Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Please [resolved]


  • This topic is locked This topic is locked

#1
Reue

Reue

    Member

  • Member
  • PipPip
  • 15 posts
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MIRC\MIRC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0E262BAC-9CB0-11D9-ACB7-0000EFE24F15} - C:\WINDOWS\SYSTEM\FCEA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O18 - Filter: text/html - {0E262BAB-9CB0-11D9-ACB7-0000600BD761} - C:\WINDOWS\SYSTEM\FCEA.DLL
O18 - Filter: text/plain - {0E262BAB-9CB0-11D9-ACB7-0000600BD761} - C:\WINDOWS\SYSTEM\FCEA.DLL
  • 0

Advertisements


#2
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
bump
  • 0

#3
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!
You cut off the top part of your log. Please copy the entire log (everything in the notepad) and paste it here.

Michelle :tazz:
  • 0

#4
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of HijackThis v1.98.2
Scan saved at 09:47:14, on 25/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0E262BAC-9CB0-11D9-ACB7-0000EFE24F15} - C:\WINDOWS\SYSTEM\FCEA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O18 - Filter: text/html - {0E262BAB-9CB0-11D9-ACB7-0000600BD761} - C:\WINDOWS\SYSTEM\FCEA.DLL
O18 - Filter: text/plain - {0E262BAB-9CB0-11D9-ACB7-0000600BD761} - C:\WINDOWS\SYSTEM\FCEA.DLL
  • 0

#5
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sorry to be bumping, but i need help if anyone can help me?
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
First, follow instructions here:
http://securityrespo...moval.tool.html

Then download and run CWShredder from http://www.intermute...r_download.html
  • 0

#7
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Agent B not found

CW Shredder picked up 1 hidden dll but did not fix the problem
  • 0

#8
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
the biggest problem is it automatically redirects to about:blank if trying to open a likn or pop-up in a new window
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
OK. I'm working on a fix. Be right back.
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download the following file:

http://castlecops.co.../FindIt9xME.zip

and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

  • 0

Advertisements


#11
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Unzipped the file and the contents are:

FindIt9xME
Locate
Strings

Which of these do i run?

I will run in when you are next online as my system must be shotdown overnight.
  • 0

#12
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
the findit9xme when run appears to be doing nothing...?
  • 0

#13
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Does it produce a log? I need to see that.
  • 0

#14
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Locate option produces a stupidly long list of what looks like a log of ALL updates to every saved application

Strings option opens an ms dos window but then it closes instantly

and Findit9xME option opens another ms dos window but dosent do anything
  • 0

#15
Reue

Reue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
EDIT - after about half an hour, it produced this log:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 293.00 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 83.30 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 71.57 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 192.03 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 64.46 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSJET35 DLL 1,050,896 09-28-99 9:42p msjet35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSREPL35 DLL 415,504 08-25-99 2:57p msrepl35.dll
MSJINT35 DLL 123,664 06-10-99 9:34a msjint35.dll
MSJTER35 DLL 24,848 06-10-99 9:34a msjter35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
VBAR332 DLL 368,912 04-25-99 5:00p Vbar332.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
11 file(s) 3,361,712 bytes
0 dir(s) 61.40 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 293.00 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 83.30 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 71.57 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 192.03 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 64.46 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3D4C-16DC
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 11-27-03 7:04p folder.htt
DESKTOP INI 266 11-27-03 7:04p desktop.ini
2 file(s) 13,388 bytes
0 dir(s) 61.40 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

------------------ Locate.com Results ------------------

No matches found.

------------------ Locate.com Results ------------------

No matches found.

------------------ Locate.com Results ------------------

No matches found.

------------------ Locate.com Results ------------------

No matches found.

------------------ Locate.com Results ------------------

No matches found.

------------------ Locate.com Results ------------------

No matches found.

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"OmgStartup"="C:\\Program Files\\Common Files\\Sony Shared\\OpenMG\\OmgStartup.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"USBDetector"="C:\\USBStorage\\USBDetector.exe"
"Gene USB Monitor"="C:\\WINDOWS\\SYSTEM\\USBMonit.exe"
"sp"="rundll32 C:\\WINDOWS\\TEMP\\SE.DLL,DllInstall"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP