Jump to content


Photo

Problems with mediatickesinstaller and some


  • Please log in to reply
1 reply to this topic

#1 Imperial21

Imperial21

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 18 July 2004 - 09:59 AM

Hijack

Logfile of HijackThis v1.98.0
Scan saved at 16:47:43, on 18.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wininimil.exe
C:\WINDOWS\System32\NAVSCAN64.exe
C:\WINDOWS\System32\sxvhost.exe
C:\WINDOWS\System32\xswdov.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\msconfg.exe
C:\Documents and Settings\Helge\Programdata\ieam.exe
C:\WINDOWS\System32\healn.exe
C:\Programfiler\ORiNOCO\Client Manager\CMLUC.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6AA5657C-C21D-2EC0-8655-6C5504D57C6C} - C:\WINDOWS\System32\nnxo.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wininimil.exe
O4 - HKLM\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [ztdepholpeax] C:\WINDOWS\System32\xswdov.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininimil.exe
O4 - HKLM\..\RunServices: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininimil.exe
O4 - HKCU\..\Run: [Bdce] C:\Documents and Settings\Helge\Programdata\ieam.exe
O4 - HKCU\..\Run: [Nzwmjevn] C:\WINDOWS\System32\healn.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flings...TInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2813454-3E0A-45E3-BEDF-A057162DBB80}: NameServer = 81.29.32.135 81.29.32.130

Once in a while there comes a pop-up wich want me to buy diplomas and diffrent college and university grads. And every time I start up i get a message saying something like invalid windows pictures reffering to two files that get generated everytime the machine starts up (fia1.tmp and xja2.tmp last time it was mia1.tmp and vja2.tmp its alwys two tmp files) very annoying.

Was hoping you could help me with some of the problems

Oh and also IE try to open a web page called www.nubela.net/nubeeeee

Edited by Imperial21, 18 July 2004 - 10:04 AM.


#2 Imperial21

Imperial21

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 18 July 2004 - 01:40 PM

Update!
Have been messing around myself, not sure if its gone.


Logfile of HijackThis v1.98.0
Scan saved at 20:39:07, on 18.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
L:\Programmer\Norton Antivirus\navapsvc.exe
L:\Programmer\Norton Antivirus\AdvTools\NPROTECT.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\sxvhost.exe
C:\WINDOWS\System32\xswdov.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\ORiNOCO\Client Manager\CMLUC.EXE
C:\Hijack\HijackThis.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6AA5657C-C21D-2EC0-8655-6C5504D57C6C} - C:\WINDOWS\System32\nnxo.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - L:\Programmer\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - L:\Programmer\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wininimil.exe
O4 - HKLM\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [ztdepholpeax] C:\WINDOWS\System32\xswdov.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] L:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininimil.exe
O4 - HKLM\..\RunServices: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininimil.exe
O4 - HKCU\..\Run: [Bdce] C:\Documents and Settings\Helge\Programdata\ieam.exe
O4 - HKCU\..\Run: [Nzwmjevn] C:\WINDOWS\System32\healn.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button