MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Browser Hijacked
April 05, 2020, 11:08:53 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 05, 2020, 11:08:53 PM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Browser Hijacked  (Read 2329 times)
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« on: November 15, 2005, 12:36:22 AM »

Help!
Everytime I pull up IE I get a windows security message saying that spyware has been detected. I have my IE set to a blank page at startup and it won't allow it to show that. I'm running windows XP.
Here is my hj log

Logfile of HijackThis v1.99.1
Scan saved at 7:31:53 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\shareware\Virus\HiJack This\HijackThis.exe

O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp5ED9.tmp
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvRemoteManager] C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
O4 - HKLM\..\Run: [NvPvrNetMon] "C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe" start
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA PVR Schedule Monitor (nvpvrmon) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\NVIDIA~1\FORCEW~1\NVRemote\x10nets.exe (file missing)

Thanks in advance. You guys rock!

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



« Last Edit: November 16, 2005, 02:43:07 AM by toppro77 » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: November 15, 2005, 02:02:37 AM »

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes



Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This  in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/




SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.
 Folders that have been highlighted RED will need to be uninstalled.
  -----------------------------------------------------------------------


Please download Ewido Security Suite Run this when all the other fixes have been done.

 Install Ewido Security Suite.
 When installing, under 'Additional Options' uncheck: "Install background guard" and  "Install scan via context menu"

To open the main screen double click the icon on the desktop.
 
 You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

 Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
 
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.


------------------------------------------------------------------------------

Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------


Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

P2P Networking

-----------------------------------------------------------------


Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each one if they are still listed.

P2P Networking.exe

-----------------------------------------------------------------


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp5ED9.tmp
O4 - HKLM\..\Run: [P2P Networking]O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART\P2P Networking.exe /AUTOSTART

 ---------------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted  file/s
Also delete the following red folder/s

 C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\hp5ED9.tmp   <---- this may not be present.

------------------------------------------------------------------------

 
Restart your computer and post a new HijackThis log

Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #2 on: November 15, 2005, 05:26:20 AM »

Hi Pancake,
I think you have done a great job! I no longer have that window poping up in IE. Here is the latest h/j log and the log from ewido

Logfile of HijackThis v1.99.1
Scan saved at 12:21:00 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Microsoft Works\WksWP.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Owner\My Documents\shareware\Virus\HiJack This\HijackThis.exe

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvRemoteManager] C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
O4 - HKLM\..\Run: [NvPvrNetMon] "C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA PVR Schedule Monitor (nvpvrmon) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\NVIDIA~1\FORCEW~1\NVRemote\x10nets.exe (file missing)



ewido

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         12:19:59 AM, 11/15/2005
 + Report-Checksum:      9CB42390

 + Scan result:

   C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker -> Spyware.BlockChecker : Ignored
   C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker -> Spyware.BlockChecker : Ignored
   C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker\Block Checker.lnk -> Spyware.BlockChecker : Ignored
   C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Spyware.BlockChecker : Ignored
   C:\Documents and Settings\HP_Owner\My Documents\shareware\Block Checker\block-checker-xp.exe/2 -> Spyware.Chiem : Ignored
   C:\Program Files\Block Checker -> Spyware.BlockChecker : Ignored
   C:\Program Files\Block Checker\Block Checker.exe -> Spyware.BlockChecker : Ignored
   C:\Program Files\Block Checker\setup.log -> Spyware.BlockChecker : Ignored
   C:\Program Files\Block Checker\setup_finish.exe -> Spyware.BlockChecker : Ignored
   C:\Program Files\Block Checker\uninstall.exe -> Spyware.BlockChecker : Ignored
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1053 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1053 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
   HKU\S-1-5-21-2570125775-2412477213-1389577940-1009\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
   [828] C:\WINDOWS\system32\ld5E4C.tmp -> TrojanDownloader.Zlob.az : Cleaned with backup
   [1852] C:\WINDOWS\system32\svchosts.dll -> Not-A-Virus.Hoax.Renos.v : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@linkbuddies[1].txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
   C:\Documents and Settings\HP_Owner\My Documents\shareware\Virus\HiJack This\backups\backup-20051114-231752-281.dll -> Trojan.Small.fs : Cleaned with backup
   C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\Program Files\RXToolBar -> Spyware.RXToolbar : Cleaned with backup
   C:\Program Files\RXToolBar\sfcont.bin -> Spyware.RXToolbar : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
   C:\WINDOWS\system32\1024\ld11AC.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld1203.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld1231.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld12DC.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld1531.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld17B4.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld194A.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld22A1.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld244C.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld248F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld26FB.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld27E7.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld2A7D.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld301F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld31E2.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld32F4.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld365F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld386B.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld3C0.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld3C77.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld40E5.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld43A0.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld4490.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld4593.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld46DE.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld4E2B.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld4EB7.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld5220.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld528B.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld5636.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld59CA.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld5B0B.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld5C09.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld6304.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld64B8.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld64EA.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld6565.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld6C56.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld7AB4.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld7AB9.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld8277.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld8305.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld8370.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld84C8.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld85BF.tmp -> TrojanDropper.Small.ahg : Cleaned with backup
   C:\WINDOWS\system32\1024\ld862.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld94A2.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld979F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld9B12.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ld9FC6.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldA111.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldA276.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldA2A6.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldA3F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldA58C.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldAB65.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldAC0E.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldB3F1.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldB3F6.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldB647.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldB7C0.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldBB11.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldBF1D.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldC2D4.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldC54D.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldC65A.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldC780.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldCB9F.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldCC40.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldD35A.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldD56C.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldD5EB.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldDD48.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldE2DE.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldE40A.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldEABC.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldF1F5.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldF2BD.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\1024\ldF407.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\hp6215.tmp -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\ld5E4C.tmp -> TrojanDownloader.Zlob.az : Cleaned with backup
   C:\WINDOWS\system32\navshext1.dll -> Spyware.Chiem : Cleaned with backup
   C:\WINDOWS\system32\navshext2.dll -> Spyware.Chiem : Cleaned with backup
   C:\WINDOWS\system32\svchosts.dll -> Not-A-Virus.Hoax.Renos.v : Cleaned with backup
   C:\WINDOWS\Temp\ikehjhnd.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Temp\oibknhod.exe -> Dialer.Generic : Cleaned with backup


::Report End

Thanks
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #3 on: November 15, 2005, 09:43:26 PM »

Hi again pancake,
Looks like I was wrong. I still have that window coming up in IE. It didn't last night but it's back today/ Sad
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #4 on: November 15, 2005, 11:20:36 PM »

Someone please help! I'm being blocked from accessing certain sites from links on pages. I get the message "The adware on your computer is blocking access to this site." Then I get an add to by spyaxe. I know the *#@* put this virus on my computer themselves to make me buy their *&^%%$$ software to get it off.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 16, 2005, 12:15:03 AM »

In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below:
1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD.

2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip.

3) Execute both of them one by one by double-clicking with your mouse.

4) Reboot your PC

5) Your PC is now clean from the infections.


You may still had to go to 'add/remove programs' under control panel to uninstall the SpyAxe program itself,
« Last Edit: November 16, 2005, 12:21:49 AM by Pancake » Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #6 on: November 16, 2005, 01:32:32 AM »

Hi Pancake,
Thanks for all your help but Im still getting a virus warning on my browser. Here is the addy that keeps showing up http://www.syserrors.com/
I did all that you said but for some reason this is still taking control of my browser.

The browser says "Warning! Spyware detected
Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

Your private info is collected by W32.Sinnaka.A@mm
Your IP address: (I erased this part)
 
Your Country: US, United States
 
They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
 
Operation System: OS Windows
 
Risk status for futher investigation: VERY HIGH RISK
 
Time of investigation: Tue Nov 15 17:28:55 PST 2005
 
Any suggestions now! Sad
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #7 on: November 16, 2005, 01:43:12 AM »

Man I am screwed. This thing is blocking me from going to Netscape.com, it keeps reverting back to syserors.com when I enter www.netscape.com in the address bar. It has blocked another site from me also.

If this thing keeps learning all the addresses I go to from the IE startup page and redirecting me back to syserrors.com I will not be able to access my mail or do a search or anything. I'm using a round about way to get to my mail page. I put in a random addy first and then to my email server, so that if it blocks it in the future it's not going to affect me, but I need help getting rid of this beast!
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #8 on: November 16, 2005, 02:09:48 AM »

Here is a new HJT log. It looks like I have some new stuff that has accumulated since my last run of this.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:23 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 9.0\vstudio.exe
C:\Documents and Settings\HP_Owner\My Documents\shareware\Virus\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hp71A5.tmp
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvRemoteManager] C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe
O4 - HKLM\..\Run: [NvPvrNetMon] "C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132103441890
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA PVR Schedule Monitor (nvpvrmon) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\nvpvrmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\NVIDIA~1\FORCEW~1\NVRemote\x10nets.exe (file missing)

Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #9 on: November 25, 2005, 05:41:50 AM »

Hi guys,
Since no one gave me any further help on this I used an online virus scan to help me locate the problem and I solved it myself. Thanks to those that at least tried to help me. I guess this can be closed now.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: November 27, 2005, 01:43:48 AM »

Sorry I could not get back to you but for some reason I never got any notification of your last posts.Anyway,glad you got it sorted.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 06, 2017, 01:09:41 PM