Results 1 to 6 of 6

Thread: Unspypc

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    3

    Default Unspypc

    I though I had got rid of it but every day its back on the computer the only thing it does is sends me to a web site selling something.

    I used spybot and adware and fixwareout and I thought it was fixed but it came back can somebody please help.

    Fixwareout ver 1.003
    Last edited march/15/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    "dmvgh.exe"=-
    ...

    PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    Search by size and names...
    * csr.exe C:\WINDOWS\System32\CSNGF.EXE
    * csr.exe C:\WINDOWS\System32\CSSRA.EXE

    Misc files

    Checking for older varients covered by the Rem3 tool


    Logfile of HijackThis v1.99.1
    Scan saved at 8:42:25 PM, on 4/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\goober\Desktop\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...ztoP9rllre6Xdj
    R3 - URLSearchHook: (no name) - {28ABC87C-F7D2-071D-23EB-31E73CFF6C9A} - driver64.dll (file missing)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [panel_its] TemplateDongle.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ftbar] WinInitDll.exe
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [TorontoMail] SysEntry.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LOPTCON] gabber.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [cmon14] prcmon.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
    O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interac...ctXInstall.cab
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\GAMES\WebDriverFullInstall.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E1673A-3B41-4788-B08B-1DCA9DC335C1}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2CA23BEF-DBB5-4C1A-AA90-66C8D62458A9}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{42A62D5E-7C68-4FE9-B68B-36B16F3712AE}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75EA2C97-623C-4DF7-8EA5-44549BA40BC0}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9D7FEFB-CAB2-4BC8-B741-C772FAC8578E}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7BFAA95-68F9-4BD8-A6AB-40F9DE99AD22}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CAF3D5-A987-4B4C-BEE1-23F976092052}: NameServer = 85.255.115.58,85.255.112.116
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Unknown owner - C:\Program Files\Radialpoint\Freedom\fws.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome to the forum

    Start Hijackthis and place a check next to these items If there.
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...ztoP9rllre6Xdj
    R3 - URLSearchHook: (no name) - {28ABC87C-F7D2-071D-23EB-31E73CFF6C9A} - driver64.dll (file missing)
    O4 - HKLM\..\Run: [ftbar] WinInitDll.exe
    O4 - HKCU\..\Run: [TorontoMail] SysEntry.exe
    O4 - HKCU\..\Run: [LOPTCON] gabber.exe
    O4 - HKCU\..\Run: [cmon14] prcmon.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E1673A-3B41-4788-B08B-1DCA9DC335C1}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2CA23BEF-DBB5-4C1A-AA90-66C8D62458A9}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{42A62D5E-7C68-4FE9-B68B-36B16F3712AE}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75EA2C97-623C-4DF7-8EA5-44549BA40BC0}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9D7FEFB-CAB2-4BC8-B741-C772FAC8578E}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7BFAA95-68F9-4BD8-A6AB-40F9DE99AD22}: NameServer = 85.255.115.58,85.255.112.116
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8CAF3D5-A987-4B4C-BEE1-23F976092052}: NameServer = 85.255.115.58,85.255.112.116
    ====================================
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Manualy delete these files
    C:\WINDOWS\System32\CSNGF.EXE
    C:\WINDOWS\System32\CSSRA.EXE
    Your antivirus might delete when you get close to them, thats fine.
    Note:
    If You have connection problems or those 017's ~ 85.255.115.58,85.255.112.116, return >
    Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
    In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
    Press OK twice to get out of the properties screen and reboot if it asks.
    That option might not be avaiable one some systems

    Post a fresh hijackthis log please, be sure to mention any current problems.

    Post a report from this tool if any FILES show
    F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
    Click the i accept button near the bottom of that page.
    Download and run blacklite click > scan then > next, next again then exit
    there will be a new txt near blacklite. post it please.
    Important: If any files show Do not rename them YET.....legitimate files can be listed.

  3. #3
    Junior Member
    Join Date
    Apr 2006
    Posts
    3

    Default

    Black light found nothing but I will post it anyways.

    04/08/06 16:40:50 [Info]: BlackLight Engine 1.0.35 initialized
    04/08/06 16:40:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    04/08/06 16:40:50 [Note]: 7019 4
    04/08/06 16:40:50 [Note]: 7005 0
    04/08/06 16:40:53 [Note]: 7006 0
    04/08/06 16:40:53 [Note]: 7011 816
    04/08/06 16:40:53 [Note]: 7026 0
    04/08/06 16:40:54 [Note]: 7026 0
    04/08/06 16:40:54 [Note]: FSRAW library version 1.7.1015
    04/08/06 16:42:19 [Note]: 7007 0

    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:20 PM, on 4/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RioMSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\goober\Desktop\New Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [panel_its] TemplateDongle.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
    O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interac...ctXInstall.cab
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\GAMES\WebDriverFullInstall.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Unknown owner - C:\Program Files\Radialpoint\Freedom\fws.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

    I'm Not having anymore problems for now anyways.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Good

    Scan with hijackthis and fix this
    O4 - HKLM\..\Run: [panel_its] TemplateDongle.exe
    ===============

    Post back in a few days and let us know if there are still no problems, in the meantime >
    Put in place a good hosts file
    http://www.mvps.org/winhelp2002/hosts.htm
    How To Download and Extract the HOSTS file:
    http://www.mvps.org/winhelp2002/hosts2.htm
    Replace it about once monthly to keep it updated

    To help avoid reinfection see "So how did I get infected in the first place?"
    http://forums.spybot.info/showthread.php?t=279

  5. #5
    Junior Member
    Join Date
    Apr 2006
    Posts
    3

    Default

    There are no problems. Thanks for the help.

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im Glad we could help
    Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

    If you should need to post another log for the same PC let Me or Tashi know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •