Jump to content


Photo

UM hi can someone read this and help me plz =)


  • Please log in to reply
5 replies to this topic

#1 zero123

zero123

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 05:42 AM

Hi all im new to this forum and ive been of course having the same probelms as all of u people with thath home search thing. ive tryed everything so far ive tryed adware spybot virus scanner (panda) , hs remover everything i can think of so far. i read this forum seems like some of u people know how to remove it so i wouldnt mind if i could get some help here :p . if i need specific programs to removie it can u guys please help me out plz :whistle:

#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 20 July 2004 - 05:48 AM

Hi Zero :)

Download HijackThis (listed below), start it, click "Scan", Click "Save Log", then save it anywhere. Then post the log that shows up in this topic, so experts can see what's going on with your computer :cool:
Nucia Security Forums - Dutch Anti-Malware Support

#3 zero123

zero123

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 07:23 AM

Logfile of HijackThis v1.97.7
Scan saved at 12:21:08 AM, on 7/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\mapiicon.exe
C:\Documents and Settings\Administrator\My Documents\Leslie\IPGamma\IPGamma.exe
C:\WINDOWS\System32\dplaysvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe
C:\WINDOWS\system32\sndvol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zvvts.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676
O2 - BHO: (no name) - {0440569F-36A4-10C4-11A3-E6681BB55C06} - C:\WINDOWS\system32\sysfl.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ADOBE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [iphh32.exe] C:\WINDOWS\system32\iphh32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] sndvol.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [iezr32.exe] C:\WINDOWS\system32\iezr32.exe
O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\crxp.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\nter32.exe
O4 - HKLM\..\RunOnce: [sysje.exe] C:\WINDOWS\system32\sysje.exe
O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe
O4 - HKLM\..\RunOnce: [ipmy.exe] C:\WINDOWS\system32\ipmy.exe
O4 - HKLM\..\RunOnce: [mfcro32.exe] C:\WINDOWS\system32\mfcro32.exe
O4 - HKLM\..\RunOnce: [msry32.exe] C:\WINDOWS\system32\msry32.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [winpi32.exe] C:\WINDOWS\system32\winpi32.exe
O4 - HKLM\..\RunOnce: [javakn.exe] C:\WINDOWS\system32\javakn.exe
O4 - HKLM\..\RunOnce: [iexu32.exe] C:\WINDOWS\system32\iexu32.exe
O4 - HKLM\..\RunOnce: [sdkjq.exe] C:\WINDOWS\system32\sdkjq.exe
O4 - HKLM\..\RunOnce: [mfcwk32.exe] C:\WINDOWS\mfcwk32.exe
O4 - Startup: Shortcut to IPGamma.lnk = C:\Documents and Settings\Administrator\My Documents\Leslie\IPGamma\IPGamma.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12359B8B-9EF7-4DC6-8D63-CFE0E7346834}: NameServer = 203.96.152.4 203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{12359B8B-9EF7-4DC6-8D63-CFE0E7346834}: NameServer = 203.96.152.4 203.96.152.12

#4 zero123

zero123

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 July 2004 - 07:24 AM

yea guys my frenid also found htis guide on the net on how to get rid of it and it has had some success by some people. i duno if i should try it but i might take a shot.

http://www.computing...orum/12346.html

if ur interested it posted by atomic dog

#5 zero123

zero123

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 July 2004 - 03:34 AM

guess the pros are sleeping =(

#6 Jared Thaler

Jared Thaler

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 21 July 2004 - 04:03 AM

At least one of them appears to be prowling. Have faith and patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button