Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Please help me remove simpli.com! Here is my hijack log
   
BullGuard Antivirus Forum > General Security > Spyware > Please help me remove simpli.com! Here is my hijack log  
Forum Quick Jump
 
New Topic Post reply to : Please help me remove simpli.com! Here is my hijack log Printable version of : Please help me remove simpli.com! Here is my hijack log
[ << Previous Thread | Next Thread >> ]

Hatter
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-24-2004 7:54 (GMT +1)    Quote: Please help me remove simpli.com! Here is my hijack logAlert an admin about: Please help me remove simpli.com! Here is my hijack log
Please help me get rid of Simpli.com fomr my computer! I've run adaware se and searchbot s&d and bhodemon
 
here is my hijackthis log:
 
Logfile of HijackThis v1.97.7
Scan saved at 2:51:27 PM, on 10/24/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
H:\Program Files\Atguard\iamserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\devldr32.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
H:\PROGRA~1\Atguard\iamapp.exe
I:\Program Files\Winamp\winampa.exe
H:\Program Files\Real\RealPlayer\RealPlay.exe
H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\CSBB\CSV7P070.exe
C:\WINNT\rivywk.exe
C:\Program Files\NaviSearch\bin\nls.exe
H:\Program Files\AIM95\aim.exe
H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\System32\ctfmon.exe
H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\System32\usbl1.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\WINNT\pgtaff.exe
H:\Program Files\KaZaA Lite\Kazaa.exe
H:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINNT\Explorer.exe
I:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Storage\Temp\mwavscan.com
D:\Storage\Temp\kavss.exe
h:\PROGRA~1\WinZip\winzip32.exe
D:\Storage\Temp\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] H:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "H:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [umwnec] C:\WINNT\System32\umwnec.exe
O4 - HKLM\..\Run: [Zlog] C:\WINNT\rivywk.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [xsmU3pe] usbl1.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [gB58RfK8T] pncpolcy.exe
O4 - HKCU\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
O4 - HKLM\..\RunOnce: [AAW] "H:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: RepliGo (HKLM)
O9 - Extra 'Tools' menuitem: RepliGo (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13599
  		   Posted 10-25-2004 9:45 (GMT +1)    Quote: Please help me remove simpli.com! Here is my hijack logAlert an admin about: Please help me remove simpli.com! Here is my hijack log
Hey Hattersmilewinkgrin
 
Download this scanner - mwav: http://home9.inet.tele.dk/le01/Sikkerhed.htm  Link nr 7
Activate all in settings, run it
 
Download newest Spybot Search and Destroy here : http://www.safer-networking.org/index.php?page=mirrors if it is not already installed on your computer
Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red
we need to configure Ad-aware SE for a full scan. Some of them should be enabled by default, while others you will need to set yourself (see below).
Click on the Gear icon (second from the left) to access the preferences/settings window
In the General window make sure the following are selected:
 Automatically save logfile
 Automatically quarantine objects prior to removal
 Safe Mode (always request confirmation)
Click on the Scanning button on the left and select :
 Scan within archives
 Scan active processes
 Scan registry
-Deep-scan registry
 Scan my IE Favorites for banned URLs
 Scan my Hosts file
Under Select drives & folders to scan, choose:
 Select all of your hard drives that are not selected already
Click on the Advanced button on the left and select:
 Include additional object information
Include negligible objects information
Include environment information
Click the Tweak button and select:
Under the Scanning Engine:
Unload recognized processes & modules during scan
Under the Cleaning Engine:Let Windows remove files in use at next reboot
Click on Proceed to save the settings.
Click Start and on the next screen choose:
 Use custom scanning options
Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
Save the log file when it asks and then click Finish.
When finished, mark everything for removal and get rid of it. (Right-click on any of the entries and choose Select All from the drop down menu and click Next).
Plug-Ins for Ad-Aware (VX2 Cleaner)
Download the free VX2 Cleaner here :  http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml

Close Ad-Aware SE build 1.04 and Ad-Watch (if running)
Install the VX2 Cleaner
Start Ad-Aware SE build 1.04
Go to “Plug-ins”
Select the VX2 Cleaner plug-in and click “Run Plugin”
If your computer isn’t infected, click “Close”.

If your computer is infected:

Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Cwshredder : http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
 
Unzip to own folder,check for updates if needed, close all other windows-Fix


Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp.
C:\Windows\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\  <<<This will delete your files in your internet cache--including cookies.
C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
Empty your "Recycle Bin"

There are usally a couple of files that you will not be able to delete..this is normal.

Download newer  Hijackthis
http://www.spychecker.com/program/hijackthis.html
 Reboot, then post a new HijackThis log and tell  how things are running

Touch
Back to Top
 

Hatter
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-25-2004 6:28 (GMT +1)    Quote: Please help me remove simpli.com! Here is my hijack logAlert an admin about: Please help me remove simpli.com! Here is my hijack log
thanks touch.
 
ok hows it look now. i did all the steps u indicated.  but it's still there. :(
also when i run the newer downloaded hijack this, it still runs 1.97.7
 
Logfile of HijackThis v1.97.7
Scan saved at 1:28:40 PM, on 10/25/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
H:\Program Files\Atguard\iamserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
H:\PROGRA~1\Atguard\iamapp.exe
I:\Program Files\Winamp\winampa.exe
H:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\ctfmon.exe
H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\CSBB\CSV7P070.exe
C:\WINNT\rivywk.exe
C:\WINNT\System32\usbl1.exe
H:\Program Files\AIM95\aim.exe
H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Storage\Temporary Internet Files\Temporary Internet Files\Temporary Internet Files\Content.IE5\NETJIXVH\HijackThis[1].exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] H:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "H:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [umwnec] C:\WINNT\System32\umwnec.exe
O4 - HKLM\..\Run: [Zlog] C:\WINNT\rivywk.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [xsmU3pe] usbl1.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: RepliGo (HKLM)
O9 - Extra 'Tools' menuitem: RepliGo (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
 

Post Edited (Hatter) : 10/25/2004 5:40:34 PM GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13599
  		   Posted 10-25-2004 7:19 (GMT +1)    Quote: Please help me remove simpli.com! Here is my hijack logAlert an admin about: Please help me remove simpli.com! Here is my hijack log
Now to next Step;-)
 
Scan with Hijacktis, close all other windows, put a checkmark to these, and fix:
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [umwnec] C:\WINNT\System32\umwnec.exe
O4 - HKLM\..\Run: [Zlog] C:\WINNT\rivywk.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [xsmU3pe] usbl1.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
O4 - HKCU\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
 
Show hidden files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339?Open&src=ent&docid=2002092514302348&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl

 
Reboot into Safe Mode (hit F8 key until menu shows up).
Find and delete:
C:\Program Files\CSBB\CSBB.DLL
C:\Program Files\CSBB\CSV7P070.exe
C:\WINNT\System32\umwnec.exe
C:\Program Files\NaviSearch\bin\nls.exe <<<Folder NaviSearch
C:\WINNT\System32\usbl1.exe
O4 - HKCU\..\Run: [pgtaff] C:\WINNT\pgtaff.exe

You´re right about Hijackthis. Get it here: Hijackthis: http://danborg.org/spy/HJT/hijackthis.exe

Reboot and post new log file

Touch
Back to Top
 

Hatter
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-25-2004 8:06 (GMT +1)    Quote: Please help me remove simpli.com! Here is my hijack logAlert an admin about: Please help me remove simpli.com! Here is my hijack log
thanks again. it looks like simpli is gone! tongue
I did those steps and deleted those files in safe mode with 2 exceptions.  I could not find any CSBB.DLL even with "show hidden files"  also there was no umwnec.exe but there was a umwnec.exe.mwt   which i deleted.
Here is my current hijack log
Logfile of HijackThis v1.98.2
Scan saved at 3:04:46 PM, on 10/25/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
H:\Program Files\Atguard\iamserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\System32\devldr32.exe
H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
H:\PROGRA~1\Atguard\iamapp.exe
I:\Program Files\Winamp\winampa.exe
H:\Program Files\Real\RealPlayer\RealPlay.exe
H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe
H:\Program Files\AIM95\aim.exe
H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\System32\ctfmon.exe
H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\ld6p53w8.slt\prefs.js)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] H:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] H:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "H:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "H:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "H:\Program Files\PPC\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "H:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: RepliGo - {9D3503C6-3AC8-4F3B-AAB8-C7285FD7E3F8} - H:\Program Files\PPC\Cerience\RepliGo\RepliGoPrintIE.dll
O9 - Extra 'Tools' menuitem: RepliGo - {9D3503C6-3AC8-4F3B-AAB8-C7285FD7E3F8} - H:\Program Files\PPC\Cerience\RepliGo\RepliGoPrintIE.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - H:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab


Back to Top
 
New Topic Post reply to : Please help me remove simpli.com! Here is my hijack log Printable version of : Please help me remove simpli.com! Here is my hijack log
 
Forum Information
Currently it is Friday, November 21, 2008 12:44 AM (GMT +1)
There are a total of 63.950 posts in 15.824 threads.
In the last 3 days there were 33 new threads and 166 reply posts. View Active Threads
Who's Online
This forum has 27181 registered members. Please welcome our newest member, DilbertCube.
37 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help please!!! (7)20-11-2008 23:03:58 (paytons place)
Win 32-trojan-gen (14)20-11-2008 22:20:55 (RAYJAY)
Generic Host processor for Win32 services (0)20-11-2008 21:28:28 (gio)
Trojan horse SHeur2.FO help :( (3)20-11-2008 21:23:39 (bizzaro)
Bullguard quits scanning after 6200 files (0)20-11-2008 19:59:07 (Ruud Smit)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard