Jump to content


Photo

In dire, dire need of severe help. To the extent:


  • Please log in to reply
6 replies to this topic

#1 Disembodied

Disembodied

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 July 2004 - 10:31 AM

Hello there.

Yes, I've read the FAQ and all other pages similair to it. Been to numerous thread and found symptoms similair to mine. However for some reason it just gets worse. Basically, here are the symptoms my computer has undergone:

1) Home and Search page redirection
2) Pop ups

and now the less common symptoms

3) Sluggish internet

4) Spyware, Virus, and Trojan scanning programs unable to pick up any traces of bugs unlike before (When they were found, they were picked up but could not be removed for one reson or another.)

5) Above programs not being able to START in the first place due to said spyware infecting the reference files.

6) Hijacked typing, as I type in text boxes such as this one a string of dots appears periodically and turns into letters and sentences. It types on it's own.

Anyway, this problem has enlarged so much over time. It's phenomenal. NOTHING seems to help. Spybot and Ad Aware do NOT pick anything up. And if they do, then they reinstall themselves instantly. Computer is slower than it's ever been.

I've downloaded every program I can, which includes (not limited to) About:Buster, McAfee 8 and Stinger, TrojanHunter, Spyware Guard, and X Cleaner.

I am led to believe it's trojans, since Trojan Hunter picks them up during scan but it cannot get rid of them. Something along the lines of "Error in Unpacking xx.dll".

I leave Ad Watch, the SB TeaTime resident, and the SpyGuward programs on to track events. Every time a new window opens the trojan/whatever files recreate themselves.

I could talk forever, and thats how much this seems to have gotten to the computer. In any case, this is the HijackThis log. ANY help at all is sincerely appreciated. I dont want to have to reformat my computer.

Logfile of HijackThis v1.98.0
Scan saved at 5:54:08 PM, on 7/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Ontrack\Fix-It\mxserver.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\crit.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\netjc32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\SoulSeek Recieved Files\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\SoulSeek\slsk.exe
C:\Downloads\Hijack THIS!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msty32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] D:\Yousef's Transfer Files 1\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Yousef's Transfer Files 1\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness....nd.net/push.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B51E16CC-D25C-47FB-9FE6-FD8D638F1E7A}: NameServer = 217.17.233.49 193.188.97.212


#2 Disembodied

Disembodied

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 July 2004 - 11:46 AM

Bump...

I seriously need help, it falls under all the symptoms of most topics I've read except it wont go away and it just gets worse.

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 19 July 2004 - 01:52 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msty32.dll

O4 - HKLM\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKLM\..\Run: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKCU\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Reboot and delete

files
All files in the C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp folder
C:\WINDOWS\system32\netjc32.exe

folder
C:\Program Files\AWS

These may be hidden files. See
HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 Disembodied

Disembodied

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 07:27 AM

Bump, alright...thanks, I'll try that out...

#5 Disembodied

Disembodied

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 08:28 AM

OK, went and deleted most files in the Temp folder (some DLL's refused to be deleted), deleted the AWS folder, and I think the main little bugger is that netjc32.exe file. I scan it with Trojan Hunter and I get this:

Warning: Unable to unpack UPX packed file netjc32.exe
Found possible trojan file: netjc32.exe

No trojans found


its being difficult. It seems nothing can get it to go away. Anyway, I also tried to get rid of the things listed on Hijack This...but before anything happens I get this message on a popup:


An unexpected error has occurred at procedure: cmdFix_Click()
Error #75 - Path/File access error (48 items in results list)

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.0

This message has been copied to your clipboard.


I then tried to use HT version 1.97, rebooted after fixing those checked but still nothing happened. Here is the log.

Any suggestions on what to do now?

Logfile of HijackThis v1.98.0
Scan saved at 4:27:54 PM, on 7/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Ontrack\Fix-It\mxserver.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
C:\WINDOWS\system32\netjc32.exe
C:\WINDOWS\crit.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\GetRight\getright.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\SoulSeek Recieved Files\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Downloads\Hijack THIS!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKLM\..\Run: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKCU\..\Run: [AIM] D:\Yousef's Transfer Files 1\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0\CalCheck.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Yousef's Transfer Files 1\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness....nd.net/push.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B51E16CC-D25C-47FB-9FE6-FD8D638F1E7A}: NameServer = 217.17.233.49 193.188.97.212

Edited by Disembodied, 20 July 2004 - 09:24 AM.


#6 Disembodied

Disembodied

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 09:21 AM

Bump again...computer's a little faster but this bugger seems to keep wanting to add BHO's (Spyware Guard is tracking and rejecting them) and generally is still on the computer.

#7 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 20 July 2004 - 04:50 PM

Ok, getting there!
Try it this way: -

Reboot into safe mode, and have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKLM\..\Run: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKCU\..\Run: [MSNProxy] C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Then, WITHOUT rebooting, search for and delete

files
C:\Documents and Settings\xsdef vfgt bhjgt hgh\Local Settings\Temp\MSNProxy.exe
C:\WINDOWS\system32\netjc32.exe

folders
C:\Program Files\AWS

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button