Ad Delivery....

From software to hardware, breakthough to disaster, it all belongs here!

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

Hey everyone,

I have some add delivery thing on my comp I can't seem to get rid of, I ran Spy Bot S&D and Adaware SE and neither could find it....Updated fully, and AVG cant find it...so I ran Hijack This and heres the log...what should i get rid of?

Code: Select all

Logfile of HijackThis v1.97.7
Scan saved at 7:42:34 PM, on 12/2/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Red XIII\Application Data\adop.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\d?dplay.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\WinMX\WinMX.exe
C:\Documents and Settings\Red XIII\My Documents\patches & programs\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {18A96528-9247-0DC0-8755-115505877518} - C:\WINDOWS\System32\pdr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [yKy] C:\documents and settings\red xiii\local settings\temp\yKy.exe
O4 - HKLM\..\Run: [XW] c:\documents and settings\red xiii\local settings\temp\XW.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spoolss] C:\WINDOWS\System32\spoolss.exe
O4 - HKCU\..\Run: [Rriu] C:\Documents and Settings\Red XIII\Application Data\adop.exe
O4 - HKCU\..\Run: [Usnirn] C:\WINDOWS\System32\d?dplay.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
Top
User avatar
TheModfather
Know-It-All
Know-It-All
Posts: 177
Joined: Mon Aug 09, 2004 5:48 pm
Location: Lanc's UK

If no-one knows, try here http://www.mytechsupport.ca

I had to register,but they helped me get rid of a virus............they are really helpful,look for the post by JonnyBoy on the 3rd page.
Image
Top
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

I'll keep that in mind, thanks Mod, but I already got rid of it...went through my registry deleting a whole bunch of ***** :lol:
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
Top
User avatar
TheModfather
Know-It-All
Know-It-All
Posts: 177
Joined: Mon Aug 09, 2004 5:48 pm
Location: Lanc's UK

Was it the 09 extra buttons that you deleted Red?

Try housecall.trendmicro.com in the future for a free scan,a very thourough* scan indeed!

*dodgy spelling
Image
Top
quicksilver
Helpful Hands
Helpful Hands
Posts: 1926
Joined: Mon Mar 22, 2004 12:12 am

Only thing I saw on his sheet was the counter .cab thats a java beastie that causes trouble,although anything in windows system with an .exe is to be googled . :)
Top
User avatar
TheModfather
Know-It-All
Know-It-All
Posts: 177
Joined: Mon Aug 09, 2004 5:48 pm
Location: Lanc's UK

Hmm,it was the java beastie that i had? I was trying to remove the Downloader Holica B virus and ran a scan at http://www.trendmicro.com and saw i had 42 files infected all to do with Java? All gone now :)
Image
Top
Post Reply

Return to “Computers”