After you terminate these entries come back and post another log file of Hijacthis .. I would suggest you scan with housecall: http://housecall.trendmicro.com/ and choose "complete" scan ;) good luck!
Free at Last!!!! I think I got them all.:robottongue: What a day. Will def. be making a donation to HiJackThis.
Logfile of HijackThis v1.99.1 Scan saved at 11:31:27 PM, on 5/11/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000)
al 49
3 Posts
0
May 12th, 2005 00:00
Ramos840
4 Posts
0
May 12th, 2005 00:00
The Following entries you would have to remove.
C:\Program Files\SHARP\OZ_ZQ-590\sync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://zw.com.tw:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A 2T4LD.BIZ/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp9B65.tmp
The following keys are unecassary:
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C04F7956B1} - http://zw.com.tw:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A 2T4LD%2E%42%49%5A/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C04F7956B2} - http://zw.com.tw:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A 2T4LD%2E%42%49%5A/av.htm (file missing)
O9 - Extra button: PILLS - {0B5F1910-F111-11d2-BB9E-00C04F7956B3} - http://zw.com.tw:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A 2T4LD%2E%42%49%5A/med.htm (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C04F7956B4} - http://zw.com.tw:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A 2T4LD%2E%42%49%5A/check.htm (file missing)
After you terminate these entries come back and post another log file of Hijacthis .. I would suggest you scan with housecall: http://housecall.trendmicro.com/ and choose "complete" scan ;) good luck!
MACHADO458
167 Posts
0
May 12th, 2005 01:00
Message Edited by MACHADO458 on 07-17-200612:06 AM
MACHADO458
167 Posts
0
May 12th, 2005 02:00
Message Edited by MACHADO458 on 07-17-200612:06 AM
al 49
3 Posts
0
May 12th, 2005 02:00
Free at Last!!!! I think I got them all.:robottongue: What a day. Will def. be making a donation to HiJackThis.
Logfile of HijackThis v1.99.1
Scan saved at 11:31:27 PM, on 5/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\QuickBooks Onilne Backup\OLRegCap.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\QuickBooks Onilne Backup\OLlaunch.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QuickBooks Onilne Backup\OLSysTray.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninernation.net/index.php?&act=idx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: QuickBooks Onilne Backup TaskBar Icon.LNK = C:\Program Files\QuickBooks Onilne Backup\OLSysTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: QuickBooks Onilne Backup RegCap (OLRegCap) - Intuit Inc. - C:\Program Files\QuickBooks Onilne Backup\OLRegCap.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: QuickBooks Onilne Backup Launcher (QuickBooks Onilne BackupLauncher) - Intuit Inc. - C:\Program Files\QuickBooks Onilne Backup\OLlaunch.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
:robottongue: