Pop-up Hell HJT log
-
Pop-up Hell HJT log
Y'all have helped me before, but I can't seem to shake this pop-up problem. Any additional help would be greatly appreciated:
Logfile of HijackThis v1.99.1
Scan saved at 9:18:41 AM, on 7/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\jnrbao.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\cdplayer.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b8 78837b768a788c84
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [exp] C:\WINNT\system32\exp
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\jnrbao.exe reg_run
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosxxx.mht!http://filesharingaccess.com/script/...:/ysb_mp3x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
-
Hello,jgetman & Welcome
Please do this for me lit it clean anything it finds then show
us new logfile.
ewido online scanner beta
http://www.ewido.net/en/onlinescan/
again lit it clean anything it finds but lit us
know what if anything it did find.
HGD 
-
Thanks for your help! Here's the Ewido report (it could not remove all of the infections, apparently):
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Spyware.Cookie.Hypertracker
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@hypertracker[2].txt
Risk: Medium
Name: Spyware.Cookie.Abetterinternet
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@abetterintern et[2].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@atdmt[2].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ehg-nestleusainc.hitbox[1].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ehg-j2.hitbox[1].txt
Risk: Medium
Name: Spyware.Cookie.Valueclick
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@valueclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ehg-dig.hitbox[1].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@hitbox[2].txt
Risk: Medium
Name: Spyware.Cookie.Mediaplex
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@mediaplex[1].txt
Risk: Medium
Name: Spyware.Cookie.Questionmarket
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@questionmarke t[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@e-2dj6wjmykld5kdo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@2o7[1].txt
Risk: Medium
Name: Spyware.Cookie.247realmedia
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@247realmedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@tribalfusion[1].txt
Risk: Medium
Name: Spyware.Cookie.Addynamix
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ads.addynamix[1].txt
Risk: Medium
Name: Spyware.Cookie.Adjuggler
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@rotator.adjug gler[1].txt
Risk: Medium
Name: Spyware.Cookie.Coremetrics
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@data.coremetr ics[1].txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@trafficmp[1].txt
Risk: Medium
Name: Spyware.Cookie.Burstnet
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@www.burstnet[1].txt
Risk: Medium
Name: Spyware.Cookie.Burstnet
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@burstnet[2].txt
Risk: Medium
Name: Spyware.Cookie.Findwhat
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@findwhat[1].txt
Risk: Medium
Name: Spyware.Cookie.Revenue
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@revenue[2].txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@fastclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Trafic
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@trafic[1].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ehg-buytelco.hitbox[1].txt
Risk: Medium
Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@bluestreak[1].txt
Risk: Medium
Name: Spyware.Cookie.Specificclick
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@adopt.specifi cclick[2].txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@as-us.falkag[1].txt
Risk: Medium
Name: Spyware.Cookie.Adserver
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@z1.adserver[1].txt
Risk: Medium
Name: Spyware.Cookie.Pointroll
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ads.pointroll[2].txt
Risk: Medium
Name: Spyware.Cookie.Liveperson
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@sales.liveper son[2].txt
Risk: Medium
Name: Spyware.Cookie.Hitbox
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ehg-linensource.hitbox[1].txt
Risk: Medium
Name: Spyware.Cookie.Overture
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@perf.overture[1].txt
Risk: Medium
Name: Spyware.Cookie.Centrport
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@centrport[2].txt
Risk: Medium
Name: Spyware.Cookie.Spylog
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@spylog[2].txt
Risk: Medium
Name: Spyware.Cookie.Targetnet
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@targetnet[1].txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@ad.yieldmanag er[1].txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@advertising[2].txt
Risk: Medium
Name: Spyware.Cookie.Bfast
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@bfast[2].txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@servedby.adve rtising[1].txt
Risk: Medium
Name: Spyware.Cookie.Webtrendslive
Path: C:\Documents and Settings\tlanglois\Cookies\tlanglois@statse.webtre ndslive[2].txt
Risk: Medium
Name: TrojanDownloader.Qoologic.n
Path: [864] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [940] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [964] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [980] C:\WINNT\system32\jnrbao.exe
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [1000] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [1032] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [1052] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: [1096] C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\WINNT\system32\puakb.dat
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\WINNT\system32\jnrbao.exe
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\WINNT\system32\janao.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\WINNT\system32\dsghjll.dll
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\WINNT\system32\banmroo.exe
Risk: High
Name: TrojanDownloader.Apropo.ae
Path: C:\WINNT\system32\cxtpls_loader.exe
Risk: High
Name: TrojanDownloader.Qoologic.n
Path: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\naki.exe
Risk: High
Name: Spyware.Downloadware
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\nsh_104.exe
Risk: High
Name: Spyware.Downloadware
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\nsh_105.exe
Risk: High
Name: Spyware.Downloadware
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\nsh_113.exe
Risk: High
Name: Spyware.Downloadware
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\nsh_118.exe
Risk: High
Name: Spyware.Downloadware
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\nsh_115.exe
Risk: High
Name: Spyware.180Solutions
Path: C:\Documents and Settings\tlanglois\Local Settings\Temp\res13.tmp
Risk: High
Name: TrojanDownloader.Small.asf
Path: C:\Documents and Settings\tlanglois\Local Settings\Temporary Internet Files\Content.IE5\0DCR4NKZ\stubinstaller5041[1].ex_
Risk: High
-
Hi,jgetman
Nice work here is what i want you to do now
first download these progs here
Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
& this one here
Download CCleaner HERE and install it.
Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.
Then open it and select the items you wish to clean up.
In the Windows Tab:
I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
Then click the "Run Cleaner" button
now once you run the CCleaner do this here
Make sure you can view hidden and system files: Instructions here
Then Boot to safe mode: Instructions here
Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
Once in Safe Mode, please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINNT\system32\dsghjll.dll
C:\WINNT\system32\jnrbao.exe
C:\WINNT\system32\puakb.dat
C:\WINNT\system32\jnrbao.exe
C:\WINNT\system32\janao.dll
C:\WINNT\system32\banmroo.exe
C:\WINNT\system32\cxtpls_loader.exe
naki.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
once then do a reboot show us new logfile & any feedback you think
we need to know please.
HGD 
-
Okay - I did the deed. Killbox couldn't find any of the files you listed.
Here's the new HJT log - and thanks!
Logfile of HijackThis v1.99.1
Scan saved at 7:19:30 PM, on 7/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b8 78837b768a788c84
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [exp] C:\WINNT\system32\exp
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\jnrbao.exe reg_run
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosxxx.mht!http://filesharingaccess.com/script/...:/ysb_mp3x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
-
Hi,jgetman
Ok i have tried all i can to kill this file it will not go
so we will go after it using the Registry but not sure
if you know how to work with the Reg is have a look here
http://support.microsoft.com/default...;en-us;Q322755
the file we want to kill here is this one
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
reg_run
%SYSTEM%\Systen.exe
and delete it if it exists.
Close the registry editor.
so have a look at that link but please make a backup
of Registry before you remove anything at all
that file is a bad Trojan file we need to kill it
then & only after it is gone we need to right away
change all passwords you have used do not change
any passwords now it will not help.
HGD
