showed hidden folders.... rebooted, found that file
C:\windows\system32\winvyc32.exe
Attempted to delete it and get the "it cannot be deleted... in use or blah blah... I looked in task manager, and it's not running... so I dunno!!
Also, right after reboot, loads of popups
"Maybe this world is another planet's Hell." - Aldous Huxley (1894-1963)
"Never interrupt your enemy when he is making a mistake."
- Napoleon Bonaparte (1769-1821)
"Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes
and weighs 30 tons, computers in the future may have only 1,000
vaccuum tubes and perhaps weigh 1.5 tons."
- Unknown
"The difference between pornography and erotica is lighting."
- Gloria Leonard
after the reboot you should be able to delete the file.
post a fresh log please.
Last edited by dopey; 10-30-2004 at 04:46 AM.
Here ya go Dopey
Logfile of HijackThis v1.98.2
Scan saved at 12:30:28 AM, on 10/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/game...ts/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot7_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CE229C-FF06-48BF-ABC7-748B51F98AE5}: NameServer = "deleted"
O17 - HKLM\System\CCS\Services\Tcpip\..\{D945202A-B822-4633-B241-0F39A6AF89A5}: NameServer = "deleted"
"Maybe this world is another planet's Hell." - Aldous Huxley (1894-1963)
"Never interrupt your enemy when he is making a mistake."
- Napoleon Bonaparte (1769-1821)
"Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes
and weighs 30 tons, computers in the future may have only 1,000
vaccuum tubes and perhaps weigh 1.5 tons."
- Unknown
"The difference between pornography and erotica is lighting."
- Gloria Leonard
Reboot into Safe Mode, run HJT again, tick & fix these items, then delete the file C:\windows\system32\winvyc32.exe and the folder c:\program files\partypoker\.Originally Posted by musicmaster
Then reboot and post a fresh HJT log.
if your font size is this small i'll add you to my ignore list because you're wasting my time, OK?
Poster
Just a little side advice...i would not delete the following entries...i am asuming that you play poker via the net through the site www.partypoker.com which is a legit site...
c:\program files\partypoker\
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
Last edited by Mullyman; 10-30-2004 at 01:01 PM.
DEMO'S WORLD
Knowledge And Wisdom Are Gained By Listening And Observing And Knowing When To Keep Your Fucking Mouth Shut!!!!
Thanks Mully.... I wasnt planning on deleting Party Poker... as I am on their site as I am typing this... playing a game. Umm... smurfette, you be soooooo cute!!! Add galoot the the idjit ... it makes it more "Warner Bros. Sexier" !!!!
Thanks for the advice you guys/girls... I will see if this all works... but I am still getting popups llike mad.... searchtoools /adshits and whoknowswhat
Its so annoying!!!! And, they still display with IE and I dont friggin use IE anymore. Maybe I should take screen shots of the popups so you all can see what I am talkin' bout.
Anyway, I will do that on my next post if I remember.
Cheers.
"Maybe this world is another planet's Hell." - Aldous Huxley (1894-1963)
"Never interrupt your enemy when he is making a mistake."
- Napoleon Bonaparte (1769-1821)
"Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes
and weighs 30 tons, computers in the future may have only 1,000
vaccuum tubes and perhaps weigh 1.5 tons."
- Unknown
"The difference between pornography and erotica is lighting."
- Gloria Leonard
Alright, I finally was able to delete that file, and I shall let ya all know if I have any more of those problems as stated earlier. Thanks for the help.
"Maybe this world is another planet's Hell." - Aldous Huxley (1894-1963)
"Never interrupt your enemy when he is making a mistake."
- Napoleon Bonaparte (1769-1821)
"Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes
and weighs 30 tons, computers in the future may have only 1,000
vaccuum tubes and perhaps weigh 1.5 tons."
- Unknown
"The difference between pornography and erotica is lighting."
- Gloria Leonard
That's as maybe, but if the user doesn't use IE, is there any point having that stuff installed?
EDIT: oh, just realised about the program files folder... I didn't think that web page games needed actual programs installed on your PC.
Last edited by Smurfette; 10-31-2004 at 10:02 AM.
if your font size is this small i'll add you to my ignore list because you're wasting my time, OK?
woowoo
And take screenshots.Alright, I finally was able to delete that file, and I shall let ya all know if I have any more of those problems as stated earlier. Thanks for the help.
Smoke weed everyday
Do you use O&O defrag? that would explain the ooto.exe
http://forums.majorgeeks.com/showthread.php?t=38752
I'd get rid of those nasty number 17's too
Posting Permissions
Reply With Quote
Bookmarks