new hijackthis list for jmoney[inactive]

Unknown

Hey jmoney,

I tried to do what you asked but this machine is acting crazy man. Sometimes I can't do anything because of the ads poping up or freezing up.
So I tried to get the list the way you asked but it would not copy so I did a screen shot part 1 and part 2 so you see it all.
Hope this helps you so you can help me.

Thanks

jmoney3457

hi again track, I know your not doing this on purpose or anything but you keep creating multiple threads to avoid this..whenever you come back to the forums find this thread and click on reply..NOT start new thread/new thread..anyways, lets try this for uninstall list..download ccleaner from ->http://download.ccleaner.com/ccsetup134.exe then open it click tools>uninstall tab>save to text file>save then go and fine that text file copy/paste the contents in your next reply with a new hijack this! log

track master

jmoney3457 wrote:

hi again track, I know your not doing this on purpose or anything but you keep creating multiple threads to avoid this..whenever you come back to the forums find this thread and click on reply..NOT start new thread/new thread..anyways, lets try this for uninstall list..download ccleaner from ->http://download.ccleaner.com/ccsetup134.exe then open it click tools>uninstall tab>save to text file>save then go and fine that text file copy/paste the contents in your next reply with a new hijack this! log

Hi jmoney,

Sorry man this machine is so messed up it was the only way I could message you. Nothing is functioning the way it should. Any way here is the info :

v1.34.405
- Added cleaning for:
Visio 2003
AVG Anti-Spyware
CuteFTP 8.0 Pro/Home and 7.0 Home
Windows Live Toolbar
CA Anti-Virus
- Updated cleaning for:
Outlook 2003
TextPad 4
Quicktime Player
- Improved error handling when opening RegEdit.
- Fixed issue with Opera 9 classic installer.
- Updated installer routines.
- Issue scanner accuracy improvements.
- Updated Arabic, Serbian (Latin and Cyrillic), German
and French translations.
- Minor optimizations and tweaks.

v1.33.382
- Fixed a permissions problem where Issues would reappear
after being fixed.
- Main interface style changes.
- Fixed compatibility with Opera 9.
- Updated installer engine and icons.
- Added Slovak translation.
- Updated Albanian, German and Swedish translations.
- Minor performance tweaks.
- Minor bug fixes on older systems.

---

www.ccleaner.com

and here is the new hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 8:04:14 PM, on 11/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
D:\WINDOWS\system32\crypserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
D:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
D:\WINDOWS\next06.exe
D:\windows\system32\ondsregs.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
D:\WINDOWS\System32\rwinopem.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\CCleaner\ccleaner.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\System32\slimyqsc.exe
D:\Documents and Settings\Ira aka Urban\Shared\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [BookmarkCentral] D:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [InstantAccess] D:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] D:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [CaAvTray] "D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmnext06] D:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e33.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e33.exe
O4 - HKLM\..\Run: [ms058264910886] D:\WINDOWS\ms058264910886.exe
O4 - HKLM\..\Run: [{3F-FA-A9-99-ZN}] D:\windows\system32\ondsregs.exe ELT001
O4 - HKLM\..\Run: [ExploreUpdSched] D:\WINDOWS\System32\rwinopem.exe ELT001
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] D:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\RunServices: [RegisterDropHandler] D:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Chckup] D:\WINDOWS\System32\Netverchk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Startup: reminder-ScanSoft Product Registration.lnk = D:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
O4 - Startup: TA_Start.lnk = D:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = D:\WINDOWS\system32\rwinopem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = D:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - http://www.terp17.com/ax/axo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163224388780
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163224376249
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - ms-its:mhtml:file://c:\nesunew.mht!http://adsextend.net/zscript/winfix.chm::/SystemDoctor2006FreeInstall.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

jmoney3457

no problem but you posted the wrong log from ccleaner please post the uninstall list from my instructions in prev. post

track master

jmoney3457 wrote:

no problem but you posted the wrong log from ccleaner please post the uninstall list from my instructions in prev. post

Hi,

This is the list according to your instructions, tools, uninstall tap and then save then copy paste.


3D MP3 Sound Recorder 3.9.3
Ad-Aware SE Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Advanced Browser
Ares 1.8.1
Bookmark Express
CA eTrust PestPatrol
CCleaner (remove only)
CommAid
Enhanced Ads by Think-Adz removal
Enhanced Browser Overlay
eTrust EZ Antivirus
eTrust EZ Firewall
Flash Movie Player 1.4
HijackThis 1.99.1
hp deskjet 940c series (Remove only)
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
mIRC
Mozilla Firefox (1.5)
MySpaceIM
Nero 6 Ultra Edition
Pagis Pro 3.0
PrimaScan 2400 U Scanner Driver
QuickTime
Registry Cleaner Version 4.0
TextBridge Pro 9.0
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
WinRAR archiver
WinZip
XoftSpy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

jmoney3457

uninstall the following via add/remove, reboot post new HJT log..

1. Enhanced Ads by Think-Adz removal
2. Enhanced Browser Overlay

jmoney3457

While we appreciate that you may be busy, it has been 5 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead