iwantu.com
-
iwantu.com
an "iwantu.com" message pops up about once every 10-30 minutes. it's getting old fast. here she is:
--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:40:40 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\73063296.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\7fh9np2g.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Neil\My Documents\My Received Files\Programs\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sexofactory.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [73063296.exe] C:\WINDOWS\System32\73063296.exe
O4 - HKLM\..\Run: [43194216.exe] C:\WINDOWS\System32\43194216.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [70191591.exe] C:\WINDOWS\System32\70191591.exe
O4 - HKLM\..\Run: [48789614.exe] C:\WINDOWS\System32\48789614.exe
O4 - HKLM\..\Run: [49544924.exe] C:\WINDOWS\System32\49544924.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [172060.exe] C:\WINDOWS\System32\172060.exe
O4 - HKLM\..\Run: [70476931.exe] C:\WINDOWS\System32\70476931.exe
O4 - HKLM\..\Run: [22008913.exe] C:\WINDOWS\System32\22008913.exe
O4 - HKLM\..\Run: [43902224.exe] C:\WINDOWS\System32\43902224.exe
O4 - HKLM\..\Run: [13027590.exe] C:\WINDOWS\System32\13027590.exe
O4 - HKLM\..\Run: [11777895.exe] C:\WINDOWS\System32\11777895.exe
O4 - HKLM\..\Run: [75179690.exe] C:\WINDOWS\System32\75179690.exe
O4 - HKLM\..\Run: [30973452.exe] C:\WINDOWS\System32\30973452.exe
O4 - HKLM\..\Run: [55895632.exe] C:\WINDOWS\System32\55895632.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [98638552.exe] C:\WINDOWS\System32\98638552.exe
O4 - HKLM\..\Run: [87144106.exe] C:\WINDOWS\System32\87144106.exe
O4 - HKLM\..\Run: [69781130.exe] C:\WINDOWS\System32\69781130.exe
O4 - HKLM\..\Run: [48072451.exe] C:\WINDOWS\System32\48072451.exe
O4 - HKLM\..\Run: [77169436.exe] C:\WINDOWS\System32\77169436.exe
O4 - HKLM\..\Run: [ngj] C:\WINDOWS\ngj.exe
O4 - HKLM\..\Run: [7fh9np2g] C:\WINDOWS\System32\7fh9np2g.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [51395815.exe] C:\WINDOWS\System32\51395815.exe
O4 - HKLM\..\Run: [58201235.exe] C:\WINDOWS\System32\58201235.exe
O4 - HKLM\..\Run: [30860537.exe] C:\WINDOWS\System32\30860537.exe
O4 - HKLM\..\Run: [26806277.exe] C:\WINDOWS\System32\26806277.exe
O4 - HKLM\..\Run: [62810915.exe] C:\WINDOWS\System32\62810915.exe
O4 - HKLM\..\Run: [54809206.exe] C:\WINDOWS\System32\54809206.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11EC003D-C1FA-4C18-AB6D-C5D1E6F281CE} - http://cab.accesorapido.com/webcams.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30a697dd11a9a9e...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121211595781
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9387B9E0-3DA2-436E-88E5-FA09AE3A48C0} (pup.setup) - http://www.lazychestnuts.net/0014/ph/pup.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-----------------------------------------------------------
any help would be radical. thanks.
-neil
-
Hello,neilsucks & Welcome
Lit me add this right now not uninstalling KAZAA will
just have you back here again.
Press control-alt-delete to get into the task manager and end the follow processes if they exist:
73063296.exe
43194216.exe
70191591.exe
48789614.exe
49544924.exe
172060.exe
70476931.exe
22008913.exe
43902224.exe
13027590.exe
11777895.exe
75179690.exe
30973452.exe
55895632.exe
Kazaa.exe
98638552.exe
87144106.exe
69781130.exe
48072451.exe
77169436.exe
ngj.exe
7fh9np2g.exe
MediaAccK.exe
51395815.exe
58201235.exe
30860537.exe
26806277.exe
62810915.exe
54809206.exe
angelex.exe
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
P2P Networking
KAZAA
Media Access
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sexofactory.com/ie/
O4 - HKLM\..\Run: [73063296.exe] C:\WINDOWS\System32\73063296.exe
O4 - HKLM\..\Run: [43194216.exe] C:\WINDOWS\System32\43194216.exe
O4 - HKLM\..\Run: [70191591.exe] C:\WINDOWS\System32\70191591.exe
O4 - HKLM\..\Run: [48789614.exe] C:\WINDOWS\System32\48789614.exe
O4 - HKLM\..\Run: [49544924.exe] C:\WINDOWS\System32\49544924.exe
O4 - HKLM\..\Run: [172060.exe] C:\WINDOWS\System32\172060.exe
O4 - HKLM\..\Run: [70476931.exe] C:\WINDOWS\System32\70476931.exe
O4 - HKLM\..\Run: [22008913.exe] C:\WINDOWS\System32\22008913.exe
O4 - HKLM\..\Run: [43902224.exe] C:\WINDOWS\System32\43902224.exe
O4 - HKLM\..\Run: [13027590.exe] C:\WINDOWS\System32\13027590.exe
O4 - HKLM\..\Run: [11777895.exe] C:\WINDOWS\System32\11777895.exe
O4 - HKLM\..\Run: [75179690.exe] C:\WINDOWS\System32\75179690.exe
O4 - HKLM\..\Run: [30973452.exe] C:\WINDOWS\System32\30973452.exe
O4 - HKLM\..\Run: [55895632.exe] C:\WINDOWS\System32\55895632.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [98638552.exe] C:\WINDOWS\System32\98638552.exe
O4 - HKLM\..\Run: [87144106.exe] C:\WINDOWS\System32\87144106.exe
O4 - HKLM\..\Run: [69781130.exe] C:\WINDOWS\System32\69781130.exe
O4 - HKLM\..\Run: [48072451.exe] C:\WINDOWS\System32\48072451.exe
O4 - HKLM\..\Run: [77169436.exe] C:\WINDOWS\System32\77169436.exe
O4 - HKLM\..\Run: [ngj] C:\WINDOWS\ngj.exe
O4 - HKLM\..\Run: [7fh9np2g] C:\WINDOWS\System32\7fh9np2g.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [51395815.exe] C:\WINDOWS\System32\51395815.exe
O4 - HKLM\..\Run: [58201235.exe] C:\WINDOWS\System32\58201235.exe
O4 - HKLM\..\Run: [30860537.exe] C:\WINDOWS\System32\30860537.exe
O4 - HKLM\..\Run: [26806277.exe] C:\WINDOWS\System32\26806277.exe
O4 - HKLM\..\Run: [62810915.exe] C:\WINDOWS\System32\62810915.exe
O4 - HKLM\..\Run: [54809206.exe] C:\WINDOWS\System32\54809206.exe
O16 - DPF: {11EC003D-C1FA-4C18-AB6D-C5D1E6F281CE} - http://cab.accesorapido.com/webcams.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30a697dd11a9a9...ip/RdxIE601.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/insta.../sinstaller.cab
O16 - DPF: {9387B9E0-3DA2-436E-88E5-FA09AE3A48C0} (pup.setup) - http://www.lazychestnuts.net/0014/ph/pup.CAB
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
Make sure you can view hidden and system files: Instructions here
Then Boot to safe mode: Instructions here
Delete the following files in Red & folders in Blue IF still present:
C:\WINDOWS\System32\73063296.exe
C:\WINDOWS\System32\43194216.exe
C:\WINDOWS\System32\70191591.exe
C:\WINDOWS\System32\48789614.exe
C:\WINDOWS\System32\49544924.exe
C:\WINDOWS\System32\172060.exe
C:\WINDOWS\System32\70476931.exe
C:\WINDOWS\System32\22008913.exe
C:\WINDOWS\System32\43902224.exe
C:\WINDOWS\System32\13027590.exe
C:\WINDOWS\System32\11777895.exe
C:\WINDOWS\System32\75179690.exe
C:\WINDOWS\System32\30973452.exe
C:\WINDOWS\System32\55895632.exe
C:\Program Files\Kazaa\
C:\WINDOWS\System32\98638552.exe
C:\WINDOWS\System32\87144106.exe
C:\WINDOWS\System32\69781130.exe
C:\WINDOWS\System32\48072451.exe
C:\WINDOWS\System32\77169436.exe
C:\WINDOWS\ngj.exe
C:\WINDOWS\System32\7fh9np2g.exe
C:\Program Files\Media Access\
C:\WINDOWS\System32\51395815.exe
C:\WINDOWS\System32\58201235.exe
C:\WINDOWS\System32\30860537.exe
C:\WINDOWS\System32\26806277.exe
C:\WINDOWS\System32\62810915.exe
C:\WINDOWS\System32\54809206.exe
C:\WINDOWS\System32\angelex.exe
Then do a reboot do this here
Go for free online Virus scans here:
http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.
Once done with all of the above show us a new logfile
& feed back as to how the PC is doing.
HGD
Last edited by HJThis; 25-07-2005 at 10:43 PM.
-
done and dung. i havent seen the iwantu.com message yet, but the hjt log looks pretty similar to the first:
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:36:41 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Documents and Settings\Neil\My Documents\My Received Files\Programs\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sexofactory.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [73063296.exe] C:\WINDOWS\System32\73063296.exe
O4 - HKLM\..\Run: [43194216.exe] C:\WINDOWS\System32\43194216.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [70191591.exe] C:\WINDOWS\System32\70191591.exe
O4 - HKLM\..\Run: [48789614.exe] C:\WINDOWS\System32\48789614.exe
O4 - HKLM\..\Run: [49544924.exe] C:\WINDOWS\System32\49544924.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [172060.exe] C:\WINDOWS\System32\172060.exe
O4 - HKLM\..\Run: [70476931.exe] C:\WINDOWS\System32\70476931.exe
O4 - HKLM\..\Run: [22008913.exe] C:\WINDOWS\System32\22008913.exe
O4 - HKLM\..\Run: [43902224.exe] C:\WINDOWS\System32\43902224.exe
O4 - HKLM\..\Run: [13027590.exe] C:\WINDOWS\System32\13027590.exe
O4 - HKLM\..\Run: [11777895.exe] C:\WINDOWS\System32\11777895.exe
O4 - HKLM\..\Run: [75179690.exe] C:\WINDOWS\System32\75179690.exe
O4 - HKLM\..\Run: [30973452.exe] C:\WINDOWS\System32\30973452.exe
O4 - HKLM\..\Run: [55895632.exe] C:\WINDOWS\System32\55895632.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [98638552.exe] C:\WINDOWS\System32\98638552.exe
O4 - HKLM\..\Run: [87144106.exe] C:\WINDOWS\System32\87144106.exe
O4 - HKLM\..\Run: [69781130.exe] C:\WINDOWS\System32\69781130.exe
O4 - HKLM\..\Run: [48072451.exe] C:\WINDOWS\System32\48072451.exe
O4 - HKLM\..\Run: [77169436.exe] C:\WINDOWS\System32\77169436.exe
O4 - HKLM\..\Run: [ngj] C:\WINDOWS\ngj.exe
O4 - HKLM\..\Run: [7fh9np2g] C:\WINDOWS\System32\7fh9np2g.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [51395815.exe] C:\WINDOWS\System32\51395815.exe
O4 - HKLM\..\Run: [58201235.exe] C:\WINDOWS\System32\58201235.exe
O4 - HKLM\..\Run: [30860537.exe] C:\WINDOWS\System32\30860537.exe
O4 - HKLM\..\Run: [26806277.exe] C:\WINDOWS\System32\26806277.exe
O4 - HKLM\..\Run: [62810915.exe] C:\WINDOWS\System32\62810915.exe
O4 - HKLM\..\Run: [54809206.exe] C:\WINDOWS\System32\54809206.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11EC003D-C1FA-4C18-AB6D-C5D1E6F281CE} - http://cab.accesorapido.com/webcams.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30a697dd11a9a9e...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121211595781
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9387B9E0-3DA2-436E-88E5-FA09AE3A48C0} (pup.setup) - http://www.lazychestnuts.net/0014/ph/pup.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
---------------------------------------------------------
-
Hey,neilsucks
Well as was said from the start did you remove these here
KAZAA
P2P Networking
Media Access
if no please goto Control Panel Add/Remove Programs &
Uninstall/Remove the 3 items above once you do that
do this here
Download/Save this zipped file a reporting tool
http://skads.org/special/rkfiles.zip
Unzip the files inside to a folder of its own.
It has to be ran in safe mode for it to work correctly.
safe mode: Instructions here
Open the folder and run the RKFILES.BAT, sit back and wait untill its finished, when
it is finaly finished a text will open. close it.
Make a log with hijackthis while still in safe mode.
Restart back to a normal windows session:
Post the text located here C:\Log.txt please and that hijackthis log made in safe mode.
HGD
