Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UPDATE..


  • This topic is locked This topic is locked
47 replies to this topic

#1 vtec78

vtec78

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 05:03 AM

Well ive used ad aware, spybot1.3,norton and still my pc going crazy..spybot1.3 found this..

Possible extension hijack: Default command file handler (Registry change, nothing done)
HKEY_CLASSES_ROOT\cmdfile\shell\open\command\!="%1" %*

Should I remove it???


Here is a fresh hj log

Logfile of HijackThis v1.98.0
Scan saved at 5:17:01 AM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\NETMI32.EXE
C:\WINDOWS\MSWL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iigde.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iigde.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://iigde.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: Class - {E7E124F6-B309-8528-B4EA-26F462B941D5} - C:\WINDOWS\SYSTEM\JAVAEJ32.DLL (file missing)
O2 - BHO: Class - {9094044E-D64B-52BF-2293-CE35E7D82337} - C:\WINDOWS\SYSTEM\ADDSC.DLL (file missing)
O2 - BHO: Class - {18DF71F2-32D5-BEE7-153F-A4757D907148} - C:\WINDOWS\SYSTEM\NETAR32.DLL (file missing)
O2 - BHO: Class - {A3D99131-68E9-236B-D255-C50CDCDB0928} - C:\WINDOWS\SYSTEM\MSIC.DLL (file missing)
O2 - BHO: Class - {D5459708-5146-5B78-2C15-69BF794D6B12} - C:\WINDOWS\SYSTEM\MSSB32.DLL (file missing)
O2 - BHO: Class - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - C:\WINDOWS\SYSTEM\ATLSP32.DLL (file missing)
O2 - BHO: Class - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - C:\WINDOWS\APPPA32.DLL (file missing)
O2 - BHO: Class - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - C:\WINDOWS\NETVQ.DLL (file missing)
O2 - BHO: Class - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - C:\WINDOWS\SYSTEM\NTRI.DLL (file missing)
O2 - BHO: Class - {36A2F80C-005C-56CB-3C74-0564534D0215} - C:\WINDOWS\SYSTEM\NTWH.DLL (file missing)
O2 - BHO: Class - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - C:\WINDOWS\APIDS32.DLL (file missing)
O2 - BHO: Class - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - C:\WINDOWS\JAVAYQ.DLL (file missing)
O2 - BHO: Class - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - C:\WINDOWS\D3JJ.DLL (file missing)
O2 - BHO: Class - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - C:\WINDOWS\SDKCM.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {06204314-8710-7E66-8DEF-72A50FE93229} - C:\WINDOWS\SYSTEM\WINHB.DLL (file missing)
O2 - BHO: Class - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - C:\WINDOWS\IECH.DLL (file missing)
O2 - BHO: Class - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - C:\WINDOWS\SYSTEM\APPLC32.DLL (file missing)
O2 - BHO: Class - {E15DE160-7915-1819-2868-8A99CB9D83E5} - C:\WINDOWS\NTRV32.DLL (file missing)
O2 - BHO: Class - {A20458A2-7655-7F96-C902-3F31980DA43F} - C:\WINDOWS\MSZK.DLL (file missing)
O2 - BHO: Class - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - C:\WINDOWS\APICH32.DLL (file missing)
O2 - BHO: Class - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - C:\WINDOWS\NETKP.DLL (file missing)
O2 - BHO: Class - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - C:\WINDOWS\ATLRH.DLL (file missing)
O2 - BHO: Class - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - C:\WINDOWS\SYSTEM\D3QL32.DLL (file missing)
O2 - BHO: Class - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - C:\WINDOWS\SYSTEM\CRQN32.DLL (file missing)
O2 - BHO: Class - {086EC45A-7F1E-8853-E711-291F764C1CD3} - C:\WINDOWS\SYSTEM\CRHR32.DLL (file missing)
O2 - BHO: Class - {C8994F9D-64C1-8785-E2A8-6309090595B7} - C:\WINDOWS\SYSTEM\APPNI.DLL (file missing)
O2 - BHO: Class - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - C:\WINDOWS\ADDSB32.DLL (file missing)
O2 - BHO: Class - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - C:\WINDOWS\SYSTEM\D3CW32.DLL (file missing)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL



Is it to late for me pc? :cool: :inlove: :trumpet: :flowers: :thumbsup:

Edited by vtec78, 30 June 2004 - 05:15 AM.


BC AdBot (Login to Remove)

 


#2 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 06:09 AM

The latest hj log..think its getting worse.. :thumbsup:

Logfile of HijackThis v1.98.0
Scan saved at 6:17:36 AM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\MSWL.EXE
C:\WINDOWS\SYSTEM\SDKJT32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iigde.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iigde.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://iigde.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: Class - {E7E124F6-B309-8528-B4EA-26F462B941D5} - C:\WINDOWS\SYSTEM\JAVAEJ32.DLL (file missing)
O2 - BHO: Class - {9094044E-D64B-52BF-2293-CE35E7D82337} - C:\WINDOWS\SYSTEM\ADDSC.DLL (file missing)
O2 - BHO: Class - {18DF71F2-32D5-BEE7-153F-A4757D907148} - C:\WINDOWS\SYSTEM\NETAR32.DLL (file missing)
O2 - BHO: Class - {A3D99131-68E9-236B-D255-C50CDCDB0928} - C:\WINDOWS\SYSTEM\MSIC.DLL (file missing)
O2 - BHO: Class - {D5459708-5146-5B78-2C15-69BF794D6B12} - C:\WINDOWS\SYSTEM\MSSB32.DLL (file missing)
O2 - BHO: Class - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - C:\WINDOWS\SYSTEM\ATLSP32.DLL (file missing)
O2 - BHO: Class - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - C:\WINDOWS\APPPA32.DLL (file missing)
O2 - BHO: Class - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - C:\WINDOWS\NETVQ.DLL (file missing)
O2 - BHO: Class - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - C:\WINDOWS\SYSTEM\NTRI.DLL (file missing)
O2 - BHO: Class - {36A2F80C-005C-56CB-3C74-0564534D0215} - C:\WINDOWS\SYSTEM\NTWH.DLL (file missing)
O2 - BHO: Class - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - C:\WINDOWS\APIDS32.DLL (file missing)
O2 - BHO: Class - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - C:\WINDOWS\JAVAYQ.DLL (file missing)
O2 - BHO: Class - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - C:\WINDOWS\D3JJ.DLL (file missing)
O2 - BHO: Class - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - C:\WINDOWS\SDKCM.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {06204314-8710-7E66-8DEF-72A50FE93229} - C:\WINDOWS\SYSTEM\WINHB.DLL (file missing)
O2 - BHO: Class - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - C:\WINDOWS\IECH.DLL (file missing)
O2 - BHO: Class - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - C:\WINDOWS\SYSTEM\APPLC32.DLL (file missing)
O2 - BHO: Class - {E15DE160-7915-1819-2868-8A99CB9D83E5} - C:\WINDOWS\NTRV32.DLL (file missing)
O2 - BHO: Class - {A20458A2-7655-7F96-C902-3F31980DA43F} - C:\WINDOWS\MSZK.DLL (file missing)
O2 - BHO: Class - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - C:\WINDOWS\APICH32.DLL (file missing)
O2 - BHO: Class - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - C:\WINDOWS\NETKP.DLL (file missing)
O2 - BHO: Class - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - C:\WINDOWS\ATLRH.DLL (file missing)
O2 - BHO: Class - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - C:\WINDOWS\SYSTEM\D3QL32.DLL (file missing)
O2 - BHO: Class - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - C:\WINDOWS\SYSTEM\CRQN32.DLL (file missing)
O2 - BHO: Class - {086EC45A-7F1E-8853-E711-291F764C1CD3} - C:\WINDOWS\SYSTEM\CRHR32.DLL (file missing)
O2 - BHO: Class - {C8994F9D-64C1-8785-E2A8-6309090595B7} - C:\WINDOWS\SYSTEM\APPNI.DLL (file missing)
O2 - BHO: Class - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - C:\WINDOWS\ADDSB32.DLL (file missing)
O2 - BHO: Class - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - C:\WINDOWS\SYSTEM\D3CW32.DLL (file missing)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [MSWL.EXE] C:\WINDOWS\MSWL.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

:flowers:

#3 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 08:11 AM

Logfile of HijackThis v1.98.0
Scan saved at 8:18:03 AM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

???
completely fuxored eh :thumbsup:

#4 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 09:47 AM

seems this bug morphs over and over and over..i ran norton again and it found 50 :thumbsup: yes 50 adware/iefeats ....

#5 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 09:58 AM

Logfile of HijackThis v1.98.0
Scan saved at 10:12:14 AM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [MFCSV32.EXE] C:\WINDOWS\SYSTEM\MFCSV32.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 30 June 2004 - 11:45 AM

Hehe...you got the latest and greatest. It is a real pain to remove it.

Follow these steps and we will get rid of it in one or two attempts:



Please do not open Internet Explorer during any portion of this process.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Step 1:


Click on start, the control panel, then administrative programs, then services. Look for a service called Network Security Service. Double click on the that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step 2:
I now need you to delete the following files:

The file from the services above.
C:\WINDOWS\CRCB32.DLL
C:\WINDOWS\system\iigde.dll
C:\WINDOWS\SYSTEM\SDKJT32.EXE
C:\WINDOWS\SYSTEM\MFCSV32.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step 3:
Then run hijackthis and fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [MFCSV32.EXE] C:\WINDOWS\SYSTEM\MFCSV32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Step 4:

In the next step we are going to remove a service that gets installed by this malware. The service will always start with __NS_Service. For the purposes of this step, we will assume that it is called NS_Service_3 but may be called something differently on your computer.

Go to Start>Run and type regedit.

Press enter.

Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3

If __NS_Service_3 exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_Service_3

If LEGACY___NS_Service_3 exists then right click on it and choose delete from the menu.

If you have trouble deleting a key. Then click once on the key name (LEGACY__NS_SERVICE_ or some other name that starts with LEGACY__NS_SERVICE) to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.


Step 5:

Please down About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip

Once it is download, please run the tool. When the tool is open press ok and then start. In the field labeled "Input in here..." enter the following:

C:\WINDOWS\system\iigde.dll

Then press the OK button. The program will start to delete the various elements of this malware.

When it completed move on to step 7.

Step 6:

Restore files deleted by this malware.
  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
  • If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
====

#7 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 07:08 PM

Click on start, the control panel, then administrative programs, then services. Look for a service called Network Security Service. Double click on the that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Im not seeing anything called that..closest is BDE administrator..thats not it im sure? looks like this may be harder then i imagined..cant even complete the first step lol grrrrr

Is there another route to this?

Edited by vtec78, 30 June 2004 - 07:22 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 30 June 2004 - 07:43 PM

My bad. Did not realize you were ME. Please post a new log.

Also please do not create new topics with replies to this one. Keep all replies part of this topic, do not create new ones.

#9 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 07:55 PM

Oops Sorry bout that man.
And thanks for this assistance.

Logfile of HijackThis v1.98.0
Scan saved at 8:06:57 PM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [MFCSV32.EXE] C:\WINDOWS\SYSTEM\MFCSV32.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 30 June 2004 - 08:07 PM

Not your fault :thumbsup:


I want you to fix some of those entries. Please do the following:


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: Class - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O4 - HKLM\..\Run: [SDKJT32.EXE] C:\WINDOWS\SYSTEM\SDKJT32.EXE
O4 - HKLM\..\RunServices: [MFCSV32.EXE] C:\WINDOWS\SYSTEM\MFCSV32.EXE

Reboot your computer into Safe Mode and delete the following files:

Then delete these

C:\WINDOWS\system\iigde.dll
C:\WINDOWS\CRCB32.DLL
C:\WINDOWS\SYSTEM\SDKJT32.EXE
C:\WINDOWS\SYSTEM\MFCSV32.EXE

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#11 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 08:55 PM

was unable to find SDKJT32.dll and MFCSV32.exe in C/windows/system..
but the others i deleted.

Logfile of HijackThis v1.98.0
Scan saved at 9:09:45 PM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: (no name) - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

#12 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 09:45 PM

:thumbsup: somthing has happened to my WMP..The icon changed i just noticed..i havnt used it lately so i dunno when it happened. the icon is just a white box blue border..like a unknown file type or somthing..it wont play or open or anything.. also when i go to open my outlook express email..i get this error.. could not open because MSOE.DLL could not be loaded. another thing is after i did fic in hj and rebooted back into normall all my desktop icon were mixed up.dunno why. maybe some of this will help in figuring out my issue. heres a fresh hjl

Logfile of HijackThis v1.98.0
Scan saved at 9:59:29 PM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: (no name) - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 30 June 2004 - 10:54 PM

The particular malware you had is known to delete a lot of files for various operating systems. Some legitimate, others competing malware. It is possible that certain programs may not work properly after we fix this, but we will do our best to try to get everything working. For now lets get the log cleaned up and then focus on the other issues.

Fix these with hijackthis:

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: (no name) - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Reboot and post a new log

#14 vtec78

vtec78
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 June 2004 - 11:53 PM

Oh i wasnt aware that malware and spyware would do these things..i thought they just want to create popups and such..wow..thats scary man..looks like i need a program to help block these parasites.

all the bho no names that i fix'ed seem to still be there.?
is that a prob?


Logfile of HijackThis v1.98.0
Scan saved at 12:06:02 AM, on 7/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: (no name) - {E7E124F6-B309-8528-B4EA-26F462B941D5} - (no file)
O2 - BHO: (no name) - {9094044E-D64B-52BF-2293-CE35E7D82337} - (no file)
O2 - BHO: (no name) - {18DF71F2-32D5-BEE7-153F-A4757D907148} - (no file)
O2 - BHO: (no name) - {A3D99131-68E9-236B-D255-C50CDCDB0928} - (no file)
O2 - BHO: (no name) - {D5459708-5146-5B78-2C15-69BF794D6B12} - (no file)
O2 - BHO: (no name) - {EE3BE29F-801F-7595-1735-75B9A69CA88D} - (no file)
O2 - BHO: (no name) - {2FA6B0AE-AAE8-9CDC-8004-516B1C672B52} - (no file)
O2 - BHO: (no name) - {7B852FD1-75E7-FC74-B7E9-ADEF49ABB2B2} - (no file)
O2 - BHO: (no name) - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - (no file)
O2 - BHO: (no name) - {36A2F80C-005C-56CB-3C74-0564534D0215} - (no file)
O2 - BHO: (no name) - {A2CB8242-65E2-A803-8CBD-9D81A18D7D99} - (no file)
O2 - BHO: (no name) - {741FAA78-FB1F-CB3C-44BD-E14600CFF87A} - (no file)
O2 - BHO: (no name) - {7E7E368F-52C9-80E2-619A-AFF0E8DF2D31} - (no file)
O2 - BHO: (no name) - {C5F1D2AE-ADBF-9926-B1E9-C3D4E10E2CBB} - (no file)
O2 - BHO: (no name) - {06204314-8710-7E66-8DEF-72A50FE93229} - (no file)
O2 - BHO: (no name) - {CF532F04-8C95-1B6E-C3C3-AE92B411CA46} - (no file)
O2 - BHO: (no name) - {53AC44D3-7DD4-0E64-44FF-00630DA3929F} - (no file)
O2 - BHO: (no name) - {E15DE160-7915-1819-2868-8A99CB9D83E5} - (no file)
O2 - BHO: (no name) - {A20458A2-7655-7F96-C902-3F31980DA43F} - (no file)
O2 - BHO: (no name) - {B2B4335D-B3F0-23F0-F786-D4D92E20AD29} - (no file)
O2 - BHO: (no name) - {7C5F07FA-EE61-E2CA-7AC9-845516B1F196} - (no file)
O2 - BHO: (no name) - {6BCBA5F1-60FE-2C08-77CB-F80DB152B4EF} - (no file)
O2 - BHO: (no name) - {1CA0B7AD-8C69-8293-369B-46E22D85FF51} - (no file)
O2 - BHO: (no name) - {A5AD29F2-C417-ADBE-550D-61E932069FF5} - (no file)
O2 - BHO: (no name) - {086EC45A-7F1E-8853-E711-291F764C1CD3} - (no file)
O2 - BHO: (no name) - {C8994F9D-64C1-8785-E2A8-6309090595B7} - (no file)
O2 - BHO: (no name) - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - (no file)
O2 - BHO: (no name) - {65344CD2-2A9B-B346-1ECD-D08CAF49E420} - (no file)
O2 - BHO: (no name) - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2564.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: ChatSpace Java Client 2.1.0.91 - http://65.106.39.244:8001/Java/cs4ms091.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/fr...ll/freecell.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: ChatSpace Java Client 2.1.0.93 - http://65.106.39.244:8001/Java/cs4ms093.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...238/mcfscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = adams.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.138.0.4,216.138.0.11

Edited by vtec78, 01 July 2004 - 12:17 AM.


#15 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 July 2004 - 07:13 AM

Hi, this one is a little tough to get in ME. We are starting to see that Trojan Remover can get it though.

Download the free 30day trial version of Trojan Remover here:
http://www.simplysup.com/tremover/download.html

This download now includes Database 6156, released 28th June 2004

Follow the instructions for installation.

Reboot into SAFE MODE:

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Now, scan with Trojan Remover and let it remove anything it finds.

Reboot back into normal mode run Hijackthis again and post a fresh log.

Edited by ColdinCbus, 01 July 2004 - 07:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users