More from hijackthis...

Status
Not open for further replies.
R

rymark

Beta member
Messages
3
Please help me with this hijackthislog.

First, here's the problems I experience in XP. I'm running Norman virus control wirh firewall and ad-aware se together with sysweeper.

Everytime I open IE I get this annoying toolbar-like thing at the bottom of my screen.

How can I get rid of it??

Also if i go to control panel/add remove programs then the first "program" is ?=/"//("?#"=/)"!#¤ (or at leats a lot of weird signs, like chinese or so).

And final in my internet settings in IE under "Advanced" there are more "chinese signs" at the top of the list - under !IE Search.

Can anyone help me?!?
 
And the log...

Logfile of HijackThis v1.97.7
Scan saved at 12:02:14, on 08-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmer\Logitech\MouseWare\System\Em_exec.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Downloaded\Programmer\System\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/ah0AGKmHVx8ty4yDhMbE3dU7Lo9q3IyauUk7hI25iJq7dba_Wyq6KA29Lg.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {0249D7EC-9AD6-B5F5-AB2A-2B1A8B34E882} - C:\PROGRA~1\CDROMB~1\Owns cast.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {598A224A-0708-B1AD-FD13-30FC4FE1704E} - C:\PROGRA~1\CDROMB~1\Owns cast.exe
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg
O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: °Ù¶ÈËÑË÷°é (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [!IESearch] !IESearch
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093900019343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
 
Yo dude. I can help you out here.
First off anything related to IE in that list get rid of.
Now instead of going through each particular thing Ima just tell you how to get rid of adware/spyware/browser hijacks/etc...
Ima put it in steps.
1. Goto www.lavasoftusa.com and download adawareSE personal edition (free)
2. Run adaware and it automatically updates the definitions. After this close it we will come back to this later.
3. Download kerio personal firewallfrom www.kerio.com (free). If you dont have a firewall.
4. Install it.
5. Update your anti-virus definitions and stuff (if you don't have AV goto the downloads section here they have some links to free AV)
6. Make sure adaware and kerio are installed and make sure your hijack this is the newest one.
7. RESTART in safe mode with networking support.
8. Run adaware, run av, it will detect and get rid of all that spyware and stuff.
9. After that goto add/rem program in the Control Panel and remove anything suspicious "(EX: Easymoneytoolbar or GAIN)
10. Turn off system restore (depends on your OS how to do it research it on google beforehand most likely in my computer propertites (sys prop).
11. Do a windows update then Restart.
12. Re-run adaware make sure its all gone.
13. Take note of anything that is there again and google them.
Usually there is a removal tool (coolwebsearch has one for example).
If that doesn't get rid of it. I suggest dumping IE and going with mozilla firefox its so much better trust me. www.mozilla.org man you will thank me.

Also I suggest www.winpatrol.com winpatrol. It lets you know when shady things happen.
 
The new log...

Logfile of HijackThis v1.98.2
Scan saved at 15:10:45, on 09-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Programmer\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Dudez\ProtoWall.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NIP.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\PROGRAMMER\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAMMER\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Downloaded\Programmer\System\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/VisArtikel.sasp?TemplateID=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.viutjrqsrjiywi.org/2hq3E/ah0AGKmHVx8ty4yDhMbE3dU7Lo9q3IyauUk7hI25iJq7dba_Wyq6KA29Lg.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmer\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMMER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\App32_16.exe K_Divx_v5.2_Kg
O4 - HKLM\..\Run: [more nurb] C:\PROGRA~1\BLAHCH~1\clockmpeg.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Programmer\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Platform joy owns dumb] C:\Documents and Settings\All Users\Application Data\lies acid platform joy\messsign.exe
O4 - HKLM\..\Run: [MailSoftwareChinClock] C:\Documents and Settings\All Users\Application Data\Wmacdrommailsoftware\CREATIVE SURF.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProtoWall] C:\Programmer\Dudez\ProtoWall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093900019343
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
 
rymark,

We have noticed that a few threads have been open for some time and would like to check up on your status. Please let us know if we can: help you further in any way or if your problem has been resolved. Sorry for the delay in our response, but we would like to make sure that all your needs have been met. Thank your for your patience in this matter.
Regards
~KB

--==:::Note:::==--
If we receive no response from you in a reasonable amount of time we will assume that you are well and happy. If this happens, pleas PM or Email Southernlady or DMo224 to have the thread reopened.
Thanks again.
 
Status
Not open for further replies.

Similar threads

R
windows upgrade nightmare (dell laptop from home to pro win11)
Replies
8
Views
1K
camilasaunder89
C
M
Thinking of upgrading from Ryzen 5 1400 to ryzen 7 5700G on same motherboard
Replies
0
Views
333
mikee
M
S
Would it benefit me joining Discord chat groups?
Replies
0
Views
883
Scissorman
S
R
Help for my homelab
Replies
1
Views
587
PP Mguire
PP Mguire
P
I. T. Industry Boom
Replies
0
Views
736
phantom555
P
Back
Top Bottom