Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My HiJack This Log [CLOSED]

Started by idiot09 , Jul 03 2005 12:07 AM

  • This topic is locked This topic is locked

#1
idiot09
Posted 03 July 2005 - 12:07 AM

idiot09

    New Member

  • Member
  • Pip
  • 3 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:43:11 PM, on 07/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hulurr.exe
C:\WINDOWS\System32\aclsdba.exe
C:\WINDOWS\System32\xtddbg.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\The NewCraig Kuhnert\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsz682.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EFE2401F-58EB-970A-B52C-25B8387442DA} - C:\WINDOWS\iejk.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysgb.exe] C:\WINDOWS\sysgb.exe
O4 - HKLM\..\Run: [20C.tmp] C:\DOCUME~1\THENEW~1\LOCALS~1\Temp\20C.tmp.exe 0 10001
O4 - HKLM\..\Run: [MFp] C:\documents and settings\the newcraig kuhnert\local settings\temp\MFp.exe
O4 - HKLM\..\Run: [rasY97r] C:\documents and settings\the newcraig kuhnert\local settings\temp\rasY97r.exe
O4 - HKLM\..\Run: [B4eJR3G0z] C:\documents and settings\the newcraig kuhnert\local settings\temp\B4eJR3G0z.exe
O4 - HKLM\..\Run: [yYQzWUSx] C:\documents and settings\the newcraig kuhnert\local settings\temp\yYQzWUSx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run
O4 - HKLM\..\Run: [4F3P34Q] aclsdba.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - HKCU\..\Run: [LosFRQc7j] xtddbg.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Ready Fire\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuwe...LDownloader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...4/pool/pool.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldw...ool/h2hpool.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\javazy.exe (file missing)
  • 0

Advertisements

#2
Rawe
Posted 03 July 2005 - 03:45 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

I'm now working on your log.. As soon as someone check's my reply, I'll get back to you.
Thanks for your patience.

- Rawe :tazz:
  • 0

#3
Rawe
Posted 03 July 2005 - 10:46 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Please print these instructions out, or write them down, as you can't read them during the fix.
Be sure to follow every step.

First, download;

- About:buster

Unzip the contents of AboutBuster.zip and an About:Buster directory will be created.
- Launch About:Buster
- Click "Ok" at the prompt with instructions.
- Click "Update" and then "Check For Update" to launch the update process.
- If any updates exist please download them by clicking "Download Update". After this, exit the updating window.
- Now please close About:Buster

- Spybot S&D

- Ad-Aware SE Personal

- Clean Up

Run the CleanUp installer. You dont need to do anything else with it right now.

- CWShredder v 2.15

When the CWShredder is installed, please launch it, check for any updates, and close it. Don't Run A Scan Yet!


=> An tutorial for SpyBot
=> An tutorial for Ad-aware
Run the programs, as instructed on those links. ;)


After you have done that all, please run at least two of these free online scans here (Use the Auto-clean option);
- Trend Micro
- BitDefender
- RAV
- Kaspersky
- Jotti Virusscan
- F-secure


Please, now run CWShredder v 2.15. Use the "Fix" - button.

Disconnect from the internet. {for broadband/cable users, it is recommended that you disconnect the cable connection}

Please boot up into Safe Mode.

While rebooting your computer, tap f8 continuosly. A menu should come up, choose to go to Safe Mode.

While at Safe Mode, please run About:Buster;

Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
Click "Yes" to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it.
When the scan has finished, and log saved, please reboot your computer to Safe Mode again.

Ok, now run About:Buster again without the reboot in the end.


Now do this;
Click Start => Run => and type in;

services.msc

Click "OK".

In the services window find service; Network Security Service (NSS)
Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.


Run HJT. Close any other open windows.

Just hit the button to "Scan". When finished, please check these objects for removal;


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsz682.dll
O2 - BHO: (no name) - {EFE2401F-58EB-970A-B52C-25B8387442DA} - C:\WINDOWS\iejk.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [sysgb.exe] C:\WINDOWS\sysgb.exe
O4 - HKLM\..\Run: [20C.tmp] C:\DOCUME~1\THENEW~1\LOCALS~1\Temp\20C.tmp.exe 0 10001
O4 - HKLM\..\Run: [MFp] C:\documents and settings\the newcraig kuhnert\local settings\temp\MFp.exe
O4 - HKLM\..\Run: [rasY97r] C:\documents and settings\the newcraig kuhnert\local settings\temp\rasY97r.exe
O4 - HKLM\..\Run: [B4eJR3G0z] C:\documents and settings\the newcraig kuhnert\local settings\temp\B4eJR3G0z.exe
O4 - HKLM\..\Run: [yYQzWUSx] C:\documents and settings\the newcraig kuhnert\local settings\temp\yYQzWUSx.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run
O4 - HKLM\..\Run: [4F3P34Q] aclsdba.exe
O4 - HKCU\..\Run: [LosFRQc7j] xtddbg.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\javazy.exe (file missing)


Run HiJackThis;

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:



C:\WINDOWS\System32\hulurr.exe
C:\WINDOWS\System32\aclsdba.exe
C:\WINDOWS\System32\xtddbg.exe



Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.


Using Windows Explorer, locate the following files and delete them (if found);

C:\WINDOWS\System32\richedtr.dll
C:\documents and settings\the newcraig kuhnert\local settings\temp\yYQzWUSx.exe
C:\WINDOWS\System32\nsz682.dll
C:\WINDOWS\System32\PSof1.exe
C:\Program Files\Cas <-- Entire folder
aclsdba.exe
xtddbg.exe
C:\WINDOWS\sysgb.exe


Run CleanUp! Be sure to reboot your PC when prompted.
Boot your Windows to normal mode. Run a new scan with HJT. Connect back to the internet when the scan has finished, so that you can post the fresh HJT log along with the log from About:Buster.

We'll continue then.


- Rawe :tazz:

Edited by Rawe, 03 July 2005 - 10:57 AM.

  • 0

#4
idiot09
Posted 04 July 2005 - 12:54 AM

idiot09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
well, i followed your instructions, i hope i did it correctly....here are my logs
Logfile of HijackThis v1.99.1
Scan saved at 11:48:34 PM, on 07/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rcuc.exe
C:\Documents and Settings\The NewCraig Kuhnert\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Ready Fire\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuwe...LDownloader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...4/pool/pool.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldw...ool/h2hpool.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

and here is my About:Buster........
AboutBuster 5.0 reference file 30
Scan started on [07/03/2005] at [11:15:38 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\A message to outer space.SCR:qcdztb
Removed Stream! C:\WINDOWS\Active Setup Log.BAK:fyrtvc
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:bouktl
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:vskovf
Removed Stream! C:\WINDOWS\cdplayer.ini:yhqcct
Removed Stream! C:\WINDOWS\CLOCK.AVI:fifbsg
Removed Stream! C:\WINDOWS\CLOCK.AVI:rkdobm
Removed Stream! C:\WINDOWS\CLOCK.AVI:tofpnw
Removed Stream! C:\WINDOWS\clozr.txt:osctxh
Removed Stream! C:\WINDOWS\clozr.txt:qhahev
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:jlouwo
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:xjygui
Removed Stream! C:\WINDOWS\COMSETUP.LOG:mxvxwi
Removed Stream! C:\WINDOWS\CONTROL.INI:mpxdpg
Removed Stream! C:\WINDOWS\cwxeu.dll:tjlaaq
Removed Stream! C:\WINDOWS\czcbj.log:cgqgro
Removed Stream! C:\WINDOWS\czcbj.log:ikbzid
Removed Stream! C:\WINDOWS\d3dl32.dll:pdzpjm
Removed Stream! C:\WINDOWS\DESKTOP.INI:hesvlp
Removed Stream! C:\WINDOWS\DtcInstall.log:ximehl
Removed Stream! C:\WINDOWS\dwogr.txt:kvakmr
Removed Stream! C:\WINDOWS\eqvpl.txt:sfvnhj
Removed Stream! C:\WINDOWS\eReg.dat:cwlygt
Removed Stream! C:\WINDOWS\EXPLORER.EXE:ptrucv
Removed Stream! C:\WINDOWS\EXPLORER.SCF:qbejkw
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:hujixg
Removed Stream! C:\WINDOWS\gjvlc.txt:sucnrq
Removed Stream! C:\WINDOWS\Greenstone.bmp:amcjjc
Removed Stream! C:\WINDOWS\GREUninstall.exe:pqjose
Removed Stream! C:\WINDOWS\hzvlj.dll:eycffu
Removed Stream! C:\WINDOWS\hzvlj.dll:fnnbpx
Removed Stream! C:\WINDOWS\hzvlj.dll:nnrsnc
Removed Stream! C:\WINDOWS\ieuw.dll:lonbfp
Removed Stream! C:\WINDOWS\ieuw.dll:xzvsiw
Removed Stream! C:\WINDOWS\INSP-8X6.BMP:dpyhzz
Removed Stream! C:\WINDOWS\INSP-8X6.BMP:pagxch
Removed Stream! C:\WINDOWS\INSP-8X6.BMP:qoggji
Removed Stream! C:\WINDOWS\iPlayer.INI:gojxhm
Removed Stream! C:\WINDOWS\IsUninst.exe:yocdjx
Removed Stream! C:\WINDOWS\kmyvh.txt:rpmidz
Removed Stream! C:\WINDOWS\ldqud.dll:yfvjmm
Removed Stream! C:\WINDOWS\LUINSTALL.LOG:rgnpow
Removed Stream! C:\WINDOWS\lzsgm.log:ikyspv
Removed Stream! C:\WINDOWS\metawrds.lst:efmxkc
Removed Stream! C:\WINDOWS\ModemLog_Actiontec MD56ORD V92 MDC Modem.txt:adrfjg
Removed Stream! C:\WINDOWS\MSDFMAP.INI:pnvfxg
Removed Stream! C:\WINDOWS\msoffice.ini:mczwr
Removed Stream! C:\WINDOWS\mvgqr.log:aamuvz
Removed Stream! C:\WINDOWS\nem220.dll:aozptt
Removed Stream! C:\WINDOWS\NOTEPAD.EXE:lbpfrl
Removed Stream! C:\WINDOWS\noxqk.dll:bufxhl
Removed Stream! C:\WINDOWS\noxqk.dll:xtnaez
Removed Stream! C:\WINDOWS\nqghu.log:ncblwi
Removed Stream! C:\WINDOWS\nsreg.dat:dcislw
Removed Stream! C:\WINDOWS\ntdtcsetup.log:lpkipo
Removed Stream! C:\WINDOWS\OCGEN.LOG:aviyuw
Removed Stream! C:\WINDOWS\OCGEN.LOG:loamrw
Removed Stream! C:\WINDOWS\OEWABLog.txt:dolrlg
Removed Stream! C:\WINDOWS\orun32.isu:lpswnf
Removed Stream! C:\WINDOWS\orun32.isu:noohdi
Removed Stream! C:\WINDOWS\orun32.isu:wpdenq
Removed Stream! C:\WINDOWS\pcngx.log:cgaipc
Removed Stream! C:\WINDOWS\pcngx.log:uegvyk
Removed Stream! C:\WINDOWS\pdsfo.dll:widojs
Removed Stream! C:\WINDOWS\polfi.txt:avqdlh
Removed Stream! C:\WINDOWS\polfi.txt:yizszc
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:ltsqil
Removed Stream! C:\WINDOWS\ptpwf.log:grjkkq
Removed Stream! C:\WINDOWS\Q308677.log:nilamo
Removed Stream! C:\WINDOWS\Q308677.log:qirxun
Removed Stream! C:\WINDOWS\Q310601.log:vjmbng
Removed Stream! C:\WINDOWS\Q310601.log:zxwcns
Removed Stream! C:\WINDOWS\Q311889.log:bjckwp
Removed Stream! C:\WINDOWS\Q311889.log:nqibnp
Removed Stream! C:\WINDOWS\Q313596.log:rtmcgc
Removed Stream! C:\WINDOWS\Q314862.log:ohcfzk
Removed Stream! C:\WINDOWS\Q314862.log:sphppd
Removed Stream! C:\WINDOWS\Q315000.log:fisohz
Removed Stream! C:\WINDOWS\Q315000.log:obfgpq
Removed Stream! C:\WINDOWS\Q315403.log:nokwtp
Removed Stream! C:\WINDOWS\Q316253.log:ghvtuu
Removed Stream! C:\WINDOWS\Q317277.log:dqunkq
Removed Stream! C:\WINDOWS\Q317277.log:qjlujj
Removed Stream! C:\WINDOWS\qpcoh.txt:gpdbns
Removed Stream! C:\WINDOWS\qpcoh.txt:hejdpi
Removed Stream! C:\WINDOWS\qpcoh.txt:vpzazo
Removed Stream! C:\WINDOWS\rebsg.txt:rjgdqh
Removed Stream! C:\WINDOWS\REGEDIT.EXE:gqjfty
Removed Stream! C:\WINDOWS\REGLOCS.OLD:gmdcjq
Removed Stream! C:\WINDOWS\REGOPT.LOG:qqgmkn
Removed Stream! C:\WINDOWS\Rhododendron.bmp:yqctvb
Removed Stream! C:\WINDOWS\River Sumida.bmp:bloegw
Removed Stream! C:\WINDOWS\rnqjx.log:adhqmu
Removed Stream! C:\WINDOWS\rxzin.log:serdgw
Removed Stream! C:\WINDOWS\SAHUninstall.exe:vshaor
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:humeqy
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:rohnfc
Removed Stream! C:\WINDOWS\saxdp.log:lxkjjh
Removed Stream! C:\WINDOWS\SchedLgU.Txt:ntrniu
Removed Stream! C:\WINDOWS\SchedLgU.Txt:rgkbia
Removed Stream! C:\WINDOWS\sdkpu.dll:bgupkk
Removed Stream! C:\WINDOWS\setdebug.exe:gtkske
Removed Stream! C:\WINDOWS\setdebug.exe:jozshn
Removed Stream! C:\WINDOWS\SETPWRCG.EXE:dvzrlr
Removed Stream! C:\WINDOWS\SETPWRCG.EXE:xlmqrd
Removed Stream! C:\WINDOWS\setup.log:tozlgt
Removed Stream! C:\WINDOWS\SETUPACT.LOG:vorwnb
Removed Stream! C:\WINDOWS\SETUPAPI.LOG:lpkqbd
Removed Stream! C:\WINDOWS\SETUPAPI.LOG:pmewtf
Removed Stream! C:\WINDOWS\SETUPERR.LOG:skefsw
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:opkjhe
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:swoxre
Removed Stream! C:\WINDOWS\smscfg.ini:ctubfg
Removed Stream! C:\WINDOWS\smscfg.ini:inpjnq
Removed Stream! C:\WINDOWS\smscfg.ini:mobquu
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:eicvdg
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:klwkuh
Removed Stream! C:\WINDOWS\sqlkx.log:dxhklo
Removed Stream! C:\WINDOWS\sqlkx.log:qcbxxu
Removed Stream! C:\WINDOWS\Sti_Trace.log:anhoqa
Removed Stream! C:\WINDOWS\Sti_Trace.log:vpapnz
Removed Stream! C:\WINDOWS\SynInst.log:oqkuhb
Removed Stream! C:\WINDOWS\SYSTEM.INI:aaapde
Removed Stream! C:\WINDOWS\TWUNK_16.EXE:evibca
Removed Stream! C:\WINDOWS\uneng.exe:xwagek
Removed Stream! C:\WINDOWS\uninst.exe:knajoo
Removed Stream! C:\WINDOWS\urllist.dat:dokpjy
Removed Stream! C:\WINDOWS\urllist.dat:pwtmyu
Removed Stream! C:\WINDOWS\VB.INI:lmzwaq
Removed Stream! C:\WINDOWS\vcgyl.txt:zvtnav
Removed Stream! C:\WINDOWS\vgibd.dll:ixezsx
Removed Stream! C:\WINDOWS\vgibd.dll:vpdclj
Removed Stream! C:\WINDOWS\VMINST.LOG:emzqob
Removed Stream! C:\WINDOWS\wduit.dll:pnrvqm
Removed Stream! C:\WINDOWS\wfwog.txt:wgkkxt
Removed Stream! C:\WINDOWS\WIASERVC.LOG:hocakw
Removed Stream! C:\WINDOWS\WIASERVC.LOG:peztwt
Removed Stream! C:\WINDOWS\Windows Update.log:exagrc
Removed Stream! C:\WINDOWS\Windows Update.log:wpxozi
Removed Stream! C:\WINDOWS\WINHELP.EXE:cqouxj
Removed Stream! C:\WINDOWS\WINHLP32.EXE:oqqtts
Removed Stream! C:\WINDOWS\WINNT.BMP:grigvu
Removed Stream! C:\WINDOWS\WMSysPrx.prx:shwajp
Removed Stream! C:\WINDOWS\wsem302.dll:cjoodn
Removed Stream! C:\WINDOWS\xatgz.txt:rekjid
Removed Stream! C:\WINDOWS\yecwk.dat:vjsyzm
Removed Stream! C:\WINDOWS\yrjxw.dll:eocgpw
Removed Stream! C:\WINDOWS\ysjzq.txt:ocldbx
Removed Stream! C:\WINDOWS\Zapotec.bmp:lpiiyq
Removed Stream! C:\WINDOWS\Zapotec.bmp:yckurr
Removed Stream! C:\WINDOWS\ztdtv.txt:bijoca
Removed Stream! C:\WINDOWS\ztdtv.txt:xictfm
------------------------------------------------
Removed File! : C:\Windows\aczvj.dat
Removed File! : C:\Windows\ascxo.dat
Removed File! : C:\Windows\azbzt.dat
Removed File! : C:\Windows\ccotv.dat
Removed File! : C:\Windows\chdws.dat
Removed File! : C:\Windows\cmnla.dat
Removed File! : C:\Windows\erelj.dat
Removed File! : C:\Windows\fekrl.dat
Removed File! : C:\Windows\fjiig.dat
Removed File! : C:\Windows\ipvif.dat
Removed File! : C:\Windows\krmkj.dat
Removed File! : C:\Windows\mfsjz.dat
Removed File! : C:\Windows\mqzsw.dat
Removed File! : C:\Windows\mzjnq.dat
Removed File! : C:\Windows\nekxp.dat
Removed File! : C:\Windows\ntsqh.dat
Removed File! : C:\Windows\rdlqc.dat
Removed File! : C:\Windows\shqdo.dat
Removed File! : C:\Windows\sjwtz.dat
Removed File! : C:\Windows\uhnue.dat
Removed File! : C:\Windows\uptxk.dat
Removed File! : C:\Windows\wlulh.dat
Removed File! : C:\Windows\wmxkk.dat
Removed File! : C:\Windows\yfnql.dat
Removed File! : C:\Windows\System32\aaayk.dat
Removed File! : C:\Windows\System32\bojrq.dat
Removed File! : C:\Windows\System32\ccdhx.dat
Removed File! : C:\Windows\System32\clblh.dat
Removed File! : C:\Windows\System32\dnfdb.dat
Removed File! : C:\Windows\System32\drjjg.dat
Removed File! : C:\Windows\System32\dwsmt.dat
Removed File! : C:\Windows\System32\fmldj.dat
Removed File! : C:\Windows\System32\hfith.dat
Removed File! : C:\Windows\System32\hfpta.dat
Removed File! : C:\Windows\System32\hoarb.dat
Removed File! : C:\Windows\System32\jjaes.dat
Removed File! : C:\Windows\System32\lclih.dat
Removed File! : C:\Windows\System32\ngwow.dat
Removed File! : C:\Windows\System32\opiwx.dat
Removed File! : C:\Windows\System32\pnqpe.dat
Removed File! : C:\Windows\System32\ptlnw.dat
Removed File! : C:\Windows\System32\saueo.dat
Removed File! : C:\Windows\System32\tzzhw.dat
Removed File! : C:\Windows\System32\ucyzp.dat
Removed File! : C:\Windows\System32\vdact.dat
Removed File! : C:\Windows\System32\vnfqu.dat
Removed File! : C:\Windows\System32\welhp.dat
Removed File! : C:\Windows\System32\wjrqa.dat
Removed File! : C:\Windows\System32\yjqgw.dat
Removed File! : C:\Windows\System32\zpdld.dat
Removed File! : C:\Windows\System32\zptxv.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:16:28 PM


AboutBuster 5.0 reference file 30
Scan started on [07/03/2005] at [11:19:40 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:20:07 PM

...................................................................................
thank you very much for the help, let me know if we need to go to Round 2 on this thing,
Craig
  • 0

#5
Rawe
Posted 04 July 2005 - 06:56 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Create a folder named C:\HJT into the Program Files directory. Move HiJackThis.exe to that folder, and remove any other file there might be in your temporary directory of HJT.

Once you have done that, follow instructions below. Print these instructions out too, as you did earlier, because you have to yet AGAIN boot into Safe Mode without networking.

Looking a whole lot better though! ;)

How's your system running?

Ok.. Please disconnect from the internet.

Boot up into Safe Mode again.

Once your Windows has loaded to Safe Mode,

Run a scan with HJT, making sure it is the only program which is currently running at the time. Close any other open windows and/or open browsers.
Once the scan has finished, check these objects for removal;
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run

Make sure that the above mentioned objects are all checked, then hit "Fix Checked".

Using Windows Explorer locate following file and delete it if present;

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rcuc.exe

When you have done that, run CleanUp! again, making sure to reboot when prompted.
When Windows has loaded, run a new scan with HJT, then connect back to the internet so you can post the fresh log here.

- Rawe :tazz:
  • 0

#6
idiot09
Posted 04 July 2005 - 12:00 PM

idiot09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
once again, thank you very much, i haven't been able to play on my computer too much, but it seems to be running much better,
here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 10:57:49 AM, on 07/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hulurr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Ready Fire\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuwe...LDownloader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...4/pool/pool.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldw...ool/h2hpool.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

let me know if we need Round 3
thanks, craig
  • 0

#7
Rawe
Posted 05 July 2005 - 12:33 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again!

Ok, everything else looks fine but this Hulurr.exe - process is driving me nuts. Have you finished ALL my earlier instructions?

Let's continue then.

Run HiJackThis;

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:


C:\WINDOWS\System32\hulurr.exe



Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.


Once you have done that, close ANY open Windows and/or open browsers, making sure that only HJT is running at the time.
Run a scan and check this object for removal;

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hulurr.exe reg_run


Make sure that the above mentioned object is checked, then hit "Fix Checked".


Using Windows Explorer, locate the following file and delete it if present;

C:\WINDOWS\System32\hulurr.exe


Please empty your trash/recycle bin.


Reboot your PC.
Once your Windows has loaded, run yet again new scan with HJT and post that log here.

- Rawe :tazz:


If you have any problems with this process please let me know in your next reply..
  • 0

#8
Rawe
Posted 14 July 2005 - 01:24 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP