Internet Explorer 6

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi PC

I have the same problem as Ken, and have run similar virus software too
(Trend, Ad-Aware, AVG but i still get advertising pop-ups and unwanted
toolbars. Also my favourites have items that i cannot get rid of which i
think are linked to the virus can you help? Ive run the same Hijack This as
you recommended to Ken, Pls can you advise its driving me nuts!

Thanks

TJ
Logfile of HijackThis v1.99.1
Scan saved at 19:21:34, on 06/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Trish\LOCALS~1\Temp\Temporary Directory 1 for
HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.chabkesyrwuoizgid.info/ [...] cMpxS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.freewebs.com/keymate/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.club-vaio.sony-europe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {A56A1EE7-09A7-3DDE-1DF4-B64B5D9117FC} -
C:\DOCUME~1\Trish\APPLIC~1\OPTION~1\Two Soap.exe (file missing)
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Sony\Sony Style
Imaging\UploadTools\ZingSpooler.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe"
O4 - HKLM\..\Run: [Eggs seek okay mail] C:\Documents and Settings\All
Users\Application Data\Global Owns Eggs Seek\Fork Ball.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [send flaw]
C:\DOCUME~1\Trish\APPLIC~1\ERRORW~1\mealclock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program
Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.c [...] acscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.net/content.in [...] sSetup.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) -
http://www.sonystyle-imaging.com/e [...] 5,0,0,9090
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/tec [...] mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/tec [...] veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.co [...] _1_6_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thx PC,

I ran the hijack this prog again and fixed the line you told me to.

Ive have downloaded and run your two programs and will reboot now.

Do you know how i can get rid of the unwanted items in my Favourites
dropdown? Ive tried right hand clicking it which usually works for other
stuff, but it doesnt work. Ive also tried to delete through internet explorer.

Be back after my reboot,

Thx again for your help.

Trish
--
MissT


"pcbutts1" wrote:

> Hi Trish, you have some really strange entries in your log. Have hijackthis
> fix the following lines
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://www.chabkesyrwuoizgid.info/ [...] cMpxS.html
> O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
> O2 - BHO: (no name) - {A56A1EE7-09A7-3DDE-1DF4-B64B5D9117FC} -
> C:\DOCUME~1\Trish\APPLIC~1\OPTION~1\Two Soap.exe (file missing)
> O4 - HKLM\..\Run: [Eggs seek okay mail] C:\Documents and Settings\All
> Users\Application Data\Global Owns Eggs Seek\Fork Ball.exe
> O4 - HKCU\..\Run: [send flaw]
> C:\DOCUME~1\Trish\APPLIC~1\ERRORW~1\mealclock.exe
> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
> O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
>
> When done then Download, install, update and run all of the following.
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "TJ" <TJ@discussions.microsoft.com> wrote in message
> news:02AC0A1D-6502-4867-B12C-4CD96EFA3F10@microsoft.com...
> > Hi PC
> >
> > I have the same problem as Ken, and have run similar virus software too
> > (Trend, Ad-Aware, AVG but i still get advertising pop-ups and unwanted
> > toolbars. Also my favourites have items that i cannot get rid of which i
> > think are linked to the virus can you help? Ive run the same Hijack This
> > as
> > you recommended to Ken, Pls can you advise its driving me nuts!
> >
> > Thanks
> >
> > TJ
> > Logfile of HijackThis v1.99.1
> > Scan saved at 19:21:34, on 06/08/2005
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> >
>
>
>