after you do all that and get it cleaned up , if you're not already, try Mozilla Firefox for web browsing. IE is the source to alot of problems , I only use it to DL microsoft stuff.

Generally, most spyware are writtten for IE , so Firefox is much less stressful to use.

good luck;)

Let's start this way:
Go to here and do an online scan and delete whatever it finds. Be sure to highlight the drives you want to have searched.
After that could you please go to here
and download AdAwareSE and delete what it finds. Then while using
AdAware, click on add-ons and get their plug-in for the VX2 variant,
and run that and delete what it finds.
After that go to here
and download SpyBot and run that and delete what it finds.
Now go to
here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.

Post the log that it generates here.

Steve

I think I rememebr hearing Firefox has some compatibily problems with Java scripts.. I would email Mozilla or ask a Firefox forum.


also defrag and run disc clean up... that helps clean out the temporary internet files and cookies.


I run like 5 Spyware programs and sometimes none of them get it! :( good luck!

Hi Steve

 

The log is below:  I am on a dial up at the moment (Spanish Telecoms have appaling customer service) so I hope everything worked.

 

LLOYD

Logfile of HijackThis v1.99.1
Scan saved at 20:41:43, on 20/02/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ONSPEED\onspeed.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\FRU\Remind32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lloyd Earle\Local Settings\Temp\Temporary Directory 1 for

hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -

C:\WINDOWS\System32\892LZN~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP

Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700

series\FRU\Remind32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeed.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\onspeed.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\onspeed.exe/227
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -

http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096188946051
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -

http://ftp.us.dell.com/fixes/PROFILER.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{921D5CC7-5AE4-427F-BA4A-68256657EA30}: NameServer =

195.235.113.3 195.235.255.0
O20 - AppInit_DLLs:

v4fciyt8noykhfdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d

ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

 

LLOYD,

Let's start with this...

---

Download KillBox, unzip it to your desktop, then run it. Now:

1. select " Action | Delete on reboot".
2. copy/paste the following file name(s), one at a time, in the " Paste Path of File to Delete" field:

v4fciyt8noykhfdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
winlogin.exe

3. click " Kill File".
4. when prompted to " Reboot Now" select " No", until the last one, then select Yes.

---

Let me know if any of them aren't found. Be sure to double check and make sure both are deleted from your harddrive.

Mike.

I was just thinking this morning what the best way to reduce those costs were?

How did you know that?

Sorry to doubt you but is this right all those DLLs?

Also, I cant't find the "kill file" button (or whatever).

Thanks for your help but I have to say that I am really thick in this area - ask me how to ewduce costs in pan-european transport and warehousing and I'll give you a talk on it!!

 

LLOYD

LLOYD,

It sure is. That's the 'puppy' that causing a big percentage of the problem; see if this link helps out.

Mike.

 

My fees are only £1250 per day (plus expences of course) but I still didn't get rid of the trojans (or whatever they are!

Originally, I asked whether a re-load of Windows would help or do I need to go all the way and re-format the disc?  The problems are certainly in the registry because they show up as such on the the "anti" software

 

Lloyd

Wait for Mike to sign on today to help you.

You have a good day. He will be one soon I would imagine.

Reloading Windows or Reformating Windows is the same thing.

Let Mike try and save you the pain of doing it.

Steve

Message Edited by zbestwun2001 on 02-23-2005 11:20 AM

Thanks

I am off to the UK tomorrow (from Spain) work an other committments call.

I will check in again when I return.

 

Lloyd