Loans | Watch One Piece | Loans | Credit Card | Mortgage
Big job Nearly finished [Archive] - PCMech Forums
PDA

View Full Version : Big job Nearly finished

stigslim
07-09-2006, 05:05 AM
Hi peeps, i had a call from a family member with a connection problem so went round and did the normal program runs with plenty of luck.Got rid of loads of stuff and the conection is now back to normal, apart from the home page.I have ran highjack this but i am not sure what i can get rid of can i post it here for some help?
Just read the sticky, right i ran Adaware then spybot search and destroy and then spybot search and destroy.My appologies if there are a few things runnin in the background but the log comnes from over 100 miles away so i can't run it again just yet but any help would be great.Cheers


Logfile of HijackThis v1.99.1
Scan saved at 19:21:07, on 01/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ismon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tony\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c99 -w
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01D9F714-9C44-37F7-1B86-5F811A44C933} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01EB60BF-7886-7F8C-A734-32A401BAB05A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {031B712F-0C1E-6985-4CC2-22C145073E66} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {064DAA5C-4CE4-4AF9-DFC8-559878168148} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {06850438-E15A-7677-5D67-527F74AEDBA0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {06BE5B0A-4959-6387-466D-51624F4BC76D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {06DF4946-DA06-763C-45CE-6F2277150060} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0754E770-DB4E-6693-A944-633D453D13B9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {085BD64A-BD27-106B-7E79-314F16E93101} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {085DC5BB-7BB6-5E74-CBBB-63C82A7F2C1A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {092E688E-E499-7FC3-C4EB-2C932F04A8EF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0985EC33-8C7B-6FF7-7F21-646043EAE784} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0BC282D3-942A-3A59-7668-7D080DADA051} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0E0CB970-EE28-4EF2-1FC7-24356D0C8ABF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {112D79DC-3ACC-5F83-D537-11591B455554} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {11946802-A3F7-212F-01BA-6B737CFE55B7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {12E92AFE-A810-292E-FED2-35F21976B76D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {12FDBC11-D950-25FB-F935-39597769531F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {16363A7E-0914-62B7-DF21-5BBA2A3D1A9A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1681F3BA-7194-66B3-6B0B-66D04321EED3} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {16FA77E8-B1AF-320D-0C64-6632592C96D7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17268066-C843-7722-FE47-12721D5A6A4E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {177A8513-FA54-7890-284A-420002E41CD8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1838CFD9-128B-7C1F-0A82-2B5254D1FD08} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18811932-25A7-206E-5C01-3F2B2300ED37} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18C4092D-A0AF-044B-56CE-15980B50D53F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18D7B4E0-BBB2-410D-0066-7D1D7DA03F30} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1CB4D9C4-6027-5C90-CD0C-085E58A8093C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1FE2D92B-52B5-16B4-2FE3-21F97BB001AC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {20B019FC-A2F2-403F-88FA-268651B60D0D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {20BF2A3E-CA61-159D-733D-4234705A0E55} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {231B74DC-2510-15F0-82EE-08805BF14380} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {24505328-803A-4735-FCE3-3FE35F915062} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {26EE7125-75E0-0DE3-430F-23E41B172881} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2791ACF9-A469-68F4-9072-041000914735} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {280E0063-675A-3A0A-A80B-086554F79A86} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {296749FD-1F26-6495-69D5-4F020A7CDDA9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {29C1EFAD-8EEE-01DB-7280-61D336A1E42D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2BCA2F01-A110-6EF7-1BF5-4154334F075A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2D4D30B7-5F9F-6333-06D3-311E5E264176} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3134B57A-CDC5-2B74-2B73-097C7CEFC9AA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {327D1164-046D-4A43-F85A-057C702547D4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {3388D952-FE1B-49B3-E50E-70F624B4D480} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {34AE4BA6-3D30-25EC-1663-17B34077492D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {34BAC192-F7AE-66DA-FE2B-135454156484} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {392DBA83-EC8B-4FA3-B9CA-6A7730AEDBB4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C44A902-6319-1898-FCD0-25F6512BDE89} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3E3707D4-6F97-0991-423A-346A0587A05E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F90A3FD-57C4-3A0D-FECD-436D6F58CE89} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {41AFA830-FC0B-12F6-60EE-12981607F992} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {41DA59A0-7EAD-3FF6-4E74-034F122C7538} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {444E380E-707A-104D-224F-75955BC2B486} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {44E0DDCB-EF2C-6710-6AB5-5EED36201F1A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {459EACA0-6CEC-336B-1E0B-25FB4EA34AEB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {49224650-D148-7E8A-596C-23BE716248AE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {499466EC-96CE-684F-1933-1A3E2DCEDDE5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4A950B2F-CA95-3992-B04A-62E84575C80A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4F954B53-8B7E-542C-6F3F-0FAE05A92107} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5056025C-529E-5C77-D92C-2F0E223E07FB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5180AA8F-FD7E-3371-B2BC-00E50FFF6ADB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {52084798-A479-48D9-3306-60076D3EFF4D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5302331F-7A4F-597A-F15E-7D10474CCF27} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {532CA576-167C-0F62-7C22-58BB498643CE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {53581CAF-5E71-5DB5-E537-536A6C54927E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5511B766-BABF-3B5D-9D2B-06B920AAE076} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {56DE5475-917A-289B-F3A1-561D1B46C8A9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {589FFFC7-D09A-119D-BE3D-1D4F594F568E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E20245D-A8DD-6DA0-4182-63E32FBF4846} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {618F14B7-A6D8-0B4F-E97E-235C0B333195} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6247B55B-209B-487F-F9D0-5B12435B3EE9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149866028060
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {68715519-6ACA-6D0B-7D9A-50AD1EC0706E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {68F67902-A6BF-4385-45E6-189A70478FC5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6BAD8CA3-6C9F-6E8E-7470-540A53137A19} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6BD21288-4F00-6E63-BB43-37F3191F780F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6C755BA7-B5F3-15BE-FEDF-17BD7153C9B8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7103BD6B-F044-3641-2AB1-3FA973A3C77E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {712E1EBF-572A-616B-B579-71AC7B6B4D9D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7265E12A-BD74-1E69-CBEF-70416B90F440} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {72E3669C-DCE2-34D4-A435-4A1E149D2537} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {760DF277-4980-5A65-EDBD-5C927E2449D2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {78B749D6-212D-5D8F-3920-706E49970F33} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7A1E9A78-0119-67CB-B165-1D9137881F9F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7B5F22DD-245F-5F57-F7D3-1579161AC789} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7B6A60E2-77E2-4D81-3C01-1A8F51413DBF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7BCE7223-F577-51BE-5E1E-09186B8C7E2C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7EC1EF8B-7536-2782-4F7D-30B13A5978E1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F27DB69-10C0-4426-217A-1AB85DA288E1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F59C52F-BF46-28D5-8384-711C70997472} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F60DFAD-817E-29A7-297E-517A252D9D8F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA1BDA60-AD13-4DDD-A5BD-AC9E88DA137F}: NameServer = 80.225.252.58 80.225.252.50
O20 - AppInit_DLLs: C:\WINDOWS\System32\dexplore.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
glc
07-09-2006, 12:01 PM
1. Take care of these 2 issues:
http://www.spywarequake.org/
http://www.bleepingcomputer.com/startups/vbsys2.dll-12263.html

2. Get rid of the following:

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt1.dll
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h

Get rid of ALL the O16's.

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

3. Get an antivirus installed on there and USE IT.

4. Get SP2 on there, along with ALL critical updates.