Computer Assistance is needed !

Question

Logfile of HijackThis v1.97.7Scan saved at 10:42:24 PM, on 2/24/2004Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\WINDOWS\System32\CTHELPER.EXEC:\Program Files\Common files\updater\wupdater.exeC:\WINDOWS\system32\pcs\pcsvc.exeC:\Program Files\Creative\ShareDLL\MediaDet.ExeC:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exeC:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exeC:\Documents and Settings\Bob Smith\Application Data\hsse.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exeC:\WINDOWS\System32\Ntqjg05h.exeC:\WINDOWS\System32\XupJ.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeA:\hijackthis.exeC:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\plg0\AproposPlugin.dllO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dllO2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)O2 - BHO: (no name) - {B65D4A7C-BA00-4949-A204-512CFBD09EBE} - C:\WINDOWS\System32\detvmgr.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dllO4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exeO4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /runO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exeO4 - HKLM\..\Run: [5ZE2M5A29@TH6X] C:\WINDOWS\System32\Rydo84km.exeO4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exeO4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exeO4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exeO4 - HKCU\..\Run: [Toco] C:\Documents and Settings\Bob Smith\Application Data\hsse.exeO4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cabO16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab Internet Explorer, Control Panel, My Computer, much more are taking 3+ minutes to load.  Could anyone please tell me why.  Now my internet is no longer working.  But my network is working great. Would appreciate all the help I can get. Thanks Tony

Boardwalk_Angel · Answer

First...you've got the Peper trojan............Please run this uninstaller:

Remain online & connected to the internet when you do.

http://www.memorywatcher.com/uninst.exe

Then....move HijackThis into a folder..close all other windows & with only HijackThis running..check the box next to:

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\plg0\AproposPlugin.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {B65D4A7C-BA00-4949-A204-512CFBD09EBE} - C:\WINDOWS\System32\detvmgr.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKCU\..\Run: [Toco] C:\Documents and Settings\Bob Smith\Application Data\hsse.exe

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab

Then click "Fix Checked"...reboot

After you reboot..go to.........

C:\Program Files and delete the AproposClient folder

C:\Program Files\Common files and delete the updater folder

C:\WINDOWS\system32 and delete the pcs folder

C:\Documents and Settings\Bob Smith\Application Data and delete hsse.exe

Then..rescan & post your new log.

ChrisRLG · Answer

BTW when clean you need to visit the windows update site, your system is very out of date.

ChrisRLG · Answer

Very good first post at DellTalk Boardwalk_Angel, Welcome to DellTalk. - please look at the private messages beside your name at the top of this forum.BTW they will not work if popups are blocked for the site.----------------------------------------------------------------------------Bearver 1998Yes do as Boardwalk_angel posted, But ................... The memorywatcher download will not work unless you have internet connection active when you run it.And I normally advise to run it twice, as the first time often does not clear it all. Please post a new hijackthis log for us to check after you have done all that.

Virus & Spyware

Was this post helpful?