Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » popups and programs that wont delete.. (hijackthis log)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

popups and programs that wont delete.. (hijackthis log)

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 09-03-2006, 02:56 AM
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 2
federal_extension Is a beginner here at D-A-L
Arrow popups and programs that wont delete.. (hijackthis log)
hello there, i have been having problems with my pc out of the blue recently, its the usual pop-ups (altho since my last computer i have been very carefull about what and were i download things) the main problem seems to be a program called E-ngryPlus.exe i have tried deleting this using varius programs but as im a noob in this area i have had no luck. here is my hijackthis log file any help would be great


Logfile of HijackThis v1.99.1
Scan saved at 01:54:02, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\ICROSO~1.NET\notepad.exe
C:\Program Files\??stem32\r?gsvr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\E-nrgyPlus\trackurl.exe
C:\DOCUME~1\MRSJON~1\LOCALS~1\Temp\Del41.tmp
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MRSJON~1\LOCALS~1\Temp\Rar$EX00.141\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demonoid.com/torrents
O2 - BHO: (no name) - {28142307-A9A3-E553-E13D-EBB58822DCFF} - blank (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Pnem] "C:\WINDOWS\ICROSO~1.NET\notepad.exe" -vt mt
O4 - HKCU\..\Run: [Nvemkhz] C:\Program Files\??stem32\r?gsvr32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - http://69.50.173.166/1/rdgGB2404.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1041542538640
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: winxyl32 - C:\WINDOWS\SYSTEM32\winxyl32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-03-2006, 05:05 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: popups and programs that wont delete.. (hijackthis log)
Please disable the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.


Disable SpySweeper
  1. Open it, Click Options over on the left, then Program options
  2. Uncheck load at windows startup.
  3. Over to the left, Click shields and Uncheck all there.
  4. Uncheck home page shield.
  5. Uncheck automatically restore default without notification.
  6. Exit Spysweeper.


Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.



Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 09-03-2006, 07:10 AM
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 2
federal_extension Is a beginner here at D-A-L
Re: popups and programs that wont delete.. (hijackthis log)
thank you for the quick reply i did exactly what you said and here is the next report,


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 06:08:27, 09/03/2006
+ Report-Checksum: B0E1044A

+ Scan result:

[720] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
[968] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1068] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1204] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1328] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1484] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1768] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[1936] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe -> Trojan.Dialer.is : Cleaned with backup
[1948] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[124] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[188] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[2320] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning
[940] C:\WINDOWS\TEMP\win67.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Cookies\mrs jones@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Cookies\mrs jones@e-2dj6wjl4ggcjwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Desktop\Access Members Area.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\04UFH8JF\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\04UFH8JF\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\N0SNJHTW\mvlsbin2[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\N0SNJHTW\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\R4GZFXS8\rdgGB2404[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mrs Jones\Local Settings\Temporary Internet Files\Content.IE5\R4GZFXS8\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1177238915-884357618-725345543-1004\Dc2.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\S-1-5-21-1177238915-884357618-725345543-1004\Dc3.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Temp\win51.tmp -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win51.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win56.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win67.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win78.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 09-03-2006, 04:09 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: popups and programs that wont delete.. (hijackthis log)
Please do an online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      - Extended (if available otherwise Standard)
    • Scan Options:
      - Scan Archives
      - Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Post your latest HijackThis log, please and tell us how your PC is now doing.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan on PC-wont delete Lyken Spyware, Adware, Viruses and HijackThis Logs 2 25-06-2007 09:43 PM
Folder and subfolders wont delete (access denied) Majin Windows XP Help 9 22-04-2007 04:39 AM
Ways to Delete Programs? Justin Windows XP Help 1 14-11-2006 05:48 AM
anoying folder wont delete..? marty3 Windows XP Help 15 04-02-2006 02:57 AM
Programs wont open coreycore02 Spyware, Adware, Viruses and HijackThis Logs 7 13-08-2005 01:16 PM


All times are GMT +1. The time now is 01:06 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav