Thread: anyone else getting this weird virus?...HELP
View Single Post
Old Sep 2, 2004 | 08:40 PM
  #1  
FLAT_LINER's Avatar
FLAT_LINER
Ridin Dirty
 
Joined: May 2002
Posts: 3,839
Likes: 0
From: Charlotte,NC
Default anyone else getting this weird virus?...HELP
ok i have some weird ass internet optimizer thing downloaded somehow and its sending me to other sites by itself and i also have a couple of trojan horses that just came up to from this

ad aware doesnt work and neither does AVG


here is my log thingy......what can i get rid of?

Logfile of HijackThis v1.98.2
Scan saved at 12:38:57 AM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\EarthLink 5.0\updatemgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\ZLH.EXE
C:\WINDOWS\SYSCFG16.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\aimsgr.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\Winad Client\Winad.exe
C:\Program Files\Winad Client\WinClt.exe
C:\program files\instant messenger\aim.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\StompSoft\Virus X-terminator\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\NYMSE.EXE
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\NIP.EXE
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\NJEEVES.EXE
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\nvcoas.exe
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\nipsvc.exe
C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\cclaw.exe
C:\Documents and Settings\Trey cauley\Application Data\ttuh.exe
C:\WINDOWS\System32\zssw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Trey cauley\Local Settings\Temporary Internet Files\Content.IE5\QNUB25U3\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.honda-acura.net/forums
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/mor...on/search.html
O2 - BHO: (no name) - {3CDA3E2A-941C-2B96-D673-605505DB2035} - C:\WINDOWS\System32\bih.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [UpdateMgr.exe] "C:\Program Files\EarthLink 5.0\updatemgr.exe" /NOCM
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\STOMPSOFT\VIRUS X-TERMINATOR\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\TREYCA~1\LOCALS~1\Temp\djtopr1150.exe "
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IM] c:\program files\instant messenger\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\program files\instant messenger\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Trey cauley\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ntgl] C:\WINDOWS\System32\zssw.exe
O4 - Global Startup: EarthLink ToolBar 5.0.lnk = C:\Program Files\EarthLink 5.0\etoolbar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\instant messenger\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...45bc6f8b5fbb1c
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab





i greatly appreciate it
Reply
0