MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: please help with this hijackthis log
November 13, 2019, 12:04:08 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 12:04:08 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: please help with this hijackthis log  (Read 1512 times)
Amras
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: October 19, 2004, 02:35:56 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP Pro
Problem Application Name & Version: Xlime Offeroptimizer
Problem Hardware Make & Model:
Error Messages: Xlime Offeroptimizer



I get this popups from ilead.itrack and offeroptimizer.
Cant get rid of it Sad
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 19, 2004, 02:42:15 PM »

Please download and run the following programs:

AD-AWARE

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.

SPYBOT SEARCH & DESTROY

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

Hijack This

Make sure you unzip hijack this to its own folder such as C:\Program files as this is where the backups will be created.Run Hijack this but do NOT fix anything.Click save log and a log will open in notepad.Copy and paste your log here.
Logged

John Vickers
Amras
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: October 19, 2004, 03:04:48 PM »

Logfile of HijackThis v1.98.2
Scan saved at 17:03:35, on 19.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\system32\ccgokgmw.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pub.tv2.no/nettavisen/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1044&langid=1044
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ecugnx] C:\WINDOWS\system32\ccgokgmw.exe
O4 - HKLM\..\Run: [sais] c:\programfiler\180solutions\sais.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscanen.myasap.de/VS2/bin/myCioAgt.cab
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.1.137.dll

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: October 19, 2004, 03:25:02 PM »

First go to start>settings>control panel>add and remove programs and see
if 180solutions is listed.If it is uninstall

Run hijack this and fix the following;

R3 - Default URLSearchHook is missing
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O4 - HKLM\..\Run: [ecugnx] C:\WINDOWS\system32\ccgokgmw.exe
O4 - HKLM\..\Run: [sais] c:\programfiler\180solutions\sais.exe

Boot to safe mode making sure you can see hidden files and folders


How To Boot Into SafeMode

How To Show Hidden Files And Folders

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Delete:

C:\WINDOWS\system32\ccgokgmw.exe
c:\programfiler\180solutions

Reboot and post a new hijack this log
















Logged

John Vickers
Amras
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: October 19, 2004, 03:59:23 PM »

Logfile of HijackThis v1.98.2
Scan saved at 17:59:32, on 19.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pub.tv2.no/nettavisen/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1044&langid=1044
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vohdjuju] C:\WINDOWS\system32\ccgokgmw.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscanen.myasap.de/VS2/bin/myCioAgt.cab
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.1.137.dll

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: October 19, 2004, 04:05:34 PM »

Fix this one entry
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

boot to safe mode and delete the file in bold type

Reboot and post one more log
Logged

John Vickers
Amras
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: October 19, 2004, 04:23:14 PM »

Logfile of HijackThis v1.98.2
Scan saved at 18:23:20, on 19.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pub.tv2.no/nettavisen/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1044&langid=1044
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscanen.myasap.de/VS2/bin/myCioAgt.cab
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.1.137.dll

What about now? Should I perhaps delete cookies etc ?
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 19, 2017, 08:47:40 AM