location

Spyware:Cookie/CentrPort Not disinfected C:\WINME\Cookies\ldj@centrport[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINME\Cookies\ldj@2o7[1].txt
Spyware:Cookie/Adtech Not disinfected C:\WINME\Cookies\ldj@adtech[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINME\Cookies\ldj@tribalfusion[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINME\Cookies\ldj@server.iad.liveperson[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\WINME\Cookies\ldj@maxserving[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\WINME\Cookies\ldj@bravenet[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\WINME\Cookies\ldj@statcounter[1].txt
Spyware:Cookie/techtarget Not disinfected C:\WINME\Cookies\ldj@searchtechtarget.techtarget[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\WINME\Cookies\ldj@c.fsx[1].txt
Spyware:Cookie/Atwola Not disinfected C:\WINME\Cookies\ldj@atwola[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINME\Cookies\ldj@questionmarket[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINME\Cookies\ldj@trafficmp[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINME\Cookies\ldj@bluestreak[2].txt
Spyware:Cookie/Tickle Not disinfected C:\WINME\Cookies\ldj@tickle[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINME\Cookies\ldj@doubleclick[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\WINME\Cookies\ldj@www.gangbangsquad[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINME\Cookies\ldj@ads.pointroll[2].txt
Spyware:Cookie/Zedo Not disinfected C:\WINME\Cookies\ldj@zedo[2].txt
Spyware:Cookie/Advertising Not disinfected C:\WINME\Cookies\ldj@advertising[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINME\Cookies\ldj@hitbox[1].txt
Spyware:Cookie/Advertising Not disinfected C:\WINME\Cookies\ldj@servedby.advertising[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\WINME\Cookies\ldj@hc2.humanclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected E:\CA Antivirus\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/IST.ISTBar Not disinfected E:\Quick Macros\((((((((( quick macros .zip[YSB_toolBar.exe]
Hacktool:HackTool/EvID Not disinfected E:\Shareaza\EventID 4226 Patcher Version 2.23d\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@ad.yieldmanager[2].txt
Spyware:Cookie/Doubleclick Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@hitbox[2].txt
Spyware:Cookie/Malwarewipe Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@malwarewipe[1].txt
Spyware:Cookie/Safetyhomepage Not disinfected H:\Documents and Settings\LDJ\Cookies\ldj@www.safetyhomepage[2].txt
Spyware:Cookie/Gorillanation Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@atdmt[2].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@ccbill[2].txt
Spyware:Cookie/CentrPort Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@centrport[1].txt
Spyware:Cookie/Doubleclick Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@fastclick[1].txt
Spyware:Cookie/Go Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@go[2].txt
Spyware:Cookie/Hitbox Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@hitbox[2].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@questionmarket[1].txt
Spyware:Cookie/Advertising Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@servedby.advertising[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\LDJ\Local Settings\Temp\Cookies\ldj@z1.adserver[1].txt


Logfile of HijackThis v1.99.1
Scan saved at 10:47:22 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Yahoo!\Antivirus\ISafe.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\WINDOWS\system32\gearsec.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\WgaTray.exe
H:\Program Files\HP\hpcoretech\hpcmpmgr.exe
H:\WINDOWS\System32\hphmon05.exe
H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
H:\Program Files\Yahoo!\Antivirus\CAVTray.exe
H:\Program Files\Yahoo!\Antivirus\CAVRID.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\PROGRA~1\Yahoo!\browser\ycommon.exe
H:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
H:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - H:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [HP Component Manager] "H:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] H:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] H:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BJCFD] H:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaISSDT] "H:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "H:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "H:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] "H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Coast to Coast AM] H:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Shareaza] "H:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f....0.60/setup.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - H:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\system32\gearsec.exe
O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Movielink Core Service - Movielink LLC - D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - H:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - H:\WINDOWS\system32\YPCSER~1.EXE

end
Do I need this in file::: O1 - Hosts: 207.68.172.246 msn.com

I don't use msn.com
Thanks

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:43 AM

Posted 13 August 2006 - 10:57 AM

Hey there,

We can safely get rid of those 01 entries then.
Please download hoster from here :thumbsup:
Unzip Hoster.zip
Open Hoster.exe
Then click on "Restore Original Hosts"
Close program when complete.

Delete the following two files:

E:\Quick Macros\((((((((( quick macros .zip
E:\Shareaza\EventID 4226 Patcher Version 2.23d\EvID4226Patch223d-en.zip

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

Go to start and click on the "run" button.
Type the following in the fox --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Please reboot and let me know how the computer is running.
David

Edited by D-Trojanator, 13 August 2006 - 10:59 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users