tdao91 Posted January 15, 2006 Share Posted January 15, 2006 Logfile of HijackThis v1.99.1 Scan saved at 12:31:55 PM, on 1/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Norton Internet Security\ISSVC[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile] C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: ExecutableFile] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] C:\WINDOWS\system32\igfxpers[Caution: ExecutableFile] C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: ExecutableFile] C:\WINDOWS\system32\msiexec[Caution: ExecutableFile] C:\PROGRA~1\NORTON~1\NORTON~1\navw32[Caution: ExecutableFile] C:\WINDOWS\system32\nvctrl[Caution: ExecutableFile] C:\WINDOWS\system32\mssearchnet[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\DOCUME~1\Tom\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6D8F.tmp O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: ExecutableFile] O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: ExecutableFile] O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - ]http://w4s.work4sure.com/c/ge/w4sgeen9[Caution: ExecutableFile] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC[Caution: ExecutableFile] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]" "WUSB54Gv4[Caution: ExecutableFile] (file missing) tdao91 Link to comment Share on other sites More sharing options...
Blackthought Posted January 15, 2006 Share Posted January 15, 2006 wat in the hell is this lol? Link to comment Share on other sites More sharing options...
Antony Posted January 16, 2006 Share Posted January 16, 2006 Blackthought, it's a Hijack This log. C:\WINDOWS\system32\nvctrl[Caution: ExecutableFile] C:\WINDOWS\system32\mssearchnet[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/ O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6D8F.tmp O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9[Caution: ExecutableFile] All of the above need to be removed. :::Antony 7::: Link to comment Share on other sites More sharing options...
Blackthought Posted January 16, 2006 Share Posted January 16, 2006 plz explain ( rune grabs a note pad ) i feel ashemned to be 13 yr old and not knwoing this :( Link to comment Share on other sites More sharing options...
Antony Posted January 16, 2006 Share Posted January 16, 2006 What the heck you mean? Are you asking what is Hijack This? Check this out: http://www.spywareinfo.com/~merijn/ :::Antony 7::: Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 16, 2006 Share Posted January 16, 2006 i feel ashemned to be 13 yr old and not knwoing this no need to be ashamed, hardly anyone knows what it is (even adults). It's basically a program made by a dutch person named merjin (merlin in english). HijackThis wills scan your registry and various other files for entries that are similar to what a Spyware or Hijacker program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed. Please move HJT into somewhere else. ============================================= Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt Move HJT into this new folder please, This is important so please do this prior to anything else please ok before you fix the o2 line, has your desktop wallpaper been changed? are you getting fake windowsupdate messages (telling you to download spyaxe,spyware sticker, pcgaurd etc? if you have post back, and if you don't still post back. Link to comment Share on other sites More sharing options...
tdao91 Posted January 16, 2006 Author Share Posted January 16, 2006 i feel ashemned to be 13 yr old and not knwoing this no need to be ashamed, hardly anyone knows what it is (even adults). It's basically a program made by a dutch person named merjin (merlin in english). HijackThis wills scan your registry and various other files for entries that are similar to what a Spyware or Hijacker program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed. Please move HJT into somewhere else. ============================================= Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt Move HJT into this new folder please, This is important so please do this prior to anything else please ok before you fix the o2 line, has your desktop wallpaper been changed? are you getting fake windowsupdate messages (telling you to download spyaxe,spyware sticker, pcgaurd etc? if you have post back, and if you don't still post back. omg! thats exactly what happens! Theres a fake windows message in my system tray, it goes: "Your Computer is infected!" and all this other stuff about clicking here to protect my comp And it downloads spy striker onto my computer. I think i got this trojan or spyware or whatever it is when i downloaded this fake codec. They call it "Vcodec" Adaware and spybot S&D can detect it but they cant get rid of it. Nothing wrong with my desktop but there are gambling popups and adult friend finder ones too. It also changes my homepage. Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 17, 2006 Share Posted January 17, 2006 yeh i can tell just needed to confirm; your desktop has been hijacked. google up a toold called Smitrem made by noahdfear. download and save it to your desktop. Close all other programs and windows. Double click smitrem[Caution: ExecutableFile], then click Start to extract the tool to it's own folder. Open the Smitrem folder and double click the runthis.bat to start the tool. At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. A text file will be created in the Smitrem folder. Post the contents of that log please. have you moved HJT out of the temp? Link to comment Share on other sites More sharing options...
tdao91 Posted January 18, 2006 Author Share Posted January 18, 2006 yeh i can tell just needed to confirm; your desktop has been hijacked. google up a toold called Smitrem made by noahdfear. download and save it to your desktop. Close all other programs and windows. Double click smitrem.e3e (CAUTION - executable file), then click Start to extract the tool to it's own folder. Open the Smitrem folder and double click the runthis.bat to start the tool. At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. A text file will be created in the Smitrem folder. Post the contents of that log please. have you moved HJT out of the temp? i made a HJT folder in my C: and moved the hijackthis into it i ran SmitRem and it seemed to remove all the bad stuff. No more crazy "your system is infected!" but it didnt leave a text log back for me to post. Would you like for me to post up another HJT log? Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 18, 2006 Share Posted January 18, 2006 ok least it's gone now. yes please post a new hjt log and then someone should take over it. if noone does after 2 days then i do it myself. Link to comment Share on other sites More sharing options...
Mercifull Posted January 18, 2006 Share Posted January 18, 2006 if noone does after 2 days then i do it myself. You are the tech head here and are already helping this dude... why cant you do it? Seems a bit crazy waiting 2 days everytime this guy askes you for help. :roll: Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 18, 2006 Share Posted January 18, 2006 why cant you do it? I just want to give someone else a chance with logs thats all. I mean loads of other people know what they are doing with hjt (like you for a start). Seems a bit crazy waiting 2 days everytime this guy askes you for help. Rolling Eyes good point, i think i change me sig now. well i wait for a while to see if anyone will take this log. if noone takes it then i finish it off. Link to comment Share on other sites More sharing options...
tdao91 Posted January 19, 2006 Author Share Posted January 19, 2006 why cant you do it? I just want to give someone else a chance with logs thats all. I mean loads of other people know what they are doing with hjt (like you for a start). Seems a bit crazy waiting 2 days everytime this guy askes you for help. Rolling Eyes good point, i think i change me sig now. well i wait for a while to see if anyone will take this log. if noone takes it then i finish it off. found the smit text: smitRem ÃÆââ¬Å¡Ãâé log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Tue 01/17/2006 The current time is: 21:07:05.09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 1972 'explorer[Caution: ExecutableFile]' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) ________________________________________________________ HJT: Logfile of HijackThis v1.99.1 Scan saved at 1:47:49 AM, on 1/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile] C:\Program Files\ewido anti-malware\ewidoctrl[Caution: ExecutableFile] C:\Program Files\ewido anti-malware\ewidoguard[Caution: ExecutableFile] C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: ExecutableFile] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] C:\WINDOWS\system32\igfxpers[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: ExecutableFile] C:\WINDOWS\system32\igfxsrvc[Caution: ExecutableFile] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: ExecutableFile] O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl[Caution: ExecutableFile] O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard[Caution: ExecutableFile] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]" "WUSB54Gv4[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
MasterOfThePuppets Posted January 19, 2006 Share Posted January 19, 2006 i feel ashemned to be 13 yr old and not knwoing this no need to be ashamed, hardly anyone knows what it is (even adults). It's basically a program made by a dutch person named merjin (merlin in english). HijackThis wills scan your registry and various other files for entries that are similar to what a Spyware or Hijacker program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed. Please move HJT into somewhere else. ============================================= Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt Move HJT into this new folder please, This is important so please do this prior to anything else please ok before you fix the o2 line, has your desktop wallpaper been changed? are you getting fake windowsupdate messages (telling you to download spyaxe,spyware sticker, pcgaurd etc? if you have post back, and if you don't still post back. omg! thats exactly what happens! Theres a fake windows message in my system tray, it goes: "Your Computer is infected!" and all this other stuff about clicking here to protect my comp And it downloads spy striker onto my computer. I think i got this trojan or spyware or whatever it is when i downloaded this fake codec. They call it "Vcodec" Adaware and spybot S&D can detect it but they cant get rid of it. Nothing wrong with my desktop but there are gambling popups and adult friend finder ones too. It also changes my homepage. Ouch. I pity you. I got that, but I someone broke it (completely accidentally, too...yay) If the homepage won't switch back, it's a browser helper object, but I forget which one. Link to comment Share on other sites More sharing options...
wahoo Posted January 19, 2006 Share Posted January 19, 2006 I'm guessing you might have tried to install messenger plus, i'm also guessing that you forgot to unselect the spyware it offers you. Link to comment Share on other sites More sharing options...
MasterOfThePuppets Posted January 19, 2006 Share Posted January 19, 2006 Messenger Plus? As in, yahoo, msn...or what? Also, no respectable company would bundle this. It is clearly incredibly virulent. Link to comment Share on other sites More sharing options...
____ Posted January 19, 2006 Share Posted January 19, 2006 Messenger Plus? As in, yahoo, msn...or what? Also, no respectable company would bundle this. It is clearly incredibly virulent. Messenger Plus! is an addon for MSN Messenger. And unlike 99.99% of programs that come bundled with spyware, Plus! gives you the option to install without installing the 'sponsor' aswell. And I've had the spyware before and it's not exactly hard to get rid of. So unless it has changed Ad Aware should get rid of it with no problems. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now