New dialler etc?

Discussion in 'Computer Support' started by mickey, Sep 5, 2004.

  1. mickey

    mickey Guest

    Hi guys, (Mike in particular), you tried to help me last week with a dialler
    that had appeared in my system and I followed all advice but the thing kept
    reappearing. It is called WW14 and it disconnects me but cannot reconnect
    (possibly because I am using Broadband) but it causes problems. Anyway, when
    I booted up this morning, four icons had appeared I think from some Casino
    programme and I now have an additional tool bar, search bar etc on my home
    page. Actually, my homepage had disappeared and I had to resetablish it! I
    did a "hijack this" and here's the resulting log...can you help me please,
    Mickey

    Logfile of HijackThis v1.97.7
    Scan saved at 10:40:26, on 05/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\gsicon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\dslagent.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\INTRIG~1\pcbodyguard.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\eugene harron\Desktop\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.apvwgomjqik.com/nsKRvUqBj3Wbaz/vzYKRRB/QIuhkKAmmFXC9z5dm1enOVDnuKjU4YiBr03Le/deV.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program
    Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {55A7E255-4477-E514-7EF9-FE9B2973CC18} -
    C:\PROGRA~1\MEDIAP~1\BOOB JOY.exe
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] c:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [hf] C:\Documents and Settings\eugene harron\Desktop\Misc
    photos\HideFolders\hf.exe /s
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus
    C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe
    /startup
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
    3\MsgPlus.exe"
    O4 - HKLM\..\Run: [hidesoftware] C:\PROGRA~1\THUNKP~1\AnteDownload.exe
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKLM\..\Run: [Cash pile fast help] C:\Documents and Settings\All
    Users\Application Data\Antebiascashpile\Fast Info.exe
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft
    Money\System\mnyexpr.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
    Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Corel Network monitor worker (HKLM)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Corel Network monitor worker (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet
    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
    http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/11c77350f4071dbc4723/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    http://www3.ca.com/threatinfo/virusinfo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
    http://static.photobox.co.uk/sg/common/uploader.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
    http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{7FBFA1B5-F474-4775-A932-479D55908293}:
    NameServer = 194.74.65.69 194.72.9.34
     
    mickey, Sep 5, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Willk

    Simple ISDN dialler

    Willk, Sep 29, 2004, in forum: Cisco
    Replies:
    4
    Views:
    543
    Willk
    Sep 29, 2004
  2. Alexander Scott Hamilton

    BT Dialler pos up

    Alexander Scott Hamilton, Aug 25, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    534
    Boomer
    Aug 25, 2003
  3. miss calm

    double dialler problem

    miss calm, Sep 11, 2003, in forum: Computer Support
    Replies:
    18
    Views:
    684
    °Mike°
    Sep 12, 2003
  4. Colin Hamilton

    Virus in Dialler

    Colin Hamilton, Jan 26, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    497
    Boomer
    Jan 26, 2004
  5. Mark Canavan

    Tesco Dialler problems

    Mark Canavan, May 9, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    761
    °Mike°
    May 10, 2004
Loading...

Share This Page