popups and programs that wont delete.. (hijackthis log)
-
popups and programs that wont delete.. (hijackthis log)
hello there, i have been having problems with my pc out of the blue recently, its the usual pop-ups (altho since my last computer i have been very carefull about what and were i download things) the main problem seems to be a program called E-ngryPlus.exe 
i have tried deleting this using varius programs but as im a noob in this area i have had no luck. here is my hijackthis log file any help would be great 
Logfile of HijackThis v1.99.1
Scan saved at 01:54:02, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\ICROSO~1.NET\notepad.exe
C:\Program Files\??stem32\r?gsvr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\E-nrgyPlus\trackurl.exe
C:\DOCUME~1\MRSJON~1\LOCALS~1\Temp\Del41.tmp
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MRSJON~1\LOCALS~1\Temp\Rar$EX00.141\Hi jackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demonoid.com/torrents
O2 - BHO: (no name) - {28142307-A9A3-E553-E13D-EBB58822DCFF} - blank (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Pnem] "C:\WINDOWS\ICROSO~1.NET\notepad.exe" -vt mt
O4 - HKCU\..\Run: [Nvemkhz] C:\Program Files\??stem32\r?gsvr32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - http://69.50.173.166/1/rdgGB2404.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1041542538640
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: winxyl32 - C:\WINDOWS\SYSTEM32\winxyl32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
-
Please disable the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.
Disable SpySweeper - Open it, Click Options over on the left, then Program options
- Uncheck load at windows startup.
- Over to the left, Click shields and Uncheck all there.
- Uncheck home page shield.
- Uncheck automatically restore default without notification.
- Exit Spysweeper.
Spybot Search & Destroy (Teatimer)
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner: - When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
- If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.
-
thank you for the quick reply 
i did exactly what you said and here is the next report,
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 06:08:27, 09/03/2006
+ Report-Checksum: B0E1044A
+ Scan result:
[720] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
[968] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1068] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1204] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1328] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1484] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1768] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1936] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe -> Trojan.Dialer.is : Cleaned with backup
[1948] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[124] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[188] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[2320] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[940] C:\WINDOWS\TEMP\win67.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Cookies\mrs jones@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Cookies\mrs jones@e-2dj6wjl4ggcjwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Desktop\Access Members Area.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\04UFH8JF\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\04UFH8JF\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\N0SNJHTW\mvlsbin2[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\N0SNJHTW\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\R4GZFXS8\rdgGB2404[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\R4GZFXS8\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1177238915-884357618-725345543-1004\Dc2.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\S-1-5-21-1177238915-884357618-725345543-1004\Dc3.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Temp\win51.tmp -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win51.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win56.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win67.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win78.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
::Report End
-
Please do an online scan (scan only tool) with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard) - Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Post your latest HijackThis log, please and tell us how your PC is now doing.
