Stucked with Spywares.. Pls help

vickymustdie · 16-06-2008, 12:25 PM

Hi Guys.....

Get stucked with my PC again....

I've cleared my entire system with ADAWARE and CCLEANER....

But when I surfing online ' i get lot of AD and everything goes wild pop up.

I can't see any other banners on any website except the Spyware banners that has effected on my machine.

Please help me... I'm really gone mad with my system...

Posting here the HIJACK THIS info
================================================== =======

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:46 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\System32\database.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\EXF9D6.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\vicky\Desktop\TAble.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.65.166.4:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;97.*;*.relianceada.com;*.reliancecapital.*;vo dimages.bigflicks.com, rental.bigflicks.com, kiosknew.bigflicks.com;<local>;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Progr am Files\System32\database.exe,
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Touchstone - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
O4 - HKLM\..\Run: [BM8bc837cc] Rundll32.exe "C:\WINDOWS\system32\vxqejdyn.dll",s
O4 - HKLM\..\Run: [88fb0450] rundll32.exe "C:\WINDOWS\system32\tyvagfag.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\vicky\Desktop\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\vicky\Desktop\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://intranet.reliancecapital.co.in
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
O17 - HKLM\Software\..\Telephony: DomainName = RELIANCECAPITAL.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{909DBE4F-B153-437C-AF95-155E9A733129}: NameServer = 10.65.166.2,202.138.96.2,202.138.100.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 9212 bytes

================================================== =======

crystal_pup · 16-06-2008, 12:51 PM

Hi Bro,

Can you please tell me wat exactly is Hijack this?

Cheers!!!

dheeraj_kumar · 16-06-2008, 01:44 PM

^^Google it. "HijackThis"
First, install nod32, spybot and run both.
Second, restart in safe mode, and do all these stuff...

C:\Program Files\System32\database.exe
delete
C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
delete
C:\WINDOWS\TEMP\EXF9D6.EXE
delete
C:\Documents and Settings\vicky\Desktop\TAble.exe
dunno what this is, if it something you ran, leave it. else delete.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.65.166.4:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;97.*;*.relianceada.com;*.reliancecapital.*;vo dimages.bigflicks.com, rental.bigflicks.com, kiosknew.bigflicks.com;<local>;*.local

reset all these stuff. that means, navigate to those registry values, make the values blank.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Progr am Files\System32\database.exe,
delete the line, using start->run "msconfig" and then delete the files specified by the line too.

O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
O4 - HKLM\..\Run: [BM8bc837cc] Rundll32.exe "C:\WINDOWS\system32\vxqejdyn.dll",s
O4 - HKLM\..\Run: [88fb0450] rundll32.exe "C:\WINDOWS\system32\tyvagfag.dll",b
delete the files, but dont delete rundll32.exe

O14 - IERESET.INF: START_PAGE_URL=http://intranet.reliancecapital.co.in
change this if you didnt set this. not really necessary but you might want to do it.

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
search for that thing within {} in registry, and delete

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
O17 - HKLM\Software\..\Telephony: DomainName = RELIANCECAPITAL.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{909DBE4F-B153-437C-AF95-155E9A733129}: NameServer = 10.65.166.2,202.138.96.2,202.138.100.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM
if you set these, fine, else, delete.

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
i dont like this... keep it if you like.
same for this too:
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
C:\Program Files\Kontiki\KService.exe

infra_red_dude · 16-06-2008, 01:54 PM

Suspicious items:

Quote:

Originally Posted by vickymustdie

C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\System32\database.exe
C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
C:\WINDOWS\TEMP\EXF9D6.EXE
C:\Documents and Settings\vicky\Desktop\TAble.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Progr am Files\System32\database.exe,
O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e
O4 - HKLM\..\Run: [BM8bc837cc] Rundll32.exe "C:\WINDOWS\system32\vxqejdyn.dll",s
O4 - HKLM\..\Run: [88fb0450] rundll32.exe "C:\WINDOWS\system32\tyvagfag.dll",b
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe

JackyB · 16-06-2008, 02:04 PM

hey
I'm using a couple of spyware programs that are both free
http://www.spywareterminator.com/
http://www.spybot.info/en/download/index.html
I use spywareterminator more often for a quick scan. When i first got it, it scanned my PC and found a lot of rubbish. Spybot is good, but i feel that it takes a lot of time to scan and slows my machine down a bit.

Hope you get rid of that spyware. I feel your pain

16-06-2008, 12:25 PM	#1 (permalink)
vickymustdie Right Off the Assembly Line Join Date: Mar 2004 Location: Mumbai Posts: 38	Stucked with Spywares.. Pls help Hi Guys..... Get stucked with my PC again.... I've cleared my entire system with ADAWARE and CCLEANER.... But when I surfing online ' i get lot of AD and everything goes wild pop up. I can't see any other banners on any website except the Spyware banners that has effected on my machine. Please help me... I'm really gone mad with my system... Posting here the HIJACK THIS info ================================================== ======= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:46 PM, on 6/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mnmsrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\System32\database.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\TEMP\EXF9D6.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\vicky\Desktop\TAble.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.65.166.4:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.;97.;.relianceada.com;.reliancecapital.;vo dimages.bigflicks.com, rental.bigflicks.com, kiosknew.bigflicks.com;<local>;.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Progr am Files\System32\database.exe, O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Touchstone - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e O4 - HKLM\..\Run: [BM8bc837cc] Rundll32.exe "C:\WINDOWS\system32\vxqejdyn.dll",s O4 - HKLM\..\Run: [88fb0450] rundll32.exe "C:\WINDOWS\system32\tyvagfag.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\vicky\Desktop\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\vicky\Desktop\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://intranet.reliancecapital.co.in O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM O17 - HKLM\Software\..\Telephony: DomainName = RELIANCECAPITAL.COM O17 - HKLM\System\CCS\Services\Tcpip\..\{909DBE4F-B153-437C-AF95-155E9A733129}: NameServer = 10.65.166.2,202.138.96.2,202.138.100.103 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 9212 bytes ================================================== ======= __________________ Vickymustdie..... Believe me, I\'m Improving.....

16-06-2008, 12:51 PM	#2 (permalink)
crystal_pup 101101 Join Date: Nov 2006 Location: 10110 Posts: 139	Re: Stucked with Spywares.. Pls help Hi Bro, Can you please tell me wat exactly is Hijack this? Cheers!!! __________________ Finding answers is simple, all you need to do is come up with the correct questions.

16-06-2008, 01:44 PM	#3 (permalink)
dheeraj_kumar Legen-wait for it-dary! Join Date: Dec 2004 Location: Chennai Posts: 2,471	Re: Stucked with Spywares.. Pls help ^^Google it. "HijackThis" First, install nod32, spybot and run both. Second, restart in safe mode, and do all these stuff... C:\Program Files\System32\database.exe delete C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e delete C:\WINDOWS\TEMP\EXF9D6.EXE delete C:\Documents and Settings\vicky\Desktop\TAble.exe dunno what this is, if it something you ran, leave it. else delete. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.65.166.4:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.;97.;.relianceada.com;.reliancecapital.;vo dimages.bigflicks.com, rental.bigflicks.com, kiosknew.bigflicks.com;<local>;.local reset all these stuff. that means, navigate to those registry values, make the values blank. F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Progr am Files\System32\database.exe, delete the line, using start->run "msconfig" and then delete the files specified by the line too. O4 - HKLM\..\Run: [winsystem] C:\Documents and Settings\Administrator\WINDOWS\system\winsystem.ex e O4 - HKLM\..\Run: [BM8bc837cc] Rundll32.exe "C:\WINDOWS\system32\vxqejdyn.dll",s O4 - HKLM\..\Run: [88fb0450] rundll32.exe "C:\WINDOWS\system32\tyvagfag.dll",b delete the files, but dont delete rundll32.exe O14 - IERESET.INF: START_PAGE_URL=http://intranet.reliancecapital.co.in change this if you didnt set this. not really necessary but you might want to do it. O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab search for that thing within {} in registry, and delete O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM O17 - HKLM\Software\..\Telephony: DomainName = RELIANCECAPITAL.COM O17 - HKLM\System\CCS\Services\Tcpip\..\{909DBE4F-B153-437C-AF95-155E9A733129}: NameServer = 10.65.166.2,202.138.96.2,202.138.100.103 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RELIANCECAPITAL.COM if you set these, fine, else, delete. O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe i dont like this... keep it if you like. same for this too: O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe C:\Program Files\Kontiki\KService.exe __________________ If the Start Windows Restart when Windows starts check box is checked Windows Restart will start automatically every time Windows is started. - Actual excerpt from a windows program help file

16-06-2008, 02:04 PM	#5 (permalink)
JackyB Right Off the Assembly Line Join Date: Jun 2008 Location: London Posts: 4	Re: Stucked with Spywares.. Pls help hey I'm using a couple of spyware programs that are both free http://www.spywareterminator.com/ http://www.spybot.info/en/download/index.html I use spywareterminator more often for a quick scan. When i first got it, it scanned my PC and found a lot of rubbish. Spybot is good, but i feel that it takes a lot of time to scan and slows my machine down a bit. Hope you get rid of that spyware. I feel your pain

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Downlaoding Stucked	VarDOS	Software Q&A	1	21-05-2008 01:48 PM
DOwnloading stucked................	swap_too_fast	Software Q&A	4	10-05-2008 04:11 PM
Spywares	dOm1naTOr	Software Q&A	7	01-10-2007 04:52 PM
Help me out i am stucked in this problem	anilmail17	QnA (read only)	28	11-03-2007 05:11 PM
Getting stucked with developing website - Please help	vickymustdie	Software Q&A	4	01-02-2006 12:38 PM