-
March 23rd, 2007, 09:06 PM
#1
New window pop-up adverts!
Hey folks
First of all, thanks for your help a while back when I had some problems with my webcam. My latest problem is when I'm using Firefox everytime I go to a new site I my compy opens up a new window advertising something like online dating, spyware scans or just general adverts. It's really pissing me off, but I've run several Adware and Spyware scans using customised options, but still I am still interrupted by needless windows trying to sell me something. I don't think their pop ups as I have a blocker enabled, unless that's a bag of ****e itself.
I have installed and scanned my system using Ad-Aware SE, Spybot Search and Destroy and also CW Shredder as the Microsoft Spyware cleaner has suggested but still nothing.
Any suggestions are welcome, guys.
Thanks.
-
March 23rd, 2007, 10:02 PM
#2
Registered User
Exactly what programs are you using to scan for spyware cause it sounds like hijacking
-
March 23rd, 2007, 10:18 PM
#3
I am using Ad-Aware SE Personal, Spybot Search and Destroy and CW Shredder.
-
March 23rd, 2007, 11:03 PM
#4
Registered User
Good programs
Now shut off system restore update all the programs and then reboot to safemode and scan with all 3 in safemode
-
March 24th, 2007, 07:19 AM
#5
Driver Terrier
Then download hijackthis from trend micro and post a log.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
March 25th, 2007, 05:48 AM
#6
Chat Operator
Originally Posted by Ferrit
Good programs
Now shut off system restore update all the programs and then reboot to safemode and scan with all 3 in safemode
and make sure your internet is off when you do this.
<Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
-----------------------
Windows 7 Pro x64
Asus P5QL Deluxe
Intel Q6600
nVidia 8800 GTS 320
6 gigs of Ram
2x60 gig OCZ Vertex SSD (raid 0)
WD Black 750 gig
Antec Tri power 750 Watt PSU
Lots of fans
-
March 25th, 2007, 08:22 AM
#7
HijackThis will tell you what's wrong with your pc.
sorry to post this here, but i couldn't pm you NooNoo, do you need any HJT/PC Security helpers?
also to original poster, if you download, install and update this program
http://free.grisoft.com/doc/20/lng/us/tpl/v5
and do a full system scan in safe mode, should help keep your pc clean.
-
March 25th, 2007, 08:23 AM
#8
download, install, update this program
http://free.grisoft.com/doc/20/lng/us/tpl/v5
then do a full system scan in safe mode.
-
March 25th, 2007, 09:23 AM
#9
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\r?ndll.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\Nick\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - {BB127645-9AF4-B971-D659-BB3EB35376E7} - (no file)
R3 - URLSearchHook: (no name) - {74B570E8-9159-BAD5-2C02-BECE1CC9E3ED} - (no file)
R3 - URLSearchHook: (no name) - {90FD2B62-9FD5-E657-A4AB-E4CB5CEC5BB0} - (no file)
R3 - URLSearchHook: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
R3 - URLSearchHook: (no name) - {3A8BA5B8-4109-62DF-7F73-3CB67B6BA0B0} - (no file)
R3 - URLSearchHook: (no name) - {2964EF48-01AE-7B7D-8B71-2C27C290B9BB} - (no file)
R3 - URLSearchHook: (no name) - {721D3383-DC62-F5E4-4ED0-F3CAEC53E2BC} - (no file)
R3 - URLSearchHook: (no name) - {4446F6F2-4F19-3791-3787-3346E4ECD4BA} - (no file)
R3 - URLSearchHook: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
R3 - URLSearchHook: (no name) - {E3CD3D3A-D388-AB58-F83A-F8EA6EC573E3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {37BF35C1-8928-F7F9-0E91-F24A44F7A0E6} - (no file)
R3 - URLSearchHook: (no name) - {66E13397-8C23-F9A2-0E91-F24A44F7A4EB} - (no file)
R3 - URLSearchHook: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
R3 - URLSearchHook: (no name) - {B92CA628-43C4-644D-BEC2-37B6DBE52CB0} - (no file)
R3 - URLSearchHook: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
R3 - URLSearchHook: (no name) - {B9F6B803-0DBA-7365-938E-732252FC7EE7} - (no file)
R3 - URLSearchHook: (no name) - {3532F630-1AD7-6603-A0A9-6143C415F7BF} - (no file)
R3 - URLSearchHook: (no name) - {ED12E38D-5532-71BE-14F6-74E2EE0073B2} - (no file)
R3 - URLSearchHook: (no name) - {A594F136-1881-3506-A4AF-641331AD6BB3} - (no file)
R3 - URLSearchHook: (no name) - {E818E4DE-543A-71E8-14F6-74E2EE0026E1} - (no file)
R3 - URLSearchHook: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
R3 - URLSearchHook: (no name) - {2414801E-68FE-1671-81D9-1634E371E5E3} - (no file)
R3 - URLSearchHook: (no name) - {354F81DA-3332-17EF-4CF5-14D4BDB7A9E8} - (no file)
R3 - URLSearchHook: (no name) - {997A23EF-9D51-E7D1-7BE6-B59E89145FB1} - (no file)
R3 - URLSearchHook: (no name) - {75BC74EB-9804-BAD5-2C53-BECE1C9DEDB2} - (no file)
R3 - URLSearchHook: (no name) - {A6301A43-F8FD-D77B-DEAC-D128925567EF} - (no file)
R3 - URLSearchHook: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
R3 - URLSearchHook: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} -
-
March 25th, 2007, 09:23 AM
#10
C:\WINDOWS\system32\uycb.dll (file missing)
O2 - BHO: (no name) - {0682A7F5-0252-6CA0-6FF3-628D18CFD2AB} - C:\WINDOWS\system32\zojf.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D79FC42-1280-3177-A4DA-33C6FE6492C9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
O2 - BHO: (no name) - {3854CC42-3FB3-0443-89EA-03EBCE54BFF9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
O2 - BHO: (no name) - {424085C2-2261-46C8-07B0-16AADA9094AA} - C:\WINDOWS\system32\agloromt.dll (file missing)
O2 - BHO: (no name) - {503CB28B-4B24-2C81-4465-7B1CF1FBD3FA} - C:\WINDOWS\system32\kxxe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556DC645-64E8-5C1F-D788-508EA8CED5AD} - C:\WINDOWS\system32\eyt.dll (file missing)
O2 - BHO: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
O2 - BHO: (no name) - {6440F634-49D9-6959-FABA-60A3E98FF8E9} - C:\WINDOWS\system32\eyt.dll (file missing)
O2 - BHO: (no name) - {6511828B-6617-19B5-6955-4B31C1CBFECA} - C:\WINDOWS\system32\kxxe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7FB03851-98A5-FF53-9B0B-F8342038FAFC} - C:\WINDOWS\system32\iai.dll (file missing)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {947E5F87-FB73-99DE-4A41-9912B2411DA3} - C:\WINDOWS\system32\nni.dll (file missing)
O2 - BHO: (no name) - {9594F8DF-403E-6DE2-4465-6853368357E4} - C:\WINDOWS\system32\orr.dll (file missing)
O2 - BHO: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
O2 - BHO: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
O2 - BHO: (no name) - {A4B9C8AE-6D0F-58A4-6957-587E77C27AA0} - C:\WINDOWS\system32\orr.dll (file missing)
O2 - BHO: (no name) - {AC6C4354-B4A1-8203-9CAB-D766F65A27A0} - C:\WINDOWS\system32\haddy.dll (file missing)
O2 - BHO: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} - C:\WINDOWS\system32\uycb.dll (file missing)
O2 - BHO: (no name) - {B899FC3D-5D95-396B-F656-3DE80E4F6AA4} - C:\WINDOWS\system32\mplszpva.dll (file missing)
O2 - BHO: (no name) - {C92A75BD-C859-E58B-2EE0-B59E8A1551B3} - C:\WINDOWS\system32\zisjl.dll (file missing)
O2 - BHO: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
O2 - BHO: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
O2 - BHO: (no name) - {F78163FC-9054-F1F2-3B86-F5F41FBF23A0} - C:\WINDOWS\system32\gfocew.dll (file missing)
O2 - BHO: (no name) - {F80745CC-E568-D0CD-03D2-85B3CB547CF7} - C:\WINDOWS\system32\zisjl.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DbaD] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [ilqv] C:\WINDOWS\ilqv.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fivs] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [Waoe] "C:\DOCUME~1\Nick\MYDOCU~1\FNTS~1\dexplore.exe " -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119130434484
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B66D8E-90A7-4924-BFC3-E387F9F84AB8}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CA9051-8056-488D-B4BE-9D1C474B77CD}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 12991 bytes
Thats the logfile.
And they're still popping up.
How do I do boot scan?
-
March 25th, 2007, 12:39 PM
#11
Driver Terrier
Well you have a lovely bunch of spyware there...
Boot to safe mode, run hijack this again to remind you where this stuff is
find and delete the file C:\WINDOWS\system32\r?ndll.exe
Check the following in hijack this and click fix.
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - {BB127645-9AF4-B971-D659-BB3EB35376E7} - (no file)
R3 - URLSearchHook: (no name) - {74B570E8-9159-BAD5-2C02-BECE1CC9E3ED} - (no file)
R3 - URLSearchHook: (no name) - {90FD2B62-9FD5-E657-A4AB-E4CB5CEC5BB0} - (no file)
R3 - URLSearchHook: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
R3 - URLSearchHook: (no name) - {3A8BA5B8-4109-62DF-7F73-3CB67B6BA0B0} - (no file)
R3 - URLSearchHook: (no name) - {2964EF48-01AE-7B7D-8B71-2C27C290B9BB} - (no file)
R3 - URLSearchHook: (no name) - {721D3383-DC62-F5E4-4ED0-F3CAEC53E2BC} - (no file)
R3 - URLSearchHook: (no name) - {4446F6F2-4F19-3791-3787-3346E4ECD4BA} - (no file)
R3 - URLSearchHook: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
R3 - URLSearchHook: (no name) - {E3CD3D3A-D388-AB58-F83A-F8EA6EC573E3} - (no file)
R3 - URLSearchHook: (no name) - {37BF35C1-8928-F7F9-0E91-F24A44F7A0E6} - (no file)
R3 - URLSearchHook: (no name) - {66E13397-8C23-F9A2-0E91-F24A44F7A4EB} - (no file)
R3 - URLSearchHook: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
R3 - URLSearchHook: (no name) - {B92CA628-43C4-644D-BEC2-37B6DBE52CB0} - (no file)
R3 - URLSearchHook: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
R3 - URLSearchHook: (no name) - {B9F6B803-0DBA-7365-938E-732252FC7EE7} - (no file)
R3 - URLSearchHook: (no name) - {3532F630-1AD7-6603-A0A9-6143C415F7BF} - (no file)
R3 - URLSearchHook: (no name) - {ED12E38D-5532-71BE-14F6-74E2EE0073B2} - (no file)
R3 - URLSearchHook: (no name) - {A594F136-1881-3506-A4AF-641331AD6BB3} - (no file)
R3 - URLSearchHook: (no name) - {E818E4DE-543A-71E8-14F6-74E2EE0026E1} - (no file)
R3 - URLSearchHook: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
R3 - URLSearchHook: (no name) - {2414801E-68FE-1671-81D9-1634E371E5E3} - (no file)
R3 - URLSearchHook: (no name) - {354F81DA-3332-17EF-4CF5-14D4BDB7A9E8} - (no file)
R3 - URLSearchHook: (no name) - {997A23EF-9D51-E7D1-7BE6-B59E89145FB1} - (no file)
R3 - URLSearchHook: (no name) - {75BC74EB-9804-BAD5-2C53-BECE1C9DEDB2} - (no file)
R3 - URLSearchHook: (no name) - {A6301A43-F8FD-D77B-DEAC-D128925567EF} - (no file)
R3 - URLSearchHook: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
R3 - URLSearchHook: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} -
C:\WINDOWS\system32\uycb.dll (file missing)
O2 - BHO: (no name) - {0682A7F5-0252-6CA0-6FF3-628D18CFD2AB} - C:\WINDOWS\system32\zojf.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D79FC42-1280-3177-A4DA-33C6FE6492C9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
O2 - BHO: (no name) - {3854CC42-3FB3-0443-89EA-03EBCE54BFF9} - C:\WINDOWS\system32\dbjeeiu.dll (file missing)
O2 - BHO: (no name) - {424085C2-2261-46C8-07B0-16AADA9094AA} - C:\WINDOWS\system32\agloromt.dll (file missing)
O2 - BHO: (no name) - {503CB28B-4B24-2C81-4465-7B1CF1FBD3FA} - C:\WINDOWS\system32\kxxe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556DC645-64E8-5C1F-D788-508EA8CED5AD} - C:\WINDOWS\system32\eyt.dll (file missing)
O2 - BHO: (no name) - {57CC03E6-A112-CCE4-23A3-C26705B689AF} - C:\WINDOWS\system32\hiik.dll (file missing)
O2 - BHO: (no name) - {6440F634-49D9-6959-FABA-60A3E98FF8E9} - C:\WINDOWS\system32\eyt.dll (file missing)
O2 - BHO: (no name) - {6511828B-6617-19B5-6955-4B31C1CBFECA} - C:\WINDOWS\system32\kxxe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7FB03851-98A5-FF53-9B0B-F8342038FAFC} - C:\WINDOWS\system32\iai.dll (file missing)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: (no name) - {88019659-6EF5-510B-93F0-079B9AA401F4} - C:\WINDOWS\system32\ves.dll (file missing)
O2 - BHO: (no name) - {947E5F87-FB73-99DE-4A41-9912B2411DA3} - C:\WINDOWS\system32\nni.dll (file missing)
O2 - BHO: (no name) - {9594F8DF-403E-6DE2-4465-6853368357E4} - C:\WINDOWS\system32\orr.dll (file missing)
O2 - BHO: (no name) - {A1D01B13-B2E4-D311-8999-D4E61DAD76F4} - C:\WINDOWS\system32\hhopcal.dll (file missing)
O2 - BHO: (no name) - {A2611F4D-FEFB-D57B-DCAC-D128930332ED} - C:\WINDOWS\system32\nskfj.dll (file missing)
O2 - BHO: (no name) - {A4B9C8AE-6D0F-58A4-6957-587E77C27AA0} - C:\WINDOWS\system32\orr.dll (file missing)
O2 - BHO: (no name) - {AC6C4354-B4A1-8203-9CAB-D766F65A27A0} - C:\WINDOWS\system32\haddy.dll (file missing)
O2 - BHO: (no name) - {B720C70F-2DBB-5133-9EA8-5150D48729E3} - C:\WINDOWS\system32\uycb.dll (file missing)
O2 - BHO: (no name) - {B899FC3D-5D95-396B-F656-3DE80E4F6AA4} - C:\WINDOWS\system32\mplszpva.dll (file missing)
O2 - BHO: (no name) - {C92A75BD-C859-E58B-2EE0-B59E8A1551B3} - C:\WINDOWS\system32\zisjl.dll (file missing)
O2 - BHO: (no name) - {CF545E64-ECD4-C501-F7BA-902CF21D04B1} - C:\WINDOWS\system32\kkfvykkf.dll (file missing)
O2 - BHO: (no name) - {D935D4AF-790B-44AE-39C4-44CFAF410BA5} - C:\WINDOWS\system32\otnstwv.dll (file missing)
O2 - BHO: (no name) - {F78163FC-9054-F1F2-3B86-F5F41FBF23A0} - C:\WINDOWS\system32\gfocew.dll (file missing)
O2 - BHO: (no name) - {F80745CC-E568-D0CD-03D2-85B3CB547CF7} - C:\WINDOWS\system32\zisjl.dll (file missing)
O4 - HKLM\..\Run: [DbaD] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\unvxyj.exe
O4 - HKLM\..\Run: [ilqv] C:\WINDOWS\ilqv.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B66D8E-90A7-4924-BFC3-E387F9F84AB8}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CA9051-8056-488D-B4BE-9D1C474B77CD}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66
Now got to http://housecall.trendmicro.com and run a full scan... AVG you may as well uninstall as it is doing absolutely nothing for you right now... you need the new 7.5 version.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
March 25th, 2007, 12:40 PM
#12
Driver Terrier
Originally Posted by Rorschach
HijackThis will tell you what's wrong with your pc.
sorry to post this here, but i couldn't pm you NooNoo, do you need any HJT/PC Security helpers?
also to original poster, if you download, install and update this program
http://free.grisoft.com/doc/20/lng/us/tpl/v5
and do a full system scan in safe mode, should help keep your pc clean.
Welcome to Windrivers Rorschach
The more the merrier! And now you should be able to pm me.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
March 25th, 2007, 01:26 PM
#13
Registered User
latrelus, just what sort of options are you setting on your customized scans? Much more of this should have already been detected and removed, I'd think. I didn't see where you said that you had disabled System Restore during any of these scans. Did I also miss the part where you ran them in Safe Mode?
What AV software are you using. Frankly, since you have AVG, try something a bit more effective like a trial download of NOD32, or an online scan from Trend Micro or BitDefender.
-
March 25th, 2007, 02:55 PM
#14
Yes, I have disabled system restore and these tests have been run in safe mode.
-
March 25th, 2007, 02:59 PM
#15
Driver Terrier
did you carry out the deletions I suggested above?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
Similar Threads
-
By confus-ed in forum Tech Tips
Replies: 7
Last Post: November 4th, 2004, 11:26 PM
-
By riddellcomp in forum Microsoft Office
Replies: 3
Last Post: June 28th, 2004, 04:03 AM
-
By pinhead in forum Tech-To-Tech
Replies: 1
Last Post: June 11th, 2004, 09:53 AM
-
By Visgothy in forum Windows 95/98/98SE/ME
Replies: 4
Last Post: June 18th, 2002, 01:46 PM
-
By HMG1K in forum Windows 95/98/98SE/ME
Replies: 4
Last Post: April 29th, 2001, 08:17 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks