Tech Support Forum - View Single Post - xadsj-o.offerot...... problems

John R · 01-14-2005, 07:18 AM

Hi,

This is my first use of this site - earlier this week norton would not work, then I seemed to have a corrupt internet explorer pages were not able to be accessed, then word suffered problems with template issues.... I have noticed that when in internet explorer that a window exists along the bottom bar containing the words microsoft exployer.... and the once I managed to get it in view the address bar contained the xadsj-optim.... address.

I've run spybot, adaware both updated today but still no joy. I then started to research and have now copied the hijack this results.txt...

I'm not that pc literate.... so please if you are able provide simple advice.

===========================================================================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/12/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 13:56:49, on 14/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\fpjkvrfl.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINDOWS\FSScrCtl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://introdelta.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [xxnovjkfd] C:\WINDOWS\system32\fpjkvrfl.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11282ec7...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093631710392
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templ...ailcontrol.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B87E9ACA-B71D-4092-A15B-701ABE272DEF}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

End of KRC HijackThis Analyzer Log.
===========================================================================================================================

01-14-2005, 07:18 AM	#1 (permalink)
John R Registered User Join Date: Jan 2005 Posts: 18 OS: XP	xadsj-o.offerot...... problems Hi, This is my first use of this site - earlier this week norton would not work, then I seemed to have a corrupt internet explorer pages were not able to be accessed, then word suffered problems with template issues.... I have noticed that when in internet explorer that a window exists along the bottom bar containing the words microsoft exployer.... and the once I managed to get it in view the address bar contained the xadsj-optim.... address. I've run spybot, adaware both updated today but still no joy. I then started to research and have now copied the hijack this results.txt... I'm not that pc literate.... so please if you are able provide simple advice. =========================================================================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 1/12/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 13:56:49, on 14/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\fpjkvrfl.exe C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE C:\WINDOWS\FSScrCtl.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://introdelta.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [xxnovjkfd] C:\WINDOWS\system32\fpjkvrfl.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11282ec7...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093631710392 O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templ...ailcontrol.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B87E9ACA-B71D-4092-A15B-701ABE272DEF}: NameServer = 192.168.0.1,4.2.2.2 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe End of KRC HijackThis Analyzer Log. ===========================================================================================================================