Jump to content


was attacked by g/f (dont know what she did!)

  • Please log in to reply
1 reply to this topic

#1 mamiyarz67



  • Full Member
  • Pip
  • 5 posts

Posted 26 June 2004 - 08:47 PM

Well i went to take a shower, came back and found her asking me about these pop-ups *sygate popups...uh oh*.. i get one and all i get is pop up ads and terabyte.exe and all sortsa Crap!! ARGH!!
well i think i got it all but i wanted you to double check, seems ok now though...

Logfile of HijackThis v1.97.7
Scan saved at 9:41:12 PM, on 6/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
\DRACO\Beast\Program Files\Cool Timer 98\CoolTime.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Iarsn\TaskInfo2003 5.0\TaskInfo.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\AVerTV2K\QuickTV.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Kazaa Lite\Kazaa.kpp
C:\internet crap\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teamvertigo.org/forums/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Da Net
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~2\inetkw.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CoolTimer98] \\DRACO\Beast\Program Files\Cool Timer 98\CoolTime.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOaldr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [5KJF2#33XAFDTK] C:\WINNT\system32\Vcj06J5Z.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TaskInfo.exe] "C:\Program Files\Iarsn\TaskInfo2003 5.0\TaskInfo.exe"
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: taskmgr.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} - http://companion.log...1/bin/imvid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab

#2 WinHelp2002


    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 26 June 2004 - 09:25 PM


i went to take a shower, came back and found her asking me about these pop-ups

Maybe you should have taken the shower with the girlfriend? :rofl:

i get one and all i get is pop up ads and terabyte.exe

Does "terabyte.exe" exist, I don't see it in your log ...

First thing to do is ...

Reconfigure Windows Explorer to show Hidden Files:
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.


Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~2\inetkw.dll
O4 - HKLM\..\Run: [5KJF2#33XAFDTK] C:\WINNT\system32\Vcj06J5Z.exe

Then reboot, on restart, restart in Safe Mode (see "How To" below)

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINNT\system32\WyifV8CN.exe <--this file
C:\WINNT\system32\Braibh6.exe <--this file
C:\WINNT\system32\Vcj06J5Z.exe <--this file
C:\PROGRAM FILES\INTERN~2\inetkw.dll <--this file
Note: locate via Search > Search: inetkw.dll

Restart normally and then ...

Download the latest version of Ad-Aware:

After installing AAW, and before running the program.

Reconfigure Ad-Aware for Full Scan:
Please update the reference file following the instructions here:

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button. Under "Log-file detail", select all options.

Click the "Tweaks" button. Under "Scanning Engine", select the following:
1) "Include additional Ad-aware settings in logfile"
2) "Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on Proceed to save these Preferences.
Note: make sure that you activate IN-DEPTH scanning before you proceed.

After the above, reboot, rescan with HijackThis and post a fresh log ...
Former Microsoft MVP Posted Image 1999-2012
"There's no place like"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button