Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About:blank -- Help


  • Please log in to reply
1 reply to this topic

#1 murphytjm

murphytjm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 16 January 2005 - 04:55 PM

I'm not a very sophisticated user but I read enough to try and post a "hijackthis Log" to see if I can get help. Thank you in advance and here is the Log:

Logfile of HijackThis v1.99.0
Scan saved at 4:44:03 PM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\sdkgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\documents and settings\tmurphy\local settings\temp\JqYbpv.exe
C:\windows\system32\VlhTIf.exe
C:\WINDOWS\system32\atl91036.exe
C:\windows\system32\K3NBt.exe
C:\WINDOWS\system32\avifile5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\tmurphy\Application Data\snci.exe
C:\WINDOWS\system32\VlhTIf.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\12Ghosts\12wash.exe
C:\WINDOWS\system32\Fah1q5.exe
C:\Program Files\eRoom 6\ERClient.exe
C:\WINDOWS\system32\Elc2mI.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\WINDOWS\system32\winge32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\r?ndll.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\tmurphy\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dfcde.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://store.adobe.com/WebObjects/WEC?page...systemCode=AOLN
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D2481899-BB11-955E-88C7-DE147868F4CD} - C:\WINDOWS\system32\javabu32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [sdkgs.exe] C:\WINDOWS\system32\sdkgs.exe
O4 - HKLM\..\Run: [JqYbpv.exe] C:\documents and settings\tmurphy\local settings\temp\JqYbpv.exe
O4 - HKLM\..\Run: [VlhTIf.exe] c:\windows\system32\VlhTIf.exe
O4 - HKLM\..\Run: [32c8e70be0d1] C:\WINDOWS\system32\atl91036.exe
O4 - HKLM\..\Run: [K3NBt.exe] C:\windows\system32\K3NBt.exe
O4 - HKLM\..\Run: [27667b24e21c] C:\WINDOWS\system32\avifile5.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Pwcm74i.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunOnce: [winge32.exe] C:\WINDOWS\system32\winge32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tair] C:\Documents and Settings\tmurphy\Application Data\snci.exe
O4 - HKCU\..\Run: [Qzt] C:\WINDOWS\system32\r?ndll.exe
O4 - Startup: 12Ghosts Wash.lnk = C:\Program Files\12Ghosts\12wash.exe
O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - https://vo.harris.com/eroomsetup/client.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imcadmin.imcad.com
O17 - HKLM\Software\..\Telephony: DomainName = imcadmin.imcad.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2990773E-7915-452E-A2DD-761179B2363C}: Domain = imcadmin.imcad.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2990773E-7915-452E-A2DD-761179B2363C}: NameServer = 10.10.33.33,10.10.10.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{4266459B-6628-4426-BF7E-2E9C0EA90B62}: NameServer = 172.16.12.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imcadmin.imcad.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2990773E-7915-452E-A2DD-761179B2363C}: Domain = imcadmin.imcad.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2990773E-7915-452E-A2DD-761179B2363C}: NameServer = 10.10.33.33,10.10.10.16
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 PM

Posted 17 January 2005 - 02:22 AM

Download the attached zip file and unzip it to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'

Download cwshredder 2.12 from here:

http://cwshredder.net/bin/CWShredder.exe

Run the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.

When its done run hijackthis again post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users