Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Eluzion


  • Please log in to reply
12 replies to this topic

#1 Eluzion

Eluzion

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 24 June 2005 - 09:41 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:38:54 AM, on 6/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\ELITEKDH32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\PC MIGHTYMAX\PCMM.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PROFILES\EM-TEE\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pennswoods.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pennswoods.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
F1 - win.ini: run=hpfsched
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEKDH32.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

BC AdBot (Login to Remove)

 


#2 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 24 June 2005 - 09:44 AM

Just for the record, i'm having an audio problem..thanks.

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 June 2005 - 11:20 AM

Hi Eluzion and Welcome!

Please download these tools to help us out but dont run any of them until I ask you to!

Download LQfix.zip
http://users.pandora.be/bluepatchy/LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

AdawareSE 1.06
http://www.bleepingcomputer.com/forums/ind...showtutorial=48

The link will tell you how to Install>Update>Configure and Scan!

Download and Install CleanUp! 4.0
http://downloads.stevengould.org/cleanup/CleanUp40.exe

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

From the LQfix Folder Doubleclick LQfix.bat that you saved on your desktop before.

A doswindow will open and close again, this is normal.

Run CleanUp!

Click "Cleanup" and it will Scan and Remove all available Temp files>Click "Close">Click "No" to Logoff!

Scan with Ad Aware>>Remove all it finds and Delete all Quaratine Files!

Locate and Delete if found

C:\WINDOWS\SYSTEM\ELITEKDH32.EXE<< File

C:\WINDOWS\EliteToolBar<< Folder

C:\WINDOWS\web\related.htm<< File

C:\Program Files\WildTangent<< Folder

C:\Program Files\PC MightyMax<< Folder(Unless you Installed this!)

Be sure to follow the directions that apply to your Operating System!

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll

O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEKDH32.EXE

O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R

O4 - HKLM\..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe /startup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Select the tab labeled Startup and put a Check by every box there!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with a complete HijsckThis log and the Report from Panda

Edited by Cretemonster, 25 June 2005 - 11:20 AM.


#4 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 04 July 2005 - 08:44 PM

I Did the panda scan..here's the results.


Incident Status Location

Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\ELITEKDH32.EXE
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\ELITEK~1.EXE
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM\winbbb.dat
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\Protector.exe
Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\winbbb.dat
Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\rtneg.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\elitekdh32.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\temperror32.dat
Adware:Adware/EliteBar No disinfected C:\WINDOWS\protector.exe




Thanks.

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2005 - 04:05 AM

Little bit more to go,it appears that the 9X Platform has an effect on the removal tool for EliteBar

Try this one instead
http://www.simplytech.it/ETRemover/

All the Instructions for use are there,just take your time and read closely!

After its finished,locate and delete the following if found

C:\WINDOWS\protector.exe<< File

C:\WINDOWS\SYSTEM\temperror32.dat<< File

C:\WINDOWS\SYSTEM\elitekdh32.exe<< File

C:\WINDOWS\SYSTEM\rtneg.dll<< File

C:\WINDOWS\SYSTEM\winbbb.dat<< File

C:\WINDOWS\SYSTEM\ELITEK~1.EXE<< Look for any Variation of these files located in the System folder only!

One more online Scan please
http://www.kaspersky.com/beta?product=161744315

Save any results and post a HijackThis long along with the Results!

#6 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 05 July 2005 - 10:36 AM

KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, July 05, 2005 11:32:05
Operating System: Microsoft Windows Millennium Edition
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/07/2005
Kaspersky Anti-Virus database records: 129263
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 20412
Number of viruses found: 3
Number of infected objects: 36
Number of suspicious objects: 0
Duration of the scan process: 3071 sec

Infected Object Name - Virus Name
c:\_RESTORE\ARCHIVE\FS84.CAB/A0018521.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS84.CAB/A0018531.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS84.CAB/A0018546.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS84.CAB/A0018574.CPY Infected: Trojan-Dropper.Win32.VB.fv
c:\_RESTORE\ARCHIVE\FS84.CAB/A0018575.CPY Infected: Trojan-Dropper.Win32.VB.fv
c:\_RESTORE\ARCHIVE\FS84.CAB Infected: Trojan-Dropper.Win32.VB.fv
c:\_RESTORE\ARCHIVE\FS133.CAB/A0023505.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS133.CAB/A0023506.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS133.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS107.CAB/A0021401.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS107.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS110.CAB/A0022439.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS110.CAB/A0022440.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS110.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS117.CAB/A0022840.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS117.CAB/A0022842.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS117.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS140.CAB/A0024817.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS140.CAB/A0024818.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS140.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS142.CAB/A0025108.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS142.CAB/A0025110.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS142.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS153.CAB/A0026473.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS153.CAB/A0026474.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS153.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS175.CAB/A0031713.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS175.CAB Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS121.CAB/A0023021.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS121.CAB/A0023023.CPY Infected: Trojan.Win32.StartPage.nk
c:\_RESTORE\ARCHIVE\FS121.CAB Infected: Trojan.Win32.StartPage.nk
c:\WINDOWS\SYSTEM\elitekdh32.exe Infected: Trojan.Win32.StartPage.nk
c:\WINDOWS\SYSTEM\temperror32.dat Infected: Trojan.Win32.StartPage.nk
c:\WINDOWS\Profiles\Em-Tee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2049b28f.zip/javainstaller/InstallerApplet.class Infected: Trojan.Java.OpenStream.w
c:\WINDOWS\Profiles\Em-Tee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2049b28f.zip Infected: Trojan.Java.OpenStream.w
c:\WINDOWS\protector.exe Infected: Trojan.Win32.StartPage.nk




HJT LOG -

Logfile of HijackThis v1.99.1
Scan saved at 11:34:00 AM, on 7/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\PROFILES\EM-TEE\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pennswoods.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pennswoods.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2005 - 11:03 AM

Looks like Kaspersky did the job!

How are things running now?

Could you please try to Acces the Windows Update Site and See if there are any available updates for your Machine?

Also Install these little jewels they will help avoid any unwanted ActiveX from being loaded on the PC and block many really unwanted sites from being accessed!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingcomputer.com/forums/ind...showtutorial=53
There is a direct download inside and great tutorial also!

Winhelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Winhelp2002 Hosts File Help Page
http://www.mvps.org/winhelp2002/hosts2.htm


Post back and let me know how the PC is acting!!

#8 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 05 July 2005 - 01:45 PM

PC is doing great now, thanks alot for you help, I appreciate it.

#9 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 08 July 2005 - 04:39 PM

My Computer is messing up again, no matter what it keeps getting infected.

I did the panda scan again..I had 1 virus.

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Friday, July 08, 2005 17:35:14
Operating System: Microsoft Windows Millennium Edition
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/07/2005
Kaspersky Anti-Virus database records: 129809
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\WINDOWS\TEMP\

Scan Statistics:
Total number of scanned objects: 8716
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 1055 sec

Infected Object Name - Virus Name
C:\WINDOWS\Profiles\Em-Tee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2049b28f.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\WINDOWS\Profiles\Em-Tee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2049b28f.zip Infected: Trojan-Downloader.Java.OpenStream.w

Scan process completed.


And I can't go to soundclick.com it takes me to an MSN search with IE, and with firefox, it says it can't be found, please help me.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 July 2005 - 04:55 PM

See if you can access the Windows Update Site!

What did Panda find and did it Disinfect it?


If you cant access that site,then its most likely in the list of unwanted or malicious sites in 1 of the 3 programs I had you Install!

To fix it is to Disable whatever is preventing you from that site,which is strictly your call!

Definatly get that PC checked for updates!

Disable System Restore also
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Once Disabled,restart and Renable,this will flush out all Old Restore Points!

#11 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 08 July 2005 - 08:13 PM

I followed the System Restore, and it turned out fine.

I did access the Windows Update, and I had 23 files I had to update, i've been on for about two hours, and only have 3 done, for some reason I can't access soundclick.com, it takes me to an MSN search, would you like me to post a HijackThis Log, once i'm done updating?

#12 Eluzion

Eluzion
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 08 July 2005 - 08:34 PM

I've successfully updated..here's my HJT Log, I'm still having problems, well, actually the only problem is, I can't go to soundclick.com

Logfile of HijackThis v1.99.1
Scan saved at 9:30:06 PM, on 7/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\PROFILES\EM-TEE\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pennswoods.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBARBHO.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\PLUGINS\BROWSERBAR\IE_BAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2005 - 06:18 AM

OK,try this in the order I have them listed!

Disable All Protection in Spyware Blaster and try the Site!

If you still cant get there,Open Up IE and Click Tools>> Internet Options>> Security>> Restricted Zone>> Look through the list and See if that site is listed!

Lastly,Uninstall the Hosts File you have by using the Hoster

Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip
Press "Restore Original Hosts" and press "OK"!
Exit Program!

One of these is whats preventing you from acccessing the site!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users