|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
March 11th, 2005, 03:25 AM
|
||||
|
||||
|
Trojan.StartPage
Would anyoine be able to help me?
Scan saved at 6:57:55 PM, on 3/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\Rfd.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\wuauclt.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmpCF.tmp C:\WINDOWS\System32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmpD9.tmp C:\WINDOWS\System32\open32.exe C:\Documents and Settings\William Wimsatt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {4F7E7851-B3CB-44F1-A1F0-3C41FA2F4F6B} - C:\WINDOWS\System32\ekcm.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Shell] open32.exe O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !! O4 - HKLM\..\Run: [loader32] C:\WINDOWS\loader32.exe O4 - HKLM\..\Run: [Kak] C:\WINDOWS\System32\Rfd.exe O4 - HKLM\..\Run: [Scg] C:\WINDOWS\System32\Ipl.exe O4 - HKLM\..\Run: [Uec] C:\WINDOWS\Jgt.exe O4 - HKLM\..\Run: [Suo] C:\WINDOWS\Pbf.exe O4 - HKLM\..\Run: [Hmc] C:\WINDOWS\Snf.exe O4 - HKLM\..\Run: [Bal] C:\WINDOWS\Ujh.exe O4 - HKLM\..\Run: [Iqp] C:\WINDOWS\System32\Skg.exe O4 - HKLM\..\Run: [Avo] C:\WINDOWS\System32\Utu.exe O4 - HKLM\..\Run: [Ohm] C:\WINDOWS\Fns.exe O4 - HKLM\..\Run: [Aei] C:\WINDOWS\System32\Pdj.exe O4 - HKLM\..\Run: [Tup] C:\WINDOWS\Okm.exe O4 - HKLM\..\Run: [Obv] C:\WINDOWS\Qvc.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll,DllInsta ll O4 - HKLM\..\Run: [Kqv] C:\WINDOWS\System32\Ase.exe O4 - HKLM\..\Run: [Lun] C:\WINDOWS\Khf.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Kak] C:\WINDOWS\System32\Rfd.exe O4 - HKCU\..\Run: [Scg] C:\WINDOWS\System32\Ipl.exe O4 - HKCU\..\Run: [Uec] C:\WINDOWS\Jgt.exe O4 - HKCU\..\Run: [Suo] C:\WINDOWS\Pbf.exe O4 - HKCU\..\Run: [Hmc] C:\WINDOWS\Snf.exe O4 - HKCU\..\Run: [Bal] C:\WINDOWS\Ujh.exe O4 - HKCU\..\Run: [Iqp] C:\WINDOWS\System32\Skg.exe O4 - HKCU\..\Run: [Avo] C:\WINDOWS\System32\Utu.exe O4 - HKCU\..\Run: [Ohm] C:\WINDOWS\Fns.exe O4 - HKCU\..\Run: [Aei] C:\WINDOWS\System32\Pdj.exe O4 - HKCU\..\Run: [Tup] C:\WINDOWS\Okm.exe O4 - HKCU\..\Run: [Obv] C:\WINDOWS\Qvc.exe O4 - HKCU\..\Run: [Kqv] C:\WINDOWS\System32\Ase.exe O4 - HKCU\..\Run: [Lun] C:\WINDOWS\Khf.exe O4 - Startup: winupdate21670583[1].exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20d60511fc4cbbe...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...108.8490162037 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx e able to help me? 
|
|
#2
March 11th, 2005, 04:24 AM
|
|||
|
|||
|
Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed and that you have HJT v1.99.1.If you don't understand please ask before proceeding with the fixes. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Download any of the required programs before attempting to start any of the fixes. Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Download and run Adaware,SpyBot & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below. How to setup Ad-Aware Download Ad-Aware Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/ Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory. Open AdAware from Start | Programs | Lavasoft | AdAware. Select <Check for updates now>, <Proceed> After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer. After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option. At this point all the boxes next to the items should be checked. Then hit the next button. It will ask if you want to delete the selected objects. Hit the Okay button. Now most of the spyware should have been deleted from your hard drive. ---------------------------------------------------------------------- How to setup Spybot Search & Destroy Download SpyBot Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/ Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory. Open Spybot from Start | Programs | Spybot | Spybot S&D Select <Search for Updates>. Let it install all updates. This is very important! Select <Immunize> Select <Check for Problems> Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it. Select <Fix Selected Problems> Close Spybot// --------------------------------------------------------------------- How to install and run CWShredder Download CWShredder Choose the stand alone version. This is free. Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP. I recommend, c:/program files/CWShredder/ Close all browsers Unzip into same directory Doubleclick CWSInstall.exe Click <Check for updates> and let it install all updates Click <Fix> Click <Next> Close CWShredder// ---------------------------------------------------------------------- To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu. ----------------------------------------------------------------------- Files highlighted in BLACK will need to be removed from your hard drive. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager ----------------------------------------------------------------- Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed. C:\WINDOWS\System32\mszx23.exe C:\WINDOWS\loader32.exe C:\WINDOWS\System32\Rfd.exe C:\WINDOWS\System32\Ipl.exe C:\WINDOWS\Jgt.exe C:\WINDOWS\Pbf.exe C:\WINDOWS\Snf.exe C:\WINDOWS\Ujh.exe C:\WINDOWS\System32\Skg.exe C:\WINDOWS\System32\Utu.exe C:\WINDOWS\Fns.exe C:\WINDOWS\System32\Pdj.exe C:\WINDOWS\Okm.exe C:\WINDOWS\Qvc.exe C:\WINDOWS\System32\Ase.exe C:\WINDOWS\Khf.exe C:\WINDOWS\System32\open32.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank O2 - BHO: (no name) - {4F7E7851-B3CB-44F1-A1F0-3C41FA2F4F6B} - C:\WINDOWS\System32\ekcm.dll O4 - HKLM\..\Run: [Shell] open32.exe O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !! O4 - HKLM\..\Run: [loader32] C:\WINDOWS\loader32.exe O4 - HKLM\..\Run: [Kak] C:\WINDOWS\System32\Rfd.exe O4 - HKLM\..\Run: [Scg] C:\WINDOWS\System32\Ipl.exe O4 - HKLM\..\Run: [Uec] C:\WINDOWS\Jgt.exe O4 - HKLM\..\Run: [Suo] C:\WINDOWS\Pbf.exe O4 - HKLM\..\Run: [Hmc] C:\WINDOWS\Snf.exe O4 - HKLM\..\Run: [Bal] C:\WINDOWS\Ujh.exe O4 - HKLM\..\Run: [Iqp] C:\WINDOWS\System32\Skg.exe O4 - HKLM\..\Run: [Avo] C:\WINDOWS\System32\Utu.exe O4 - HKLM\..\Run: [Ohm] C:\WINDOWS\Fns.exe O4 - HKLM\..\Run: [Aei] C:\WINDOWS\System32\Pdj.exe O4 - HKLM\..\Run: [Tup] C:\WINDOWS\Okm.exe O4 - HKLM\..\Run: [Obv] C:\WINDOWS\Qvc.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll,DllInsta ll O4 - HKLM\..\Run: [Kqv] C:\WINDOWS\System32\Ase.exe O4 - HKLM\..\Run: [Lun] C:\WINDOWS\Khf.exe O4 - HKCU\..\Run: [Kak] C:\WINDOWS\System32\Rfd.exe O4 - HKCU\..\Run: [Scg] C:\WINDOWS\System32\Ipl.exe O4 - HKCU\..\Run: [Uec] C:\WINDOWS\Jgt.exe O4 - HKCU\..\Run: [Suo] C:\WINDOWS\Pbf.exe O4 - HKCU\..\Run: [Hmc] C:\WINDOWS\Snf.exe O4 - HKCU\..\Run: [Bal] C:\WINDOWS\Ujh.exe O4 - HKCU\..\Run: [Iqp] C:\WINDOWS\System32\Skg.exe O4 - HKCU\..\Run: [Avo] C:\WINDOWS\System32\Utu.exe O4 - HKCU\..\Run: [Ohm] C:\WINDOWS\Fns.exe O4 - HKCU\..\Run: [Aei] C:\WINDOWS\System32\Pdj.exe O4 - HKCU\..\Run: [Tup] C:\WINDOWS\Okm.exe O4 - HKCU\..\Run: [Obv] C:\WINDOWS\Qvc.exe O4 - HKCU\..\Run: [Kqv] C:\WINDOWS\System32\Ase.exe O4 - HKCU\..\Run: [Lun] C:\WINDOWS\Khf.exe O4 - Startup: winupdate21670583[1].exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20d60511fc4cbb...ip/RdxIE601.cab ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed). C:\WINDOWS\System32\mszx23.exe !! C:\WINDOWS\loader32.exe C:\WINDOWS\System32\Rfd.exe C:\WINDOWS\System32\Ipl.exe C:\WINDOWS\Jgt.exe C:\WINDOWS\Pbf.exe C:\WINDOWS\Snf.exe C:\WINDOWS\Ujh.exe C:\WINDOWS\System32\Skg.exe C:\WINDOWS\System32\Utu.exe C:\WINDOWS\Fns.exe C:\WINDOWS\System32\Pdj.exe C:\WINDOWS\Okm.exe C:\WINDOWS\Qvc.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll C:\WINDOWS\System32\Ase.exe C:\WINDOWS\Khf.exe C:\WINDOWS\System32\open32.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmpCF.tmp C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmpD9.tmp ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log......
|
|
#4
March 13th, 2005, 12:13 AM
|
||||
|
||||
|
Pancake,
I followed your instructions, yet I was unable to delete one of the files-se.dll and I couldnt find mszx23.exe!!. Here is my log: Logfile of HijackThis v1.99.1 Scan saved at 5:12:47 PM, on 3/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\WINDOWS\System32\Nvm.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmpD9.tmp C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\open32.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\tmp102.tmp C:\Program Files\Messenger\msmsgs.exe C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CA4F3EDC-3E94-4D09-ACFC-7ADF7ADADBDB} - C:\WINDOWS\System32\knmk.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKLM\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKLM\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKLM\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKLM\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKLM\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKLM\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKLM\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKLM\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKLM\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKLM\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKLM\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKLM\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\se.dll,DllInsta ll O4 - HKLM\..\Run: [Shell] open32.exe O4 - HKLM\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKCU\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKCU\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKCU\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKCU\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKCU\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKCU\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKCU\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKCU\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKCU\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKCU\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKCU\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKCU\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKCU\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - Startup: winupdate21670583[1].exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 64.62.171.156 O15 - Trusted IP range: 64.62.171.156 (HKLM) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O18 - Filter: text/html - {CC9EA1EC-263D-4AE8-864A-98E927877165} - C:\WINDOWS\System32\knmk.dll O18 - Filter: text/plain - {CC9EA1EC-263D-4AE8-864A-98E927877165} - C:\WINDOWS\System32\knmk.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
|
#5
March 13th, 2005, 01:39 AM
|
|||
|
|||
|
Hi
Apart from a lot of other stuff you also have the 'Horseserver' infection. Please download HSFix Create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder. Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8 and select Safe Mode from the menu. Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat"A log will be produced.This you can close. Run HijackThis and close any open windows and browsers and fix these: HJT items here Restart your computer into normal mode and run at least one of the following free, online virus scans: Housecall Pandasoft eTrust Restart your computer one last time and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt
|
|
#8
March 13th, 2005, 10:30 PM
|
||||
|
||||
|
Pancake,
Here are the logs b4 the scan with eTrust and after. Logfile of HijackThis v1.99.1 Scan saved at 1:21:37 PM, on 3/13/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\EXPLORER.EXE C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {01E80717-4175-4937-8EF9-31D8D3BC6FC7} - C:\WINDOWS\System32\ccok.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKLM\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKLM\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKLM\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKLM\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKLM\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKLM\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKLM\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKLM\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKLM\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKLM\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKLM\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKLM\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKLM\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKLM\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKLM\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKLM\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKLM\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKLM\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKLM\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKLM\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKLM\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKLM\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKLM\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKCU\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKCU\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKCU\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKCU\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKCU\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKCU\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKCU\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKCU\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKCU\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKCU\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKCU\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKCU\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKCU\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKCU\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKCU\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKCU\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKCU\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKCU\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKCU\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKCU\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKCU\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKCU\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKCU\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKCU\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted IP range: 64.62.171.156 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Horseserver Removal Tool v1.05 by Atri - - 1. Registry Fix Started - Registry fix complete - 2. Deleted Services - - 3. Finding files Located on system - - 4. Deleting files that were found. - - 5. Checking for and Removing Winupdate - - -
|
|
#9
March 13th, 2005, 10:31 PM
|
||||
|
||||
|
This is the log after the scan
Logfile of HijackThis v1.99.1 Scan saved at 3:26:58 PM, on 3/13/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\Nvm.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {01E80717-4175-4937-8EF9-31D8D3BC6FC7} - C:\WINDOWS\System32\ccok.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKLM\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKLM\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKLM\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKLM\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKLM\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKLM\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKLM\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKLM\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKLM\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKLM\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKLM\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKLM\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKLM\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKLM\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKLM\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKLM\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKLM\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKLM\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKLM\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKLM\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKLM\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKLM\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKLM\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - HKLM\..\Run: [Esu] C:\WINDOWS\Eil.exe O4 - HKLM\..\Run: [Bhp] C:\WINDOWS\System32\Emt.exe O4 - HKLM\..\Run: [Dnl] C:\WINDOWS\Ega.exe O4 - HKLM\..\Run: [Qtf] C:\WINDOWS\Chn.exe O4 - HKLM\..\Run: [Qjj] C:\WINDOWS\System32\Pvd.exe O4 - HKLM\..\Run: [Aho] C:\WINDOWS\System32\Afv.exe O4 - HKLM\..\Run: [Srr] C:\WINDOWS\System32\Jro.exe O4 - HKLM\..\Run: [Hmi] C:\WINDOWS\Das.exe O4 - HKLM\..\Run: [Fec] C:\WINDOWS\System32\Apl.exe O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\Nfk.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKCU\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKCU\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKCU\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKCU\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKCU\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKCU\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKCU\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKCU\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKCU\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKCU\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKCU\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKCU\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKCU\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKCU\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKCU\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKCU\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKCU\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKCU\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKCU\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKCU\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKCU\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKCU\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKCU\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKCU\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - HKCU\..\Run: [Esu] C:\WINDOWS\Eil.exe O4 - HKCU\..\Run: [Bhp] C:\WINDOWS\System32\Emt.exe O4 - HKCU\..\Run: [Dnl] C:\WINDOWS\Ega.exe O4 - HKCU\..\Run: [Qtf] C:\WINDOWS\Chn.exe O4 - HKCU\..\Run: [Qjj] C:\WINDOWS\System32\Pvd.exe O4 - HKCU\..\Run: [Aho] C:\WINDOWS\System32\Afv.exe O4 - HKCU\..\Run: [Srr] C:\WINDOWS\System32\Jro.exe O4 - HKCU\..\Run: [Hmi] C:\WINDOWS\Das.exe O4 - HKCU\..\Run: [Fec] C:\WINDOWS\System32\Apl.exe O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\Nfk.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted IP range: 64.62.171.156 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks
|
|
#10
March 14th, 2005, 01:11 AM
|
|||
|
|||
|
Hi..still a bit more work to do.
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed and that you have HJT v1.99.1.If you don't understand please ask before proceeding with the fixes. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Download any of the required programs before attempting to start any of the fixes. Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu. ----------------------------------------------------------------------- Files highlighted in BLACK will need to be removed from your hard drive. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed. C:\WINDOWS\System32\Nvm.exe C:\WINDOWS\System32\Kkj.exe C:\WINDOWS\Fhs.exe C:\WINDOWS\Vbf.exe C:\WINDOWS\System32\Mer.exe C:\WINDOWS\Qpv.exe C:\WINDOWS\System32\Tbn.exe C:\WINDOWS\Hpn.exe C:\WINDOWS\System32\Abi.exe C:\WINDOWS\Nph.exe C:\WINDOWS\System32\Utg.exe C:\WINDOWS\System32\Tbo.exe C:\WINDOWS\System32\Vhc.exe C:\WINDOWS\System32\Pef.exe C:\WINDOWS\System32\Kum.exe C:\WINDOWS\Kmb.exe C:\WINDOWS\Dst.exe C:\WINDOWS\Lpl.exe C:\WINDOWS\System32\Kdh.exe C:\WINDOWS\Hqs.exe C:\WINDOWS\Nud.exe C:\WINDOWS\System32\Pid.exe C:\WINDOWS\System32\Rvv.exe C:\WINDOWS\System32\Qct.exe C:\WINDOWS\Dvo.exe C:\WINDOWS\Eil.exe C:\WINDOWS\System32\Emt.exe C:\WINDOWS\Ega.exe C:\WINDOWS\Chn.exe C:\WINDOWS\System32\Pvd.exe C:\WINDOWS\System32\Afv.exe C:\WINDOWS\System32\Jro.exe C:\WINDOWS\Das.exe C:\WINDOWS\System32\Apl.exe C:\WINDOWS\Nfk.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O4 - HKLM\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKLM\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKLM\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKLM\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKLM\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKLM\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKLM\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKLM\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKLM\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKLM\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKLM\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKLM\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKLM\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKLM\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKLM\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKLM\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKLM\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKLM\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKLM\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKLM\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKLM\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKLM\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKLM\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKLM\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - HKLM\..\Run: [Esu] C:\WINDOWS\Eil.exe O4 - HKLM\..\Run: [Bhp] C:\WINDOWS\System32\Emt.exe O4 - HKLM\..\Run: [Dnl] C:\WINDOWS\Ega.exe O4 - HKLM\..\Run: [Qtf] C:\WINDOWS\Chn.exe O4 - HKLM\..\Run: [Qjj] C:\WINDOWS\System32\Pvd.exe O4 - HKLM\..\Run: [Aho] C:\WINDOWS\System32\Afv.exe O4 - HKLM\..\Run: [Srr] C:\WINDOWS\System32\Jro.exe O4 - HKLM\..\Run: [Hmi] C:\WINDOWS\Das.exe O4 - HKLM\..\Run: [Fec] C:\WINDOWS\System32\Apl.exe O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\Nfk.exe O4 - HKCU\..\Run: [Gia] C:\WINDOWS\System32\Nvm.exe O4 - HKCU\..\Run: [Lli] C:\WINDOWS\System32\Kkj.exe O4 - HKCU\..\Run: [Mtv] C:\WINDOWS\Fhs.exe O4 - HKCU\..\Run: [Bif] C:\WINDOWS\Vbf.exe O4 - HKCU\..\Run: [Vfj] C:\WINDOWS\System32\Mer.exe O4 - HKCU\..\Run: [Upm] C:\WINDOWS\Qpv.exe O4 - HKCU\..\Run: [Sjn] C:\WINDOWS\System32\Tbn.exe O4 - HKCU\..\Run: [Beg] C:\WINDOWS\Hpn.exe O4 - HKCU\..\Run: [Pke] C:\WINDOWS\System32\Abi.exe O4 - HKCU\..\Run: [Noq] C:\WINDOWS\Nph.exe O4 - HKCU\..\Run: [Kvg] C:\WINDOWS\System32\Utg.exe O4 - HKCU\..\Run: [Ogu] C:\WINDOWS\System32\Tbo.exe O4 - HKCU\..\Run: [Ajd] C:\WINDOWS\System32\Vhc.exe O4 - HKCU\..\Run: [Shd] C:\WINDOWS\System32\Pef.exe O4 - HKCU\..\Run: [Icl] C:\WINDOWS\System32\Kum.exe O4 - HKCU\..\Run: [Mtb] C:\WINDOWS\Kmb.exe O4 - HKCU\..\Run: [Gfd] C:\WINDOWS\Dst.exe O4 - HKCU\..\Run: [Ajh] C:\WINDOWS\Lpl.exe O4 - HKCU\..\Run: [Tog] C:\WINDOWS\System32\Kdh.exe O4 - HKCU\..\Run: [Fao] C:\WINDOWS\Hqs.exe O4 - HKCU\..\Run: [Nfi] C:\WINDOWS\Nud.exe O4 - HKCU\..\Run: [Mov] C:\WINDOWS\System32\Pid.exe O4 - HKCU\..\Run: [Gnv] C:\WINDOWS\System32\Rvv.exe O4 - HKCU\..\Run: [Ics] C:\WINDOWS\System32\Qct.exe O4 - HKCU\..\Run: [Cuh] C:\WINDOWS\Dvo.exe O4 - HKCU\..\Run: [Esu] C:\WINDOWS\Eil.exe O4 - HKCU\..\Run: [Bhp] C:\WINDOWS\System32\Emt.exe O4 - HKCU\..\Run: [Dnl] C:\WINDOWS\Ega.exe O4 - HKCU\..\Run: [Qtf] C:\WINDOWS\Chn.exe O4 - HKCU\..\Run: [Qjj] C:\WINDOWS\System32\Pvd.exe O4 - HKCU\..\Run: [Aho] C:\WINDOWS\System32\Afv.exe O4 - HKCU\..\Run: [Srr] C:\WINDOWS\System32\Jro.exe O4 - HKCU\..\Run: [Hmi] C:\WINDOWS\Das.exe O4 - HKCU\..\Run: [Fec] C:\WINDOWS\System32\Apl.exe O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\Nfk.exe O15 - Trusted Zone: *.horse-active.net O15 - Trusted Zone: *.horse-active.net (HKLM) O15 - Trusted IP range: 64.62.171.156 ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s C:\WINDOWS\System32\Nvm.exe C:\WINDOWS\System32\Kkj.exe C:\WINDOWS\Fhs.exe C:\WINDOWS\Vbf.exe C:\WINDOWS\System32\Mer.exe C:\WINDOWS\Qpv.exe C:\WINDOWS\System32\Tbn.exe C:\WINDOWS\Hpn.exe C:\WINDOWS\System32\Abi.exe C:\WINDOWS\Nph.exe C:\WINDOWS\System32\Utg.exe C:\WINDOWS\System32\Tbo.exe C:\WINDOWS\System32\Vhc.exe C:\WINDOWS\System32\Pef.exe C:\WINDOWS\System32\Kum.exe C:\WINDOWS\Kmb.exe C:\WINDOWS\Dst.exe C:\WINDOWS\Lpl.exe C:\WINDOWS\System32\Kdh.exe C:\WINDOWS\Hqs.exe C:\WINDOWS\Nud.exe C:\WINDOWS\System32\Pid.exe C:\WINDOWS\System32\Rvv.exe C:\WINDOWS\System32\Qct.exe C:\WINDOWS\Dvo.exe C:\WINDOWS\Eil.exe C:\WINDOWS\System32\Emt.exe C:\WINDOWS\Ega.exe C:\WINDOWS\Chn.exe C:\WINDOWS\System32\Pvd.exe C:\WINDOWS\System32\Afv.exe C:\WINDOWS\System32\Jro.exe C:\WINDOWS\Das.exe C:\WINDOWS\System32\Apl.exe C:\WINDOWS\Nfk.exe ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log...... Last edited by Pancake; March 14th, 2005 at 01:15 AM.
|
|
#11
March 14th, 2005, 08:16 PM
|
||||
|
||||
|
Pancake,
Here is the latest........ Logfile of HijackThis v1.99.1 Scan saved at 1:15:21 PM, on 3/14/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\Luv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Messenger\msmsgs.exe C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {01E80717-4175-4937-8EF9-31D8D3BC6FC7} - C:\WINDOWS\System32\ccok.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Fdb] C:\WINDOWS\Luv.exe O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\System32\Fsv.exe O4 - HKLM\..\Run: [Cin] C:\WINDOWS\Suu.exe O4 - HKLM\..\Run: [Sun] C:\WINDOWS\Ngk.exe O4 - HKLM\..\Run: [Nvo] C:\WINDOWS\Adi.exe O4 - HKLM\..\Run: [Eoo] C:\WINDOWS\Dpb.exe O4 - HKLM\..\Run: [Bbf] C:\WINDOWS\Ckh.exe O4 - HKLM\..\Run: [Odt] C:\WINDOWS\Plb.exe O4 - HKLM\..\Run: [Mtl] C:\WINDOWS\Bqt.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Fdb] C:\WINDOWS\Luv.exe O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\System32\Fsv.exe O4 - HKCU\..\Run: [Cin] C:\WINDOWS\Suu.exe O4 - HKCU\..\Run: [Sun] C:\WINDOWS\Ngk.exe O4 - HKCU\..\Run: [Nvo] C:\WINDOWS\Adi.exe O4 - HKCU\..\Run: [Eoo] C:\WINDOWS\Dpb.exe O4 - HKCU\..\Run: [Bbf] C:\WINDOWS\Ckh.exe O4 - HKCU\..\Run: [Odt] C:\WINDOWS\Plb.exe O4 - HKCU\..\Run: [Mtl] C:\WINDOWS\Bqt.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
|
#12
March 15th, 2005, 02:23 AM
|
|||
|
|||
|
[COLOR=Blue]Hi..nearly done
Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed. C:\WINDOWS\Luv.exe C:\WINDOWS\System32\Fsv.exe C:\WINDOWS\Suu.exe C:\WINDOWS\Ngk.exe C:\WINDOWS\Adi.exe C:\WINDOWS\Dpb.exe C:\WINDOWS\Ckh.exe C:\WINDOWS\Plb.exe C:\WINDOWS\Bqt.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {01E80717-4175-4937-8EF9-31D8D3BC6FC7} - C:\WINDOWS\System32\ccok.dll (file missing) O4 - HKLM\..\Run: [Fdb] C:\WINDOWS\Luv.exe O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\System32\Fsv.exe O4 - HKLM\..\Run: [Cin] C:\WINDOWS\Suu.exe O4 - HKLM\..\Run: [Sun] C:\WINDOWS\Ngk.exe O4 - HKLM\..\Run: [Nvo] C:\WINDOWS\Adi.exe O4 - HKLM\..\Run: [Eoo] C:\WINDOWS\Dpb.exe O4 - HKLM\..\Run: [Bbf] C:\WINDOWS\Ckh.exe O4 - HKLM\..\Run: [Odt] C:\WINDOWS\Plb.exe O4 - HKLM\..\Run: [Mtl] C:\WINDOWS\Bqt.exe O4 - HKCU\..\Run: [Fdb] C:\WINDOWS\Luv.exe O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\System32\Fsv.exe O4 - HKCU\..\Run: [Cin] C:\WINDOWS\Suu.exe O4 - HKCU\..\Run: [Sun] C:\WINDOWS\Ngk.exe O4 - HKCU\..\Run: [Nvo] C:\WINDOWS\Adi.exe O4 - HKCU\..\Run: [Eoo] C:\WINDOWS\Dpb.exe O4 - HKCU\..\Run: [Bbf] C:\WINDOWS\Ckh.exe O4 - HKCU\..\Run: [Odt] C:\WINDOWS\Plb.exe O4 - HKCU\..\Run: [Mtl] C:\WINDOWS\Bqt.exe ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed). C:\WINDOWS\Luv.exe C:\WINDOWS\System32\Fsv.exe C:\WINDOWS\Suu.exe C:\WINDOWS\Ngk.exe C:\WINDOWS\Adi.exe C:\WINDOWS\Dpb.exe C:\WINDOWS\Ckh.exe C:\WINDOWS\Plb.exe C:\WINDOWS\Bqt.exe ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log......
|
|
#13
March 15th, 2005, 09:19 PM
|
||||
|
||||
|
New log..
Logfile of HijackThis v1.99.1 Scan saved at 2:21:14 PM, on 3/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\Unk.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\Unk.exe O4 - HKLM\..\Run: [Qsc] C:\WINDOWS\Ddl.exe O4 - HKLM\..\Run: [Cla] C:\WINDOWS\System32\Doh.exe O4 - HKLM\..\Run: [Aac] C:\WINDOWS\System32\Iuu.exe O4 - HKLM\..\Run: [Dtp] C:\WINDOWS\System32\Urn.exe O4 - HKLM\..\Run: [Ilc] C:\WINDOWS\Elp.exe O4 - HKLM\..\Run: [Fqh] C:\WINDOWS\Hca.exe O4 - HKLM\..\Run: [Hqq] C:\WINDOWS\System32\Vgn.exe O4 - HKLM\..\Run: [Kja] C:\WINDOWS\Bls.exe O4 - HKLM\..\Run: [Fje] C:\WINDOWS\Mln.exe O4 - HKLM\..\Run: [Lag] C:\WINDOWS\System32\Qmc.exe O4 - HKLM\..\Run: [Hko] C:\WINDOWS\System32\Mbk.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\Unk.exe O4 - HKCU\..\Run: [Qsc] C:\WINDOWS\Ddl.exe O4 - HKCU\..\Run: [Cla] C:\WINDOWS\System32\Doh.exe O4 - HKCU\..\Run: [Aac] C:\WINDOWS\System32\Iuu.exe O4 - HKCU\..\Run: [Dtp] C:\WINDOWS\System32\Urn.exe O4 - HKCU\..\Run: [Ilc] C:\WINDOWS\Elp.exe O4 - HKCU\..\Run: [Fqh] C:\WINDOWS\Hca.exe O4 - HKCU\..\Run: [Hqq] C:\WINDOWS\System32\Vgn.exe O4 - HKCU\..\Run: [Kja] C:\WINDOWS\Bls.exe O4 - HKCU\..\Run: [Fje] C:\WINDOWS\Mln.exe O4 - HKCU\..\Run: [Lag] C:\WINDOWS\System32\Qmc.exe O4 - HKCU\..\Run: [Hko] C:\WINDOWS\System32\Mbk.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
|
#14
March 16th, 2005, 01:46 AM
|
|||
|
|||
|
Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed and that you have HJT v1.99.1.If you don't understand please ask before proceeding with the fixes. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed. C:\WINDOWS\Unk.exe C:\WINDOWS\Ddl.exe C:\WINDOWS\System32\Doh.exe C:\WINDOWS\System32\Iuu.exe C:\WINDOWS\System32\Urn.exe C:\WINDOWS\Elp.exe C:\WINDOWS\Hca.exe C:\WINDOWS\System32\Vgn.exe C:\WINDOWS\Bls.exe C:\WINDOWS\Mln.exe C:\WINDOWS\System32\Qmc.exe C:\WINDOWS\System32\Mbk.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\Unk.exe O4 - HKLM\..\Run: [Qsc] C:\WINDOWS\Ddl.exe O4 - HKLM\..\Run: [Cla] C:\WINDOWS\System32\Doh.exe O4 - HKLM\..\Run: [Aac] C:\WINDOWS\System32\Iuu.exe O4 - HKLM\..\Run: [Dtp] C:\WINDOWS\System32\Urn.exe O4 - HKLM\..\Run: [Ilc] C:\WINDOWS\Elp.exe O4 - HKLM\..\Run: [Fqh] C:\WINDOWS\Hca.exe O4 - HKLM\..\Run: [Hqq] C:\WINDOWS\System32\Vgn.exe O4 - HKLM\..\Run: [Kja] C:\WINDOWS\Bls.exe O4 - HKLM\..\Run: [Fje] C:\WINDOWS\Mln.exe O4 - HKLM\..\Run: [Lag] C:\WINDOWS\System32\Qmc.exe O4 - HKLM\..\Run: [Hko] C:\WINDOWS\System32\Mbk.exe O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\Unk.exe O4 - HKCU\..\Run: [Qsc] C:\WINDOWS\Ddl.exe O4 - HKCU\..\Run: [Cla] C:\WINDOWS\System32\Doh.exe O4 - HKCU\..\Run: [Aac] C:\WINDOWS\System32\Iuu.exe O4 - HKCU\..\Run: [Dtp] C:\WINDOWS\System32\Urn.exe O4 - HKCU\..\Run: [Ilc] C:\WINDOWS\Elp.exe O4 - HKCU\..\Run: [Fqh] C:\WINDOWS\Hca.exe O4 - HKCU\..\Run: [Hqq] C:\WINDOWS\System32\Vgn.exe O4 - HKCU\..\Run: [Kja] C:\WINDOWS\Bls.exe O4 - HKCU\..\Run: [Fje] C:\WINDOWS\Mln.exe O4 - HKCU\..\Run: [Lag] C:\WINDOWS\System32\Qmc.exe O4 - HKCU\..\Run: [Hko] C:\WINDOWS\System32\Mbk.exe ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed). C:\WINDOWS\Unk.exe C:\WINDOWS\Ddl.exe C:\WINDOWS\System32\Doh.exe C:\WINDOWS\System32\Iuu.exe C:\WINDOWS\System32\Urn.exe C:\WINDOWS\Elp.exe C:\WINDOWS\Hca.exe C:\WINDOWS\System32\Vgn.exe C:\WINDOWS\Bls.exe C:\WINDOWS\Mln.exe C:\WINDOWS\System32\Qmc.exe C:\WINDOWS\System32\Mbk.exe ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log......
|
|
#15
March 16th, 2005, 05:40 PM
|
||||
|
||||
|
Whew! Hope this is it.......
Logfile of HijackThis v1.99.1 Scan saved at 10:40:34 AM, on 3/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Messenger\msmsgs.exe C:\HiJack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102780330687 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Another startpage-DU.dll trojan | littlepete | Malware Removal | 3 | August 8th, 2005 05:25 AM |
| StartPage Trojan help | bigpapa | Malware Removal | 26 | June 15th, 2005 10:18 AM |
| Startpage trojan | gehjl | Malware Removal | 3 | March 16th, 2005 01:50 AM |
| StartPage-DU trojan | awboutch | Malware Removal | 1 | November 8th, 2004 05:32 AM |
| Startpage.4.v Trojan | chris18 | Malware Removal | 2 | June 4th, 2004 12:10 PM |
All times are GMT +1. The time now is 10:17 PM.