Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HOME PAGE HIJACKED [CLOSED]


  • This topic is locked This topic is locked

#1
girii

girii

    Member

  • Member
  • PipPip
  • 13 posts
NEED HLEP MY HOME PAGE HAS BEEN HIJACKED AND I KEEP GETTING POP UPS



Logfile of HijackThis v1.99.1
Scan saved at 10:14:19 PM, on 6/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SDKEI.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IELU.EXE
D:\SPYWARE NUKER 2004\SWN2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\IDA\IDA.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qlaan.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {1995DD3F-2E2B-50AB-908D-9CDED6E2D0CB} - C:\WINDOWS\NTZU.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_6_2_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Internet Download Accelerator] D:\IDA\IDA.EXE -autorun
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [IELU.EXE] C:\WINDOWS\SYSTEM\IELU.EXE
O4 - HKLM\..\Run: [Spyware Nuker] D:\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SDKEI.EXE] C:\WINDOWS\SDKEI.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab



HELP GIRII
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi girii and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ahhhhhhhhhhhhhhhhhhhhhhhhhhh i got help yes i definetly need help and i aam work and will go home within 2 hrs and will post you the hijack log..........tks a ton no million.....girii
  • 0

#4
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hai excal

tks first of all for the response:

here is mylog and await your instructions:

Logfile of HijackThis v1.99.1
Scan saved at 7:30:56 PM, on 6/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SDKRQ.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\IDA\IDA.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {1995DD3F-2E2B-50AB-908D-9CDED6E2D0CB} - C:\WINDOWS\NTZU.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_6_2_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [SDKRQ.EXE] C:\WINDOWS\SYSTEM\SDKRQ.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SDKEI.EXE] C:\WINDOWS\SDKEI.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab



I am not so very affluent with computer...pls guide me step by step
Girii
  • 0

#5
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hai excal this is mylog


Logfile of HijackThis v1.99.1
Scan saved at 7:30:56 PM, on 6/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SDKRQ.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\IDA\IDA.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {1995DD3F-2E2B-50AB-908D-9CDED6E2D0CB} - C:\WINDOWS\NTZU.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_6_2_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [SDKRQ.EXE] C:\WINDOWS\SYSTEM\SDKRQ.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SDKEI.EXE] C:\WINDOWS\SDKEI.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab

i am not well versed with computers pls guide me
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi girii and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS


Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save programs to your desktop for easy access.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)


Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lwksw.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1995DD3F-2E2B-50AB-908D-9CDED6E2D0CB} - C:\WINDOWS\NTZU.DLL
O4 - HKLM\..\Run: [SDKRQ.EXE] C:\WINDOWS\SYSTEM\SDKRQ.EXE
O4 - HKLM\..\RunServices: [SDKEI.EXE] C:\WINDOWS\SDKEI.EXE /s


8. click the Fix Checked box

9. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\lwksw.dll
C:\WINDOWS\NTZU.DLL
C:\WINDOWS\SYSTEM\SDKRQ.EXE
C:\WINDOWS\SDKEI.EXE


10. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
11. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#7
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hai excal i am here....i have done what you ask me to to....now the ie6 is not responding and i am not able to find out sitill pop ups are comming in ie.

i am at present using firefox browser to send this message... but certainly the system seems to be fast...sign of the fella out i think pls chek my log and advice


Logfile of HijackThis v1.99.1
Scan saved at 7:32:54 AM, on 6/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
D:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\POPUPKILLER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\IDA\IDA.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_6_2_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] D:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab

Girii
  • 0

#8
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry sorry my other logs

sp sehjfix log:

(6/28/05 7:55:59 PM) SPSeHjFix started v1.1.2
(6/28/05 7:55:59 PM) OS: Win98SE A (4.10.2222)
(6/28/05 7:55:59 PM) Language: english
(6/28/05 7:55:59 PM) Win-Path: C:\WINDOWS
(6/28/05 7:55:59 PM) System-Path: C:\WINDOWS\SYSTEM
(6/28/05 7:55:59 PM) Temp-Path: C:\WINDOWS\TEMP\
(6/28/05 7:56:01 PM) Disinfection started
(6/28/05 7:56:01 PM) Bad-Dll(IEP): (not found)
(6/28/05 7:56:01 PM) Bad-Dll(IEP) in BHO: (not found)
(6/28/05 7:56:01 PM) UBF: 4 - UBB: 1 - UBR: 14
(6/28/05 7:56:01 PM) UBF: 4 - UBB: 1 - UBR: 14
(6/28/05 7:56:01 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(6/28/05 7:56:01 PM) Stealth-String not found
(6/28/05 7:56:01 PM) Not infected->END


(6/28/05 9:24:04 PM) SPSeHjFix started v1.1.2
(6/28/05 9:24:04 PM) OS: Win98SE A (4.10.2222)
(6/28/05 9:24:04 PM) Language: english
(6/28/05 9:24:04 PM) Win-Path: C:\WINDOWS
(6/28/05 9:24:04 PM) System-Path: C:\WINDOWS\SYSTEM
(6/28/05 9:24:04 PM) Temp-Path: C:\WINDOWS\TEMP\
(6/28/05 9:24:06 PM) Disinfection started
(6/28/05 9:24:06 PM) Bad-Dll(IEP): (not found)
(6/28/05 9:24:06 PM) Bad-Dll(IEP) in BHO: (not found)
(6/28/05 9:24:06 PM) UBF: 4 - UBB: 0 - UBR: 12
(6/28/05 9:24:06 PM) UBF: 4 - UBB: 0 - UBR: 12
(6/28/05 9:24:06 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(6/28/05 9:24:06 PM) Stealth-String not found
(6/28/05 9:24:06 PM) Not infected->END


about buster log:


AboutBuster 5.0 reference file 30
Scan started on [6/28/05] at [7:53:34 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Error Removing ! : C:\Windows\crsxsz.dat
Removed File! : C:\Windows\wevqut.dat
Error Removing ! : C:\Windows\ntzu.dll
Removed File! : C:\Windows\sysbl.exe
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:53:40 PM


AboutBuster 5.0 reference file 30
Scan started on [6/28/05] at [9:22:41 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\crsxsz.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:22:42 PM


unable to run panda as ie browser is not responding:

girii
  • 0

#9
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
This online scanner should work with Firefox.

http://uk.trendmicro...call_launch.php
  • 0

#10
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hai excal i tried to go to the link and ii downloaded the java downloads it is getting updated but not scanning and i tried without norton (by disabling and also disabled fire wall plus) but it is not scanning what do i do now


girii
  • 0

Advertisements


#11
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
this is the log on java

Java Plug-in 1.5.0_01
Using JRE version 1.5.0_01 Java HotSpot™ Client VM
User home directory = C:\WINDOWS


----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

Using Forwarder (Version 2)
Updating the core
Updating the core-libraries
Updating the html-part
Updating the skin
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Client-Stream-Protocol Version:1.2
Engine-Update Finished!
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Retrying Update
Warning, the update process is still running, aborting..
..and restarting now!
Downloaded Additional Pattern file (dcs) is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.C$3.run(Unknown Source)
Updateing Engine:windows
Updating Pattern using full-version
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Trying to close the process
9
Downloaded Pattern file is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Trying to close the process
9
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Downloaded Pattern file is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Client-Stream-Protocol Version:1.2
Engine-Update Finished!
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
C:\WINDOWS\.housecall\resource\pattern\additionals\tscptn.zip|tscptn.zip
Downloaded Additional Pattern file (dcs) is corrupt, or could not be found.java.io.IOException: Could not find the zip-file!
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.C$3.run(Unknown Source)
Trying to close the process
8
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Trying to close the process
9
Downloaded Pattern file is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
java.lang.ThreadDeath
at java.lang.Thread.stop(Unknown Source)
at java.lang.ThreadGroup.stopOrSuspend(Unknown Source)
at java.lang.ThreadGroup.stop(Unknown Source)
at sun.awt.AppContext.dispose(Unknown Source)
at sun.applet.AppletClassLoader.release(Unknown Source)
at sun.plugin.security.PluginClassLoader.release(Unknown Source)
at sun.applet.AppletPanel.release(Unknown Source)
at sun.applet.AppletPanel.sendEvent(Unknown Source)
at sun.plugin.AppletViewer.onPrivateClose(Unknown Source)
at sun.plugin.AppletViewer$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.ThreadDeath
at java.lang.Thread.stop(Unknown Source)
at java.lang.ThreadGroup.stopOrSuspend(Unknown Source)
at java.lang.ThreadGroup.stop(Unknown Source)
at sun.awt.AppContext.dispose(Unknown Source)
at sun.applet.AppletClassLoader.release(Unknown Source)
at sun.plugin.security.PluginClassLoader.release(Unknown Source)
at sun.applet.AppletPanel.release(Unknown Source)
at sun.applet.AppletPanel.sendEvent(Unknown Source)
at sun.plugin.AppletViewer.onPrivateClose(Unknown Source)
at sun.plugin.AppletViewer$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Downloaded Pattern file is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Trying to close the process
9
Downloaded Pattern file is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: The system cannot find the file specified
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.G$1.run(Unknown Source)
Client-Stream-Protocol Version:1.2
Engine-Update Finished!
Downloaded Pattern file is corrupt, or could not be found.java.util.zip.ZipException: error in opening zip file
C:\WINDOWS\.housecall\resource\pattern\additionals\tscptn.zip|tscptn.zip
Downloaded Additional Pattern file (dcs) is corrupt, or could not be found.java.io.IOException: Could not find the zip-file!
java.io.IOException: Could not find the zip-file!
at com.trendmicro.web.housecall.network.B.B.B(Unknown Source)
at com.trendmicro.web.housecall.network.B.C$3.run(Unknown Source)
Using Forwarder (Version 2)
Runtime.exec(C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe -jar "C:\WINDOWS\.housecall/housecall-client.jar");
Updateing Engine:windows
Updating Pattern using full-version
Client-Stream-Protocol Version:1.2
Engine-Update Finished!
Trying to close the process
9
Downloaded Additional Pattern file (dcs) is corrupt, or could not be found.java.io.IOException: Transfer was aborted!
java.io.IOException: Transfer was aborted!
at com.trendmicro.web.housecall.network.B.B.A(Unknown Source)
at com.trendmicro.web.housecall.network.B.C$3.run(Unknown Source)


girii
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok, u really need to update your windows, that might be part of the problem, but first see if you can repair your IE.


Go to this link and follow the instructions and see how you make out.
http://support.earth...0/8458.psc.html

:tazz:

Excal
  • 0

#13
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
that may not work with ie6 on windows 98....

please look for a folder called

c:\windows update files

there?

Is there a file in there called ie6setup.exe?
  • 0

#14
girii

girii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Excal,

I have updated IE but I am not able to find Panda online,after executing panda it deducted 1 infected and 1 suspecious, after this phase it is hanging, I left the system idle for more than 24 hours to see if anything happens, but no results apperared, becoz of that I am not able to communicate to you. For your reference, I have copied the log details, please find it below and suggest me the necessary.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:09 AM, on 7/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
D:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\POPUPKILLER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\PROGRA~1\ASHAMPOO\ASHAMP~1\POPUP.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_6_2_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] D:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

  • 0

#15
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello girii,
Excal is having problems with his Internet so I am taking over for him :tazz:

Please run a full system scan with Ad-Aware SE:

Full Ad-Aware Scan
Please download from here:
Ad-Aware SE
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom left side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.

Post a new HiJackThis log into this topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP