• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gfraz

remnants of xxxtoolbar

9 posts in this topic

could you look at this hijackthis and troubleshoot it for me ? everytime i boot up , within seconds d2k connector shows up and spysweeper kind of blocks it , but it will come back every 15 minutes or so , and it drives me crazy ...... I'm a newbie here and hope i've got this right..... and put it in the right place

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:56:07 AM, on 15/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\szchost.exe

C:\Program Files\Winamp3\winampa.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Kazaa Lite\Kazaa.exe

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\System32\notepad.exe

C:\My Download Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: start ante - {59BBE08C-45E3-108F-5B42-A3F2A6D8C910} - (no file)

O4 - HKLM\..\Run: [Zone system] C:\WINDOWS\szchost.exe

O4 - HKLM\..\Run: [ncpgsyc] rundll32 C:\WINDOWS\System32:ncpgsyc.dll,Init 1

O4 - HKLM\..\Run: [ynyd] C:\WINDOWS\ynyd.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [sdelyx] C:\WINDOWS\sdelyx.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [psylekgo] C:\WINDOWS\System32\lieftjod.exe

O4 - HKLM\..\Run: [pixileh] C:\WINDOWS\pixileh.exe

O4 - HKLM\..\Run: [ovqbyj] C:\WINDOWS\ovqbyj.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [msbb] c:\docume~1\greg\locals~1\temp\msbb.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa Lite\Kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [hqr] C:\WINDOWS\hqr.exe

O4 - HKLM\..\Run: [HideByte] C:\PROGRA~1\Oncedvd\Move Hope Mags.exe

O4 - HKLM\..\Run: [GMTZDJQWD] C:\WINDOWS\GMTZDJQWD.exe

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [bsbux] C:\WINDOWS\bsbux.exe

O4 - HKLM\..\Run: [alwvoz] C:\WINDOWS\alwvoz.exe

O4 - HKLM\..\Run: [ahilsl] C:\WINDOWS\ahilsl.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe

O4 - HKCU\..\Run: [Arps] C:\Documents and Settings\Greg\Application Data\htor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.earthetc.com/ecwplugins/ncs.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7925.4372569444

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

Edited by gfraz

Share this post


Link to post
Share on other sites

i also have a folder called inetpub that i'm not sure where it came from , possibly from microsoft office.

One other thing , is this file "System32:ncpgsyc.dll" a legit file ?

Share this post


Link to post
Share on other sites

First please download SPYBOT. Unzip the program, run it and click on search for updates. Install all updates, then hit scan.

 

Let it fix everything marked in RED.

 

Reboot.

 

Download AdAware from http://www.lavasoft.de/

 

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

 

Make sure the following settings are made and on (ON=GREEN)

 

From main window click "Start" then " Activate in-depth scan"

 

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

 

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

 

To save your settings click "proceed".

 

Now click the "Scan" button.

 

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

 

reboot again, and let Adaware run if it asks.

 

Then rescan with Hijack this, and post a fresh log.

Share this post


Link to post
Share on other sites

oops , sorry , (for being a newbie ) i have run ad-aware every day for 2 weeks , and spybot , and spy sweeper, i should have mentioned that in my original post , but i didnt do a few of the things you mentioned to tweak ad aware, so i'll try that next , and let you know how that works.... thanks for your reply and your time thus far Dave38 !

Its getting late tonight here , so i will do it tomorrow ........

Edited by gfraz

Share this post


Link to post
Share on other sites

ok , I just finished running spybot , it removed 2 items , then i checked adaware settings for the settings you mentioned (they were all already set your way ) and then ran adaware , and it found and removed about 6 things. Before i ran Hijackthis , i went to configsis , and turned every checkbox on (because one of the SWI "Read This" files said to, and here is the new Hijackthis log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 8:24:58 AM, on 22/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\szchost.exe

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\My Download Files\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: start ante - {59BBE08C-45E3-108F-5B42-A3F2A6D8C910} - (no file)

O4 - HKLM\..\Run: [Zone system] C:\WINDOWS\szchost.exe

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ynyd] C:\WINDOWS\ynyd.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [sdelyx] C:\WINDOWS\sdelyx.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe

O4 - HKLM\..\Run: [psylekgo] C:\WINDOWS\System32\lieftjod.exe

O4 - HKLM\..\Run: [pixileh] C:\WINDOWS\pixileh.exe

O4 - HKLM\..\Run: [ovqbyj] C:\WINDOWS\ovqbyj.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa Lite\Kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [hqr] C:\WINDOWS\hqr.exe

O4 - HKLM\..\Run: [HideByte] C:\PROGRA~1\Oncedvd\Move Hope Mags.exe

O4 - HKLM\..\Run: [GMTZDJQWD] C:\WINDOWS\GMTZDJQWD.exe

O4 - HKLM\..\Run: [bsbux] C:\WINDOWS\bsbux.exe

O4 - HKLM\..\Run: [alwvoz] C:\WINDOWS\alwvoz.exe

O4 - HKLM\..\Run: [ahilsl] C:\WINDOWS\ahilsl.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe

O4 - HKCU\..\Run: [Arps] C:\Documents and Settings\Greg\Application Data\htor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.earthetc.com/ecwplugins/ncs.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7925.4372569444

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

 

 

 

I hope this helps..... i'm still getting the d2k connector on my taskbar, followed by 2 windows saying download aborted (i think spysweeper is stopping something there). while the download aborted windows are on screen , the taskbar is still saying XXXtoolbar, thus my remnants of xxxtoolbar. (i had earlier tried getting rid of xxxtoolbar thru regedit, but i think something still exists)

Share this post


Link to post
Share on other sites

Still a few items to remove.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - Default URLSearchHook is missing

 

O3 - Toolbar: start ante - {59BBE08C-45E3-108F-5B42-A3F2A6D8C910} - (no file)

 

O4 - HKLM\..\Run: [Zone system] C:\WINDOWS\szchost.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [ynyd] C:\WINDOWS\ynyd.exe

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [sdelyx] C:\WINDOWS\sdelyx.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [psylekgo] C:\WINDOWS\System32\lieftjod.exe

O4 - HKLM\..\Run: [pixileh] C:\WINDOWS\pixileh.exe

O4 - HKLM\..\Run: [ovqbyj] C:\WINDOWS\ovqbyj.exe

O4 - HKLM\..\Run: [hqr] C:\WINDOWS\hqr.exe

O4 - HKLM\..\Run: [HideByte] C:\PROGRA~1\Oncedvd\Move Hope Mags.exe

O4 - HKLM\..\Run: [GMTZDJQWD] C:\WINDOWS\GMTZDJQWD.exe

O4 - HKLM\..\Run: [bsbux] C:\WINDOWS\bsbux.exe

O4 - HKLM\..\Run: [alwvoz] C:\WINDOWS\alwvoz.exe

O4 - HKLM\..\Run: [ahilsl] C:\WINDOWS\ahilsl.exe

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe

O4 - HKCU\..\Run: [Arps] C:\Documents and Settings\Greg\Application Data\htor.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

 

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

Reboot, and delete

 

files

C:\WINDOWS\szchost.exe

C:\WINDOWS\ynyd.exe

C:\WINDOWS\sdelyx.exe

C:\WINDOWS\Downloaded Program Files\bridge.dl

C:\WINDOWS\System32\lieftjod.exe

C:\WINDOWS\pixileh.exe

C:\WINDOWS\ovqbyj.exe

C:\WINDOWS\hqr.exe

C:\WINDOWS\GMTZDJQWD.exe

C:\WINDOWS\bsbux.exe

C:\WINDOWS\alwvoz.exe

C:\WINDOWS\ahilsl.exe

C:\WINDOWS\System32\wnsintsv.exe

C:\Documents and Settings\Greg\Application Data\htor.exe

 

folders

C:\Program Files\Common files\updater

C:\Program Files\Oncedvd

C:\Program Files\MyWebSearch

C:\Program Files\ClockSync

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if the problems persist.

Share this post


Link to post
Share on other sites

I think that did it Dave , the d2k connector thing hasn't shown up for 20 minutes now....

First i went back into msconfig and turned everything back on , then i ran Hijackthis and got it to fix all the ones i could find that were there, (some weren't) and then rebooted like you said , and deleted the files i could find in windows . Now i just ran hijackthis , here is the new log ......

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:34:49 AM, on 23/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Winamp3\winampa.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\Kazaa Lite\Kazaa.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\My Download Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [sdelyx] C:\WINDOWS\sdelyx.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa Lite\Kazaa.exe /SYSTRAY

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.earthetc.com/ecwplugins/ncs.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7925.4372569444

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

 

 

Now i think i will do a complete shutdown and reboot , see if it comes back again ........again , thanks for your time , i have no idea how much time you have spent , but it would seem a few hours at least , many thanks )

Share this post


Link to post
Share on other sites

Problem solved ! Haven't seen it (the d2k connector and download aborted popups) since i did the changes you recommended... What a relief...Thanks alot Dave38 !! my daughter says thanks as well , it was a magor irritation

 

 

Is it possible to change the dialogue under "remnants of xxxtoolbar" to show that it was concluded successfuly? I tried to look in the edit area but could only edit the post , not the title or caption

Edited by gfraz

Share this post


Link to post
Share on other sites

Youg log is clean. Except, that is for Kazaa! The chances of you remaining uninfested with malware if you retain this as very, very small indeed. I suggest that you uninstall it, and use a spyware free alternative.

 

Don't worry about the post title, when donw, the topic will be closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0