Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help ME PLEASE!


  • Please log in to reply
38 replies to this topic

#1 svenska24

svenska24

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 19 February 2005 - 03:46 PM

Someone Please Help Me. My homepage has been hijacked by about:blank. I have been trying to get rid of it myself but am having no luck. I am about to throw this BLANK out the window. I am not very good on the computer but I am very good at following directions. I have tried the ad-aware SE 1.05 when I run the scan everything seems to be going o.k. then it comes to the end and they show you the critical objects, I right click the window and click on check all, then I click proceed ( or whatever it says ) then it freezes on deleting objects. I thought it just took a long time but I waited over 30 min and it still said that. So I just closed the box and went to Internet explorer and there it was again ABOUT:BLANK. Please help me I am so close to tears. Was I suppose to buy the ad-aware?

BC AdBot (Login to Remove)

 


m

#2 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 20 February 2005 - 06:44 AM

Hi svenska24,

If your assumptions about what you have are correct then you have a nasty infection that will take some fixing but we can help you do that. You don't have to buy Ad-Aware SE, its free.

In order for us to help you we need to see a HijackThis log off your machine. Please follow this link http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/ and read the instructions and tutorial particularly in section :thumbsup: and submit a log here using the Add Reply button at the bottom of this thread. I will then respond to your post telling you how to proceed.

#3 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 20 February 2005 - 01:09 PM

Here is my HJT log. I Hope you can help. Thank You so much for even taking the time to look at this. It means alot to me.
Logfile of HijackThis v1.99.1
Scan saved at 12:48:00 PM, on 2/20/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\OPWARE32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.EXE
C:\WINDOWS\SYSTEM\SDKKZ32.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\opware16.exe
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKJOBS.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE 4.2.3\LIMEWIRE.EXE
C:\PROGRAM FILES\SPYCATCHER\SCHEDULER DAEMON.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKSLAPI.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKTOPASS.EXE
C:\WINDOWS\NTTD32.EXE
C:\WINDOWS\NTTD32.EXE
C:\WINDOWS\NETHC32.EXE
C:\WINDOWS\NTTD32.EXE
C:\WINDOWS\NETHC32.EXE
C:\WINDOWS\ADDYH.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\ADDYH.EXE
C:\WINDOWS\NETHC32.EXE
C:\WINDOWS\ADDYH.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {8D1F9E37-0A0E-42B8-D6EE-2A8A3257FE9F} - C:\WINDOWS\IEDT32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPID Scheduler] C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [SDKKZ32.EXE] C:\WINDOWS\SYSTEM\SDKKZ32.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~2\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [NETCI.EXE] C:\WINDOWS\SYSTEM\NETCI.EXE
O4 - HKLM\..\RunServices: [APPXR32.EXE] C:\WINDOWS\APPXR32.EXE
O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\NTTD32.EXE
O4 - HKLM\..\RunServices: [CRYM32.EXE] C:\WINDOWS\SYSTEM\CRYM32.EXE
O4 - HKLM\..\RunServices: [SDKVN.EXE] C:\WINDOWS\SDKVN.EXE
O4 - HKLM\..\RunServices: [APPMT32.EXE] C:\WINDOWS\APPMT32.EXE
O4 - HKLM\..\RunServices: [WINXS.EXE] C:\WINDOWS\WINXS.EXE
O4 - HKLM\..\RunServices: [APIGM32.EXE] C:\WINDOWS\APIGM32.EXE
O4 - HKLM\..\RunServices: [NETHC32.EXE] C:\WINDOWS\NETHC32.EXE
O4 - HKLM\..\RunServices: [ADDYH.EXE] C:\WINDOWS\ADDYH.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: PageKeeper Lite Jobs.lnk = C:\Program Files\Caere\PageKeepLite30\system\PKJobs.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} (IEObj Class) - http://fs.adelphia.freedom.net/software/dmx.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

#4 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 20 February 2005 - 05:17 PM

Hi svenska24,

There are a number of steps you need to take in order to clean your machine. Please carry out the steps in the order they are given. You may find it helpful to print these instructions out as you will not have access to the Internet whilst you are running in Safe mode. If you are unsure about any of the steps I have asked you to do then please ask before you start.
  • I notice that you are running LimeWire. This software provides a doorway for malware and I would recommend that your remove it. If you decide to follow my advice then please check any entries in your log that refer to that and have them removed when you run the HijackThis fix.

  • Download CWShredder from:CWShredder Download Site
    Save CWShredder.exe to a convenient location.
    Please don't run it just yet, we will do that later.

  • Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip.
    Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    Click "OK" at the prompt with instructions.
    Click "Update" and then "Check For Update" to begin the update process.
    If any updates exist please download them by clicking "Download Update".
    Don't run it yet we will use the program later in this process.

  • Download Ad-Aware from the following link Ad-Aware SE Personal 1.05 Install the software and from the opening page click on the Check for update now link. Install any updates that are available the close Ad-Aware. Full instructions for configuring and running Ad-Aware can be found here
    Don't run it now, we will do a full scan later.

  • Download System Security Suite here:
    System Security Suite Download & Tutorial. Unzip it to your desktop.
    Install the program. Don't use it yet.

  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
    How to see hidden files in Windows

  • Restart you machine in Safe Mode:
    • Reboot your computer
    • As the machine starts, continually tap the F8 key
    • You will then be presented with a menu screen
    • Use the the up/down arrow keys to select Safe Mode
    • Press the Enter key to boot in that mode.
  • Run HijackThis
    Click on the Scan button and when complete
    Put a check beside all of the items listed below
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaoek.dll/sp.html#12345
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {8D1F9E37-0A0E-42B8-D6EE-2A8A3257FE9F} - C:\WINDOWS\IEDT32.DLL
    O4 - HKLM\..\Run: [SDKKZ32.EXE] C:\WINDOWS\SYSTEM\SDKKZ32.EXE
    O4 - HKLM\..\RunServices: [NETCI.EXE] C:\WINDOWS\SYSTEM\NETCI.EXE
    O4 - HKLM\..\RunServices: [APPXR32.EXE] C:\WINDOWS\APPXR32.EXE
    O4 - HKLM\..\RunServices: [NTTD32.EXE] C:\WINDOWS\NTTD32.EXE
    O4 - HKLM\..\RunServices: [CRYM32.EXE] C:\WINDOWS\SYSTEM\CRYM32.EXE
    O4 - HKLM\..\RunServices: [SDKVN.EXE] C:\WINDOWS\SDKVN.EXE
    O4 - HKLM\..\RunServices: [APPMT32.EXE] C:\WINDOWS\APPMT32.EXE
    O4 - HKLM\..\RunServices: [WINXS.EXE] C:\WINDOWS\WINXS.EXE
    O4 - HKLM\..\RunServices: [APIGM32.EXE] C:\WINDOWS\APIGM32.EXE
    O4 - HKLM\..\RunServices: [NETHC32.EXE] C:\WINDOWS\NETHC32.EXE
    O4 - HKLM\..\RunServices: [ADDYH.EXE] C:\WINDOWS\ADDYH.EXE
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

    Close all open Explorer windows and browsers
    Click on the "Fix Checked" button
    When complete and all files removed, close the application.

  • Please delete the following files or folders (delete item in bold). Please do not be concerned if
    any of the items are not found as they may have been automatically removed by actions I had
    you take earlier in the cleaning process.C:\WINDOWS\system\yaoek.dll
    C:\WINDOWS\SYSTEM\SDKKZ32.EXE
    C:\WINDOWS\SYSTEM\NETCI.EXE
    C:\WINDOWS\APPXR32.EXE
    C:\WINDOWS\NTTD32.EXE
    C:\WINDOWS\SYSTEM\CRYM32.EXE
    C:\WINDOWS\SDKVN.EXE
    C:\WINDOWS\APPMT32.EXE
    C:\WINDOWS\WINXS.EXE
    C:\WINDOWS\APIGM32.EXE
    C:\WINDOWS\NETHC32.EXE
    C:\WINDOWS\ADDYH.EXE
  • Run the CWShredder program I had you download earlier
    Double-click on CWShredder.exe.
    Click "Fix ->" and click "OK" at the prompt.
    CWShredder will scan and clean your system of CWS files.
    Click "Next->" and then "Exit".

  • Run Ad-Aware, Click on the Start button, check the Perform full system scan radio button, Click on the Next button to start the scan. When the scan has finished it will list any infections that it finds. Right click on the screen and select all items, click next to remove the infected entries.

  • Now run the Aboutbuster program and save the log file.
    Browse to where you saved AboutBuster and double-click on AboutBuster.exe.
    Click OK at the directions prompt.
    Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
    Click Yes to allow it to shutdown explorer.exe.
    It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    When it has finished, click Save Log. Make sure you save it as I need a copy of it in your next log.

  • Close all windows and browsers that are open.
    Clean out Temporary Folders and Temporary Internet Files as follows:
    • Open the System Security Suite that I had you download earlier.
    • In the Items to Clear tab check:
      - Internet Explorer (left pane): Cookies & Temporary files
      - My Computer (right pane): Temporary files & Recycle Bin
    Click the Clear Selected Items button.
    Close the program.

  • Reboot your machine in normal mode.

  • This infection deletes the windows file, shell.dll.

    If you are using XP,2000, or NT please download shell.dll from here: shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

    %windir%\system32
    %windir%\system

    If you are using Windows 98*Grinler please download shell.dll from here: shell-dll98.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

    %windir%\system


    Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.


    If you have Spybot S&D installed you will also need to replace one file. Go here: SDHelper.zip and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button


    If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.


  • Please check Internet Explorer settings:
    Open Internet Explorer - > Tools -> Internet Options ... -> click the Security tab -> click Internet icon -> press the Custom Level ... button.
    Under ActiveX controls and plug-ins tick:
    - Download signed ActiveX controls - Prompt
    - Download unsigned ActiveX controls Disable
    - Initialize and script ActiveX controls not marked as safe Disable
    - Run ActiveX controls and plug-ins Enabled
    - Script ActiveX controls marked safe for scripting Prompt

  • I now need you to perform a Trendmicro full scan here: Trendmicro, check AutoClean and let it remove anything it finds.

  • Please reboot your machine in normal mode.
    Run HijackThis and post a new log here using the Add Reply button.
    Please include the Aboutbuster log with your Hijackthis log.


#5 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 21 February 2005 - 12:06 PM

I can not access the link you fowarded to me. when I try it takes me to a screen theat says account suspended contact billing/support. is there another link I can use?
Thanks again!

#6 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 21 February 2005 - 01:47 PM

Hi svenska24,

Sorry about that. I'm assuming it's the AboutBuster link that is faulty. Please try this one:
http://www.bleepingcomputer.com/files/aboutbuster.php

Let me know if you have any other problems.

#7 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 21 February 2005 - 02:12 PM

Hello again,
I tried that link and it brings me to a window that says "winzip not a free download" then there are three buttons on to buy one to evatuate one to register. I am I suppose to buy this?

#8 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 21 February 2005 - 02:19 PM

Hi svenska24,

I'm presuming that you have downloaded the .zip file and are trying to unzip it?
Unless you have special requirements most people use the evaluation copy, it just means that each time you open it you have to click use the evaluation copy but that's no hardship. So, use the to evatuate one.

#9 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 21 February 2005 - 04:36 PM

Hi It's me,
I am not sure how to copy files to a folder. also when I click on Trendmicro link there is no button saying autoclean. HELP!

#10 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 22 February 2005 - 03:36 AM

Hi svenska24,

Sorry I missed your post last night, I had to sign off early to do something else. To answer your two questions:
  • Copying Files from one location to another.
    The easiest way is to locate the file using Windows Explorer.
    Goto Start >>> Programs and Left Click on Windows Explorer
    Navigate to the Folder where you put the file you wish to copy.
    Right Click on the file and choose Copy from the dropdown menu.
    Now go to the folder where you want to put the copy of the file.
    Right Click on the folder name and choose Paste from the dropdown menu.

  • Trendmicro.
    Please try these instructions:
  • Vist the TrendMicro Housecall website.
  • Select your country from the drop-down list and click "Go".
  • Choose "Yes" at the ActiveX Security Warning prompt.
  • Please wait while the Housecall engine is updated.
  • Select the drives to be scanned by placing a check in their respective boxes.
  • Check the "Auto Clean" box.
  • Click "SCAN" in order to begin scanning your system.
  • Please be patient while Housecall scans your system for malicious files.
  • If not auto-cleaned, remove anything it finds.
  • Click "Close" to exit the Housecall scanner.
  • Choose "Yes" at the HouseCall message prompt.


#11 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 23 February 2005 - 06:34 AM

Hi Penmore,
It's me again... It has been a few days since I started trying to fix this machine. I have had to turn it off and restart it. Now it is having more problems than ever. It keeps frezing or saying I can't open a program because there is not enough memory or it says there is a system failure. What is going on ? Can I fix it? Let me know. thanks

#12 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 23 February 2005 - 08:15 AM

Hi svenska24,

The particular infection that you have sometimes takes two passes to totally remove it. It's possible if you haven't finished the file replacement in section 15, then that could be causing the problems. Please try to finish the file replacements in Step 15 if you were at that point. Can you let me know exactly where you are in the fixes and perhaps post a HijackThis log for me to look at.

#13 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 28 February 2005 - 09:07 AM

Hi Penmore,
My computer is so messed up right now that I can't even log on to the internet. When I click on internet explorer or any other program a window pops up saying there is not enough free memory and I should close some programs before I try again. The problem is I do not have any programs open (that I know of). I am writing to you from my computer at work. Do you have any ideas or should I just give up and throw it out the window?

#14 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:25 PM

Posted 28 February 2005 - 10:39 AM

Hi svenska24,

Please don't give up. I'm sure we can help you fix it and get back to normal running. It may take a few passes to do it but I'm certain we'll get there in the end. Let's try just taking a couple of steps at a time. I think the main thing we need to strive for is for you to be able to run HijackThis and post another log here for me so I can see exactly what is running on your machine. Lets try these things first and see if get your Internet Explorer working and accessing this forum.
  • Let's Restart you machine in Safe Mode:
    • Reboot if your your computer is already running or press the Power button to start it.
    • As the machine starts, continually tap the F8 key
    • You will then be presented with a menu screen
    • Use the the up/down arrow keys to select Safe Mode
    • Press the Enter key to boot in that mode.
    • Click OK when you get the diagnostic mode message.
  • Run HijackThis and Save a new log file to a floppy disk.

  • Lets clean out all the Temporary Internet files and Cookies.
    Open Internet Explorer (you don't need to connect to the Internet)
    On the top Menu bar click on Tools and you'll get a dropdown menu.
    Click on Internet Options and another window will open.
    In the center of the window under Temporary Internet Files click on the Delete Files button.
    Click on the box next to Delete all offline content, then click OK.
    This can take a time to run if you have a lot of files on your machine so let it finish.

  • Now let's delete the Cookies.
    Open Internet Explorer (you don't need to connect to the Internet)
    On the top Menu bar click on Tools and you'll get a dropdown menu.
    Click on Internet Options and another window will open.
    In the Temporary Internet Files section click on the Delete Cookies button.
    Click OK to delete all the Cookies in the temporary internet files folder.
    Close Internet Explorer when it has finished deleting the cookies.

  • Reboot your machine in normal mode.
    If you can access the Internet then run HijackThis and post a fresh log here for review.
    If you are still unable to access the Internet then post the log I had you make earlier when you are at work.

    Thanks,
    Peter


#15 svenska24

svenska24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Gloucester, MA
  • Local time:03:25 PM

Posted 02 March 2005 - 09:46 AM

Hi Peter,
I couldn't open my internet explorer or any other program after I cleaned out the temp. files and cookies so I am using the computer at work again. This is the hijackthis log from my computer at home.
I can't thank you enough for helping me.
Elin

Logfile of HijackThis v1.99.1
Scan saved at 5:16:25 PM, on 3/1/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awqbl.dll/sp.html#12345
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EADD9E0C-9113-CB46-3928-F4B61B059971} - C:\WINDOWS\ATLHW.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPID Scheduler] C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~2\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [SDKKZ32.EXE] C:\WINDOWS\SYSTEM\SDKKZ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [CRAB32.EXE] C:\WINDOWS\CRAB32.EXE
O4 - HKLM\..\RunServices: [WINDR32.EXE] C:\WINDOWS\WINDR32.EXE
O4 - HKLM\..\RunServices: [SYSEU.EXE] C:\WINDOWS\SYSEU.EXE
O4 - HKLM\..\RunServices: [IERF.EXE] C:\WINDOWS\IERF.EXE
O4 - HKLM\..\RunServices: [IPYH.EXE] C:\WINDOWS\SYSTEM\IPYH.EXE
O4 - HKLM\..\RunServices: [ATLII32.EXE] C:\WINDOWS\SYSTEM\ATLII32.EXE
O4 - HKLM\..\RunServices: [NTHR32.EXE] C:\WINDOWS\SYSTEM\NTHR32.EXE
O4 - HKLM\..\RunServices: [CRPN.EXE] C:\WINDOWS\CRPN.EXE
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\IPKX32.EXE
O4 - HKLM\..\RunServices: [APINZ.EXE] C:\WINDOWS\APINZ.EXE
O4 - HKLM\..\RunServices: [WINQB.EXE] C:\WINDOWS\WINQB.EXE
O4 - HKLM\..\RunServices: [APPKS.EXE] C:\WINDOWS\APPKS.EXE
O4 - HKLM\..\RunServices: [D3PO.EXE] C:\WINDOWS\SYSTEM\D3PO.EXE
O4 - HKLM\..\RunServices: [NETCG.EXE] C:\WINDOWS\NETCG.EXE
O4 - HKLM\..\RunServices: [IPTK.EXE] C:\WINDOWS\SYSTEM\IPTK.EXE
O4 - HKLM\..\RunServices: [CRVD.EXE] C:\WINDOWS\SYSTEM\CRVD.EXE
O4 - HKLM\..\RunServices: [WINDC.EXE] C:\WINDOWS\SYSTEM\WINDC.EXE
O4 - HKLM\..\RunServices: [IPYO.EXE] C:\WINDOWS\IPYO.EXE
O4 - HKLM\..\RunServices: [APPWH.EXE] C:\WINDOWS\SYSTEM\APPWH.EXE
O4 - HKLM\..\RunServices: [MFCEY.EXE] C:\WINDOWS\SYSTEM\MFCEY.EXE
O4 - HKLM\..\RunServices: [ATLAX32.EXE] C:\WINDOWS\ATLAX32.EXE
O4 - HKLM\..\RunServices: [APPCD32.EXE] C:\WINDOWS\APPCD32.EXE
O4 - HKLM\..\RunServices: [D3DN.EXE] C:\WINDOWS\SYSTEM\D3DN.EXE
O4 - HKLM\..\RunServices: [ATLMV.EXE] C:\WINDOWS\ATLMV.EXE
O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\SYSTEM\NTAV32.EXE
O4 - HKLM\..\RunServices: [D3HB.EXE] C:\WINDOWS\SYSTEM\D3HB.EXE
O4 - HKLM\..\RunServices: [APIMI32.EXE] C:\WINDOWS\APIMI32.EXE
O4 - HKLM\..\RunServices: [NETYB.EXE] C:\WINDOWS\SYSTEM\NETYB.EXE
O4 - HKLM\..\RunServices: [SDKIW32.EXE] C:\WINDOWS\SYSTEM\SDKIW32.EXE
O4 - HKLM\..\RunServices: [IPFD32.EXE] C:\WINDOWS\IPFD32.EXE
O4 - HKLM\..\RunServices: [SDKGS.EXE] C:\WINDOWS\SDKGS.EXE
O4 - HKLM\..\RunServices: [IEMI.EXE] C:\WINDOWS\SYSTEM\IEMI.EXE
O4 - HKLM\..\RunServices: [APIVC32.EXE] C:\WINDOWS\SYSTEM\APIVC32.EXE
O4 - HKLM\..\RunServices: [ATLPK.EXE] C:\WINDOWS\ATLPK.EXE
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE
O4 - HKLM\..\RunServices: [JAVANL.EXE] C:\WINDOWS\SYSTEM\JAVANL.EXE
O4 - HKLM\..\RunServices: [JAVAPH.EXE] C:\WINDOWS\JAVAPH.EXE
O4 - HKLM\..\RunServices: [IPCY.EXE] C:\WINDOWS\IPCY.EXE
O4 - HKLM\..\RunServices: [MFCHI32.EXE] C:\WINDOWS\SYSTEM\MFCHI32.EXE
O4 - HKLM\..\RunServices: [NTXN32.EXE] C:\WINDOWS\NTXN32.EXE
O4 - HKLM\..\RunServices: [NTZR.EXE] C:\WINDOWS\NTZR.EXE
O4 - HKLM\..\RunServices: [SDKFO32.EXE] C:\WINDOWS\SYSTEM\SDKFO32.EXE
O4 - HKLM\..\RunServices: [APIFN.EXE] C:\WINDOWS\SYSTEM\APIFN.EXE
O4 - HKLM\..\RunServices: [MFCDA32.EXE] C:\WINDOWS\SYSTEM\MFCDA32.EXE
O4 - HKLM\..\RunServices: [WINQS32.EXE] C:\WINDOWS\SYSTEM\WINQS32.EXE
O4 - HKLM\..\RunServices: [IPEP.EXE] C:\WINDOWS\SYSTEM\IPEP.EXE
O4 - HKLM\..\RunServices: [CRXS32.EXE] C:\WINDOWS\CRXS32.EXE
O4 - HKLM\..\RunServices: [MSRB32.EXE] C:\WINDOWS\SYSTEM\MSRB32.EXE
O4 - HKLM\..\RunServices: [IPJM.EXE] C:\WINDOWS\SYSTEM\IPJM.EXE
O4 - HKLM\..\RunServices: [ADDWJ32.EXE] C:\WINDOWS\SYSTEM\ADDWJ32.EXE
O4 - HKLM\..\RunServices: [APIYU32.EXE] C:\WINDOWS\SYSTEM\APIYU32.EXE
O4 - HKLM\..\RunServices: [ADDXF.EXE] C:\WINDOWS\ADDXF.EXE
O4 - HKLM\..\RunServices: [SYSOY32.EXE] C:\WINDOWS\SYSTEM\SYSOY32.EXE
O4 - HKLM\..\RunServices: [MSCR32.EXE] C:\WINDOWS\SYSTEM\MSCR32.EXE
O4 - HKLM\..\RunServices: [NETHA32.EXE] C:\WINDOWS\NETHA32.EXE
O4 - HKLM\..\RunServices: [JAVAOW32.EXE] C:\WINDOWS\SYSTEM\JAVAOW32.EXE
O4 - HKLM\..\RunServices: [CRRW32.EXE] C:\WINDOWS\SYSTEM\CRRW32.EXE
O4 - HKLM\..\RunServices: [NETJR32.EXE] C:\WINDOWS\SYSTEM\NETJR32.EXE
O4 - HKLM\..\RunServices: [APPJD.EXE] C:\WINDOWS\SYSTEM\APPJD.EXE
O4 - HKLM\..\RunServices: [CRFD.EXE] C:\WINDOWS\SYSTEM\CRFD.EXE
O4 - HKLM\..\RunServices: [IPQO.EXE] C:\WINDOWS\IPQO.EXE
O4 - HKLM\..\RunServices: [NETOF.EXE] C:\WINDOWS\NETOF.EXE
O4 - HKLM\..\RunServices: [APPZG.EXE] C:\WINDOWS\SYSTEM\APPZG.EXE
O4 - HKLM\..\RunServices: [MFCSC.EXE] C:\WINDOWS\SYSTEM\MFCSC.EXE
O4 - HKLM\..\RunServices: [MFCCY.EXE] C:\WINDOWS\SYSTEM\MFCCY.EXE
O4 - HKLM\..\RunServices: [MFCQU.EXE] C:\WINDOWS\SYSTEM\MFCQU.EXE
O4 - HKLM\..\RunServices: [APPXM.EXE] C:\WINDOWS\SYSTEM\APPXM.EXE
O4 - HKLM\..\RunServices: [D3YV32.EXE] C:\WINDOWS\D3YV32.EXE
O4 - HKLM\..\RunServices: [ATLBZ32.EXE] C:\WINDOWS\SYSTEM\ATLBZ32.EXE
O4 - HKLM\..\RunServices: [NTIX32.EXE] C:\WINDOWS\SYSTEM\NTIX32.EXE
O4 - HKLM\..\RunServices: [MFCJS.EXE] C:\WINDOWS\SYSTEM\MFCJS.EXE
O4 - HKLM\..\RunServices: [CRKM32.EXE] C:\WINDOWS\SYSTEM\CRKM32.EXE
O4 - HKLM\..\RunServices: [D3GP32.EXE] C:\WINDOWS\SYSTEM\D3GP32.EXE
O4 - HKLM\..\RunServices: [ADDYO.EXE] C:\WINDOWS\ADDYO.EXE
O4 - HKLM\..\RunServices: [APIBW32.EXE] C:\WINDOWS\APIBW32.EXE
O4 - HKLM\..\RunServices: [SDKWD.EXE] C:\WINDOWS\SYSTEM\SDKWD.EXE
O4 - HKLM\..\RunServices: [D3KD.EXE] C:\WINDOWS\D3KD.EXE
O4 - HKLM\..\RunServices: [SDKNB.EXE] C:\WINDOWS\SYSTEM\SDKNB.EXE
O4 - HKLM\..\RunServices: [APIWW32.EXE] C:\WINDOWS\SYSTEM\APIWW32.EXE
O4 - HKLM\..\RunServices: [NETDW32.EXE] C:\WINDOWS\NETDW32.EXE
O4 - HKLM\..\RunServices: [ATLKB.EXE] C:\WINDOWS\ATLKB.EXE
O4 - HKLM\..\RunServices: [APPTA.EXE] C:\WINDOWS\SYSTEM\APPTA.EXE
O4 - HKLM\..\RunServices: [SDKXH32.EXE] C:\WINDOWS\SDKXH32.EXE
O4 - HKLM\..\RunServices: [SDKJK32.EXE] C:\WINDOWS\SDKJK32.EXE
O4 - HKLM\..\RunServices: [D3ZS.EXE] C:\WINDOWS\D3ZS.EXE
O4 - HKLM\..\RunServices: [IPKZ32.EXE] C:\WINDOWS\SYSTEM\IPKZ32.EXE
O4 - HKLM\..\RunServices: [ADDGF32.EXE] C:\WINDOWS\ADDGF32.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: PageKeeper Lite Jobs.lnk = C:\Program Files\Caere\PageKeepLite30\system\PKJobs.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} (IEObj Class) - http://fs.adelphia.freedom.net/software/dmx.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Edited by svenska24, 02 March 2005 - 09:47 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users