ND-Dialer

Printable View

Show 40 post(s) from this thread on one page

September 12th, 2004, 07:34 PM
meeeeeee

Or if you want go ahead and post a fresh HijackTHis log here. I'll be tracking this topic now and will see your response - or come to SFDC and I'll see it there too. ;)

Although, with the exception of having you delete the MSN toolbar (which is not malware), helplesslyhopin has done a fine job of leading you here.

:)
September 12th, 2004, 07:49 PM
nihil

You might like to try SwatIT.

http://swatit.org/

It is very thorough, but does take a long time to run.

Cheers
September 14th, 2004, 09:51 PM
jkjohnson

I followed the previous advice and deleted quite a bit, a new log will follow. I also managed to delete two of four NV Dialer items from the registry. The other two would not allow deletion but when I restarted they were gone. Maybe just migrated or hiding. Two were in a software file labeled clearly "nv." These went easy. The other two were in HKey Users, unable to delete them I denied permissions. New log from Hijack this will follow. Thanks !
September 14th, 2004, 09:53 PM
jkjohnson

Logfile of HijackThis v1.97.7
Scan saved at 3:01:59 PM, on 9/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {38F46C0E-BD47-5BC8-875E-61557FAC7763} - C:\WINDOWS\System32\rncw.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {EA598486-E32E-4CAF-9D9C-79CC7D519718} - C:\WINDOWS\RPQEUMKVD.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://chat.msn.ca
September 15th, 2004, 12:14 AM
meeeeeee

Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

O2 - BHO: (no name) - {38F46C0E-BD47-5BC8-875E-61557FAC7763} - C:\WINDOWS\System32\rncw.dll
O2 - BHO: (no name) - {EA598486-E32E-4CAF-9D9C-79CC7D519718} - C:\WINDOWS\RPQEUMKVD.DLL

Other that those your log looks fine. Are you still having issues?
September 15th, 2004, 01:56 AM
jkjohnson

Fixed those with windows closed. Still having issues.
On reboot adminstrative user was not found so was logged in using "default" HKey User. seem to be a lot of entries in HKEY USERS including
Default\software\nv
S-1-5-18\software\nv
S-1-5-19\software\nv
S-1-5-20\software\nv
S-1-5-21\software\nv
Each has permissions giving total control. Some I deleted but left one. No. "18" Default came back. Can no longer acess mail in Outlook Express or web mail log-in. Probably protecting against downloads. I downloaded Swatit as 2 different kind of extracting files before mail slammed shut. Neither will open. Cheerio, though, ain't technology wonderful?
September 15th, 2004, 02:18 AM
meeeeeee

Well you have XP..... try a restore point?

Since you've been mucking about in the registry......

Did you back up the registry before beginning this?
September 15th, 2004, 08:30 PM
jkjohnson

Most problems are fixed. I regained control of everything for now mostly through use of Regclean, an excellent program. I deleted about 50 registry entries that had winad client in. The first day in a month that AVG did not find a virus to move to the virus vault. Its true I have been "mucking about" in the registry. I've been plagued for more than a year by this, it's do or die now. Either NV Dialer dies or the computer will. Might be time for a new computer anyhow.

Show 40 post(s) from this thread on one page