Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • This topic is locked This topic is locked
11 replies to this topic

#1 FdjC

FdjC

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 21 July 2004 - 02:05 PM

:thumbsup: I am new to this forum, but i was told to post my hijackthis log here by a friend.
Every start up I get a rundll error of " error loading bridge.dll" and is begging to be an annoyance as I think it is slowing my PC down. Anyhow this is the log:

Logfile of HijackThis v1.97.7
Scan saved at 21:23:37, on 20/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\PROGRA~1\Bolddeletelies\Ref Start Burn.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\BTopenworld\DialBTIAnytime.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\FlashGet\flashget.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/ind...www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87CC4813-7676-F77F-C6EA-37D17855B659} - D:\PROGRA~1\KINDBL~1\third keep.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [tons plus] D:\PROGRA~1\Bolddeletelies\Ref Start Burn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCDRealtime] D:\WINDOWS\realtime.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lcaa] D:\Documents and Settings\Francis\Application Data\sswt.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Programas (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Programas (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: My programs (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .au: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPre...ternacional.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\commonyinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8121.3329282407
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mp3.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52B9D419-6DF8-42CB-B9A0-BB2C721C9B1C}: NameServer = 213.120.62.104 213.120.62.97

PLEASE HELP!

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:29 PM

Posted 21 July 2004 - 02:55 PM

You are using an outdated version of hijackthis. Please download the latest version.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

or here:

http://computercops.biz/downloads-cat-14.html

Then post a new log

#3 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 21 July 2004 - 04:12 PM

Hope this helps you better!



Logfile of HijackThis v1.98.0
Scan saved at 22:06:38, on 21/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\PROGRA~1\Bolddeletelies\Ref Start Burn.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Francis\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/ind...www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Aboutplay - {87CC4813-7676-F77F-C6EA-37D17855B659} - D:\PROGRA~1\KINDBL~1\third keep.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [tons plus] D:\PROGRA~1\Bolddeletelies\Ref Start Burn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCDRealtime] D:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ImInstaller] D:\DOCUME~1\Francis\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -product IncrediMail
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lcaa] D:\Documents and Settings\Francis\Application Data\sswt.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Programas - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - http://www.descargasya.com/index3.html (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Programas - {4358161B-A4B8-498E-8019-3DAB50DFD578} - http://www.descargasya.com/index3.html (file missing)
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - D:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - D:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: My programs - {C8950078-94A4-4C32-BB9C-4666357965AF} - C:\softwareuk\index.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .au: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPre...ternacional.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\commonyinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mp3.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

PS Where do i report hackers detected by norton as i intend to report anymore and all others i get

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:29 PM

Posted 21 July 2004 - 10:14 PM

Do not worry about the hackers right now. I will explain about that after.

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Window Search
Win Tools
IEtools
IESearch
Windows Assistant
WindowsSA
Search Assistant
Windows Search Assistant

Then, I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/ind...www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R3 - Default URLSearchHook is missing
O2 - BHO: Aboutplay - {87CC4813-7676-F77F-C6EA-37D17855B659} - D:\PROGRA~1\KINDBL~1\third keep.dll
O4 - HKLM\..\Run: [tons plus] D:\PROGRA~1\Bolddeletelies\Ref Start Burn.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [PCDRealtime] D:\WINDOWS\realtime.exe
O4 - HKCU\..\Run: [Lcaa] D:\Documents and Settings\Francis\Application Data\sswt.exe
O9 - Extra button: Programas - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - http://www.descargasya.com/index3.html (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Programas - {4358161B-A4B8-498E-8019-3DAB50DFD578} - http://www.descargasya.com/index3.html (file missing)
O9 - Extra button: My programs - {C8950078-94A4-4C32-BB9C-4666357965AF} - C:\softwareuk\index.htm
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPre...ternacional.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mp3.cab


Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
D:\PROGRAM FILES\Bolddeletelies\
D:\PROGRAM FILES\KINDBL~1\
D:\WINDOWS\realtime.exe
D:\Documents and Settings\Francis\Application Data\sswt.exe
Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#5 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 22 July 2004 - 04:21 AM

Hope now im clear, the error has gone.
The sswt.exe file wasnt there but i did have it about a month ago and got rid of it by deleting it in normal mode, i hope thats ok?
Thank you for all your help

Logfile of HijackThis v1.98.0
Scan saved at 10:15:03, on 22/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Francis\My Documents\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Hope Audio Slow - {6F373C0F-9440-BEB2-548E-5B37CFB46BBE} - D:\PROGRA~1\KINDBL~1\third keep.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ImInstaller] D:\DOCUME~1\Francis\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -product IncrediMail
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - D:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - D:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .au: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\commonyinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:29 PM

Posted 22 July 2004 - 09:48 AM

Fix this :

O3 - Toolbar: Hope Audio Slow - {6F373C0F-9440-BEB2-548E-5B37CFB46BBE} - D:\PROGRA~1\KINDBL~1\third keep.dll (file missing)


Reboot and do the following (just being safe):


Download VX2Finder from this link:

http://tools.zerosrealm.com/VX2Finder.exe

or

http://www.downloads.subratam.org/VX2Finder.exe

Run Vx2Finder and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Copy and paste the contents of the log into your next reply here.

#7 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 22 July 2004 - 11:40 AM

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---
YPC 3.0.2 Yahoo! Parental Controls



This mean im clear?

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:29 PM

Posted 22 July 2004 - 02:10 PM

Ok your all clean :thumbsup:

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

Using Spybot - Search & Destroy to remove Spyware from Your Computer

Glad i was able to help.

#9 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 22 July 2004 - 02:39 PM

:flowers: Thank you very much for your help and for the tips you gave me. All the info was very much appreciated- :thumbsup: thanks again!

#10 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 22 July 2004 - 02:48 PM

i forgot to ask where to send norton info on any hackers and trojans i get, thanx again

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:29 PM

Posted 22 July 2004 - 03:42 PM

Well quite honestly you were most likely not hacked but rather got hit with a worm or virus. If you want to report a problem where you think someone is trying to hack your computer you should report it to your internet providers abuse email. For example, Road Runners abuse email is abuse@rr.com.

With that said, keep in mind that most ISP's will rarely do anything to help you. They get so many complaints a day that there is not much they can do. Unless you are severely hacked, and 99% of the time the warnings are just scans of the internet including your computer, they wont help you. Just keep using the firewall and be happy that it is not letting anything in.

#12 FdjC

FdjC
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 23 July 2004 - 05:13 AM

Thank you anyway for all the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users