Options
Problem with www.lop.com
i have problem with www.lop.com can somebody check my log please?
Logfile of HijackThis v1.98.2
Scan saved at 11:20:38 AM, on 9/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\forboo.exe
C:\WINDOWS\System32\SysDebug.exe
C:\WINDOWS\System32\sys32snd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\xpcd.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\sound32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Louise\My Documents\My Received Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iqqvtetttpmj.com/Bae/q1VXpD7wXquBDKWB8CzcF/0aOl/C2Ar8kyagAdTc2sWWTE3ZM67zoG9Bz1vx.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5FB01F5E-C4FA-AB65-528B-074F9E55AEE8} - C:\PROGRA~1\WAVEMA~1\mediarect.exe
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [deejay] forboo.exe
O4 - HKLM\..\Run: [Auto updat] SysDebug.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\njmfp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Microsoft Sound Driver] sound32.exe
O4 - HKLM\..\Run: [readme roam trust regs] C:\Documents and Settings\All Users\Application Data\Gramsetupreadmeroam\Show Load.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [deejay] forboo.exe
O4 - HKLM\..\RunServices: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Microsoft Sound Driver] sound32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [deejay] forboo.exe
O4 - HKLM\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [deejay] forboo.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Sound Driver] sound32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [deejay] forboo.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096304442515
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
Thank you so much, your help is very much appreciated...
Logfile of HijackThis v1.98.2
Scan saved at 11:20:38 AM, on 9/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\forboo.exe
C:\WINDOWS\System32\SysDebug.exe
C:\WINDOWS\System32\sys32snd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\xpcd.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\sound32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Louise\My Documents\My Received Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iqqvtetttpmj.com/Bae/q1VXpD7wXquBDKWB8CzcF/0aOl/C2Ar8kyagAdTc2sWWTE3ZM67zoG9Bz1vx.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5FB01F5E-C4FA-AB65-528B-074F9E55AEE8} - C:\PROGRA~1\WAVEMA~1\mediarect.exe
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [deejay] forboo.exe
O4 - HKLM\..\Run: [Auto updat] SysDebug.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\njmfp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Microsoft Sound Driver] sound32.exe
O4 - HKLM\..\Run: [readme roam trust regs] C:\Documents and Settings\All Users\Application Data\Gramsetupreadmeroam\Show Load.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [deejay] forboo.exe
O4 - HKLM\..\RunServices: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Microsoft Sound Driver] sound32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [deejay] forboo.exe
O4 - HKLM\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [deejay] forboo.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Sound Driver] sound32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [deejay] forboo.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096304442515
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
Thank you so much, your help is very much appreciated...
0
Comments
Before doing the following, please Set your computer to show hidden files and folders, Disable System Restore, and Reboot in Safe Mode.
Once you have done that, Run HijackThis and have it fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iqqvtetttpmj.com/Bae/q1V...67zoG9Bz1vx.htm
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5FB01F5E-C4FA-AB65-528B-074F9E55AEE8} - C:\PROGRA~1\WAVEMA~1\mediarect.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [deejay] forboo.exe
O4 - HKLM\..\Run: [Auto updat] SysDebug.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\njmfp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [readme roam trust regs] C:\Documents and Settings\All Users\Application Data\Gramsetupreadmeroam\Show Load.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [deejay] forboo.exe
O4 - HKLM\..\RunServices: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [Microsoft Sound Driver] sound32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [deejay] forboo.exe
O4 - HKLM\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [deejay] forboo.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunOnce: [deejay] forboo.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Auto updat] SysDebug.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
Then find and locate the files listed above and Quarentine Them.
Once you have done that, reboot, scan with HiijackThis again, and post a new log.