Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection Unknown

Started by Anmchaid , Jun 03 2005 01:56 PM

  • Please log in to reply

#1
Anmchaid
Posted 03 June 2005 - 01:56 PM

Anmchaid

    New Member

  • Member
  • Pip
  • 1 posts
Greetings Geeks to Go Staff,

I am unsure as to what the exact infection is but regardless of a variety of options I have been unable to clear the system of whatever damage has been done. I had been reading from your forum and hope that perhaps you will be able to shed some light on fixing this problem.

I began having a problem with Security iGuard I believe. It appeared and the problems began. I followed advice in removing it through various scans, though I am not sure it is gone. My display settings and internet options keep changing as I will receive Display setting errors when starting the PC. My Internet options are changing as the start page I select and apply are changed to a blnk page. There are also several additiong to My Favorites List that no matter how many times deleted, etc return at the next boot or restart. There is a box that appears entitled 'Info" which simply lists a short series of letter and numbers and an 'OK' tab. I have not clicked ok on it but instead ended the program through CTRL-ALT-DEL. Once that program ends a red shield appears in the lower right hand start-up menu which brings about a ballon that tells me my PC is infected by spyware and if I would like to know how to remove it. I have not clicked on it either, but instead ended it in the same manner as the 'Info" program.

I have done the following steps after checking your page on HiJackThis logs:

1) Downloaded and ran CleanUp
2) Downloaded, Uploaded and ran Ad-Aware SE
3) Downloaded and ran the CW Shredder
4) Downloaded, Uploaded and ran the Spybot S&D
5) Downloaded and ran AVG Virus Scanner 7.0 after updates numerous times(as this is the virus scanner that I normally use on the system).
6) Tried scanning in safe mode and the reboot testing
7) DownloadedHiJackThis and ran log which is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:17 PM, on 6/3/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NAV\HOTKEY.EXE
C:\WINDOWS\NETND.EXE
C:\WINDOWS\NTLG.EXE
C:\WINDOWS\SDKON32.EXE
C:\WINDOWS\ATLNV.EXE
C:\WINDOWS\SYSTEM\WINEM.EXE
C:\WINDOWS\SYSTEM\JAVADU.EXE
C:\WINDOWS\SYSTEM\MFCDT32.EXE
C:\WINDOWS\SYSTEM\NETSZ32.EXE
C:\WINDOWS\SYSTEM\SYSUH32.EXE
C:\WINDOWS\SYSTEM\SDKTH32.EXE
C:\WINDOWS\SYSTEM\ATLWR.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\WINDOWS\SYSTEM\CRFF32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\REAL\PLAYER\REALPLAY.EXE
C:\WARNER\WARNER.EXE
C:\CYBERTRIO\SHOWMODE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\JAVAYJ32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\VCI\SEARCHBYMEDIA\SBMPOP.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\PROGRAM FILES\IRIS\ANTIVIRUS\WIMMUN32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\NTFM.EXE
C:\WINDOWS\NETND.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SDKTH32.EXE
C:\WINDOWS\WINKZ.EXE
C:\WINDOWS\SYSTEM\NETSZ32.EXE
C:\WINDOWS\SYSTEM\MFCGV32.EXE
C:\WINDOWS\SYSTEM\CRFF32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\taxfc.dll/sp.html#49977
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\windows\options\systools\cyxid98.exe
O2 - BHO: Class - {13B088F6-86FB-77EE-19B2-0785516A699D} - C:\WINDOWS\SYSTEM\IPDH.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [RealTray] C:\PROGRAM FILES\REAL\PLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Warner] C:\Warner\Warner.exe
O4 - HKLM\..\Run: [CyberTrioModeInfo] C:\CyberTrio\ShowMode.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [WINON.EXE] C:\WINDOWS\SYSTEM\WINON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [JAVAMQ32.EXE] C:\WINDOWS\SYSTEM\JAVAMQ32.EXE
O4 - HKLM\..\Run: [JAVAYJ32.EXE] C:\WINDOWS\JAVAYJ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HOTKEY] C:\PROGRA~1\NAV\hotkey.exe /AUTO /BAR
O4 - HKLM\..\RunServices: [NETND.EXE] C:\WINDOWS\NETND.EXE /s
O4 - HKLM\..\RunServices: [NTLG.EXE] C:\WINDOWS\NTLG.EXE /s
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE /s
O4 - HKLM\..\RunServices: [ATLNV.EXE] C:\WINDOWS\ATLNV.EXE /s
O4 - HKLM\..\RunServices: [WINEM.EXE] C:\WINDOWS\SYSTEM\WINEM.EXE /s
O4 - HKLM\..\RunServices: [JAVADU.EXE] C:\WINDOWS\SYSTEM\JAVADU.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WINDOWS\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [NETSZ32.EXE] C:\WINDOWS\SYSTEM\NETSZ32.EXE /s
O4 - HKLM\..\RunServices: [SYSUH32.EXE] C:\WINDOWS\SYSTEM\SYSUH32.EXE /s
O4 - HKLM\..\RunServices: [SDKTH32.EXE] C:\WINDOWS\SYSTEM\SDKTH32.EXE /s
O4 - HKLM\..\RunServices: [ATLWR.EXE] C:\WINDOWS\SYSTEM\ATLWR.EXE /s
O4 - HKLM\..\RunServices: [NTFM.EXE] C:\WINDOWS\SYSTEM\NTFM.EXE /s
O4 - HKLM\..\RunServices: [CRFF32.EXE] C:\WINDOWS\SYSTEM\CRFF32.EXE /s
O4 - HKLM\..\RunServices: [WINKZ.EXE] C:\WINDOWS\WINKZ.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: iRiS AntiVirus Active Monitor.lnk = C:\Program Files\iRiS\AntiVirus\WIMMUN32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBMPop.lnk = C:\Program Files\vci\SearchByMedia\SBMPop.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Thank you for taking the time to assist me in this matter. I look forward to your reply.

Anmchaid
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP