Tech Support Forum - View Single Post

nothing_more · 07-13-2005, 11:25 AM

69sexsearch opens on every startup.
540filehost opens most startups.
Just removed 'Critical Warning! Spyware....' message from desktop using Ad-Aware.
Computer just isn't quite right.

Any help much appreciated

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 18:18:34, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\svchost.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
C:\WINDOWS\NeroCheck.exe
C:\WINDOWS\nrchk.exe
C:\WINDOWS\msexploren.exe
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\fw_304.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Documents and Settings\Peter\Desktop\Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\NeroCheck.exe /i
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106072202191
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCX...lientNoMFC.cab
O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing)
O23 - Service: svchost.exe - Unknown - C:\WINDOWS\svchost.exe

End of KRC HijackThis Analyzer Log.
====================================================================

Thanks in advance
Matt

07-13-2005, 11:25 AM	#1 (permalink)
nothing_more Member Join Date: Jul 2005 Location: Cumbria, UK Posts: 20 OS: XP	Various Problems; HJT log (Analyzed) 69sexsearch opens on every startup. 540filehost opens most startups. Just removed 'Critical Warning! Spyware....' message from desktop using Ad-Aware. Computer just isn't quite right. Any help much appreciated ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 18:18:34, on 13/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\svchost.exe C:\PROGRA~1\DATACA~1\FLashKsk.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe C:\WINDOWS\NeroCheck.exe C:\WINDOWS\nrchk.exe C:\WINDOWS\msexploren.exe C:\WINDOWS\gaSrve.exe C:\WINDOWS\fw_304.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\Documents and Settings\Peter\Desktop\Stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing) O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\NeroCheck.exe /i O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O15 - Trusted Zone: http://.69sexsearch.com O15 - Trusted Zone: .skoobidoo.com O15 - Trusted Zone: .slotchbar.com O15 - Trusted Zone: .windupdates.com O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O15 - Trusted Zone: .skoobidoo.com (HKLM) O15 - Trusted Zone: .slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: (HKLM) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106072202191 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCX...lientNoMFC.cab O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing) O23 - Service: svchost.exe - Unknown - C:\WINDOWS\svchost.exe End of KRC HijackThis Analyzer Log. ==================================================================== Thanks in advance Matt