Home > General > HJT624339

HJT624339

Your cache administrator is webmaster. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

HJT624339 Started by Ian Weston , Jul 19 2005 08:31 AM This topic is locked 7 replies to this topic #1 Ian Weston Ian Weston Members 6 posts OFFLINE Gender:Male Your cache administrator is webmaster.

Take care Ian Weston Back to top #8 JG427 JG427 Members 241 posts OFFLINE Local time:07:25 PM Posted 29 July 2005 - 09:33 PM Glad we could help. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: &RoboForm - I seem to have injested some more infection including one of the originals. Please try the request again.

The system returned: (22) Invalid argument The remote host or network may be down. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - Inc. - C:\WINDOWS\system32\YPcservice.exe Edited by OldTimer, 23 July 2005 - 09:32 PM. Your cache administrator is webmaster.

Ian W Incident Status Location Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fastvideoplayer.inf Adware:adware/wupd No disinfected C:\PROGRAM FILES\Windows ControlAd Adware:adware/beginto No disinfected HKEY_CURRENT_USER\EEENNN Virus:HackTool/Gendel.A No disinfected C:\gendel32.exe Back to top #6 BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Generated Wed, 25 Jan 2017 00:24:55 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.5/ Connection As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - Inc. - C:\WINDOWS\system32\YPcservice.exe Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 JG427 JG427 Members 241 posts OFFLINE Local time:07:25 PM Posted 21 July Please try the request again. The culprits are called KillWindow2.exe and they are each using about 33% of CPU usage.

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - I shall try to remove them while I await your response. Help\bin\mpbtn.exeC:\Program Files\Nikon\NkView6\NkvMon.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\PROGRA~1\Yahoo!\browser\YBrowser.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Hijackthis\HijackThis.exeC:\Program Files\Messenger\msmsgs.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.http://btyahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window I did carry out a virus check using Panda Active Scan and it informs me that I have two infected files as follows:Virus: HackTool/Gendel.AVirus: W32/Sasser.ftp3.

and type in the box: cleanmgr. Please find below fresh Hijackthis as requested. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. It was very welcome and I shall make a donation to the cause to show my appreciation.

Help\bin\matcli.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Office10\OSA.EXEO4 - Global Startup: NkvMon.exe.lnk Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List If we have ever helped you in the past, please consider helping us. Please try the request again.

Back to top #7 Ian Weston Ian Weston Topic Starter Members 6 posts OFFLINE Gender:Male Location:North Cornwall Local time:07:25 PM Posted 28 July 2005 - 12:53 PM I have removed Please note that although I found and removed all entries I could not find following files despite following instructions:C:WINDOWS\system32\dllcon.exeC:\WINDOWS\system32\lexplore.exe2. If you create a new topic the helper will not be informed that you have replied and multiple people will be working on the same log. Includes real time protection to monitor changes to your system and provides the option for you to allow or block the change.IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Please help.Logfile of HijackThis v1.99.1Scan saved at 14:10:45, on 20/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton A case like this could easily cost hundreds of thousands of dollars.

Your cache administrator is webmaster.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: &RoboForm - Right click the My Computer icon, click on Properties.Click on the System Restore tab.Put a check mark next to 'Turn off System Restore on All Drives'.Click the 'OK' button.You will be Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Help.lnk = C:\Program Files\BT Yahoo!

Please try the request again. Help.lnk = C:\Program Files\BT Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BT Yahoo! BroadbandO2 - BHO: Yahoo!

Back to top #4 JG427 JG427 Members 241 posts OFFLINE Local time:07:25 PM Posted 24 July 2005 - 12:14 PM I should have mentioned that the files listed for removal Help\SmartBridge\BTHelpNotifier.exeC:\WINDOWS\system32\sstray.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Dad\Desktop\FreeRAM\FreeRAM XP Pro 1.40.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeE:\Program Files\iolo\System Mechanic 4\SMUtilityBar.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Nikon\NkView6\NkvMon.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\BT Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - Everyone else, please start a new topic.

Click Yes.Repeat the steps except remove the checkmark at 'Turn off System Restore on All Drives'.This will create a clean restore point.Clean out temporary and TIF files. When I looked in Windows Task Manager I noticed that my CPU was at 100% usage. I am very grateful for your assistance.Ian WestonLogfile of HijackThis v1.99.1Scan saved at 16:03:25, on 23/07/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Generated Wed, 25 Jan 2017 00:24:55 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection

To learn more and to read the lawsuit, click here. The system returned: (22) Invalid argument The remote host or network may be down. The culprits are called KillWindow2.exe and they are each using about 33% of CPU usage. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

Thank you very much for your assistance and invaluable advice. Help\SmartBridge\BTHelpNotifier.exeC:\WINDOWS\system32\sstray.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Dad\Desktop\FreeRAM\FreeRAM XP Pro 1.40.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeE:\Program Files\iolo\System Mechanic 4\SMUtilityBar.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\BT Yahoo! Regarding the general running I have had no recurrence of the initial Killer problems which was takinh up all of the CPU processing power. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BT Yahoo! Make sure these 3 are checked and then press *ok* to remove:Temporary FilesTemporary Internet FilesRecycle BinRepeat the panda scan and copy the results.Paste the panda results into your next reply.Remember to Your cache administrator is webmaster. The system returned: (22) Invalid argument The remote host or network may be down.

Register now! Click here to Register a free account now! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: &RoboForm - Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 -