Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Warning! You're In Danger! background [CLOSED]


  • This topic is locked This topic is locked

#16
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:40:31 PM, on 7/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.savewealt...e6/welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#17
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Ok.. good.. that log is clean again.

Before we start something else for your Internet Explorer... Already tried this option?
http://www.theelderg.../repair_ie6.htm
  • 0

#18
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Can you check something for me please?
Can you look if next file is present?

C:\Windows\system32\rdriv.sys

If so, go to start > run and type:

sc stop rdriv click Ok
sc delete rdriv click OK.

Delete C:\Windows\system32\rdriv.sys

Also..

Open notepad and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4 in it)

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=-


Save this as fix.reg , choose to save as *all files and place it on your desktop. Now doubleclick on it and when it asks you if you want to add the contents to the registry, click yes/ok

Let me know. :tazz:
  • 0

#19
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Something is wrong with my pages loading right. This page loads to where it is just black text and white background and some other pages don't really finish loading. This is getting irritating fizing one problem then I have another. And I tried to fix Iexplore but it still says it is missing. And my SBC Browser is still giving me the ActiveX runaround. :tazz: The only thing I have managed to fix is my desktop background.
  • 0

#20
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Wow I need help. Everytime I go to a website pages come up unfinished, pictures unloaded, etc. What is causing this??
  • 0

#21
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello, is this happening with IE?

As i said before, if you are using firefox, you'll get the error with activeX because activeX is not supported in Firefox.

Can you also tell me what error you exactly get when you load Internet Explorer? Can you be more specific?

Did you find the C:\Windows\system32\rdriv.sys and followed the steps I asked you? The more detailed info you can give me, the better I can help you.
  • 0

#22
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Hello, is this happening with IE?

As i said before, if you are using firefox, you'll get the error with activeX because activeX is not supported in Firefox.

Can you also tell me what error you exactly get when you load Internet Explorer? Can you be more specific?

Did you find the C:\Windows\system32\rdriv.sys and followed the steps I asked you? The more detailed info you can give me, the better I can help you.

View Post


Yes I did everything you said. And after I finished everything my Firefox browser now has problems. It wont load pictures, buttons, avatars, gifs, etc. juss mainly text. I never had any problems with firefox until now. I have only had problems with sbc browser and IE. And I dont think you understand my problem with IE. I cant open it...period. Everytime I click on it it says file is missing.
  • 0

#23
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

That's why I asked you what error you exactly get. If you say just, file missing, I don't know what file is missing. I want to try to understand, but I really need some more info. Do you get the error... iexplore missing? Can you check if there is a file called iexplore.exe in your C:\Program Files\Internet Explorer ??

Also, uninstall your firefox and reinstall it again.

Are you also sure that you deleted rdriv.sys and nothing else than that?
  • 0

#24
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Well whenever I double click on my SBC Yahoo Browser Icon this message comes up.

"Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

And when I double click on my Shortcut to IEXPLORE icon this message comes up.

"Windows cannot find 'C:\Program Files\Internet Explorer\IEXPLORE.EXE'. Make sure you typed the name correctly, and then try again.. To search for a file, click the Start button, and then click Search."
  • 0

#25
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Well I just re-installed Firefox and pictures and things on websites still aren't loading properly. Does this involve java? I will give you an example of what I mean. When I go to Yahoo.com the icons at the top aren't there only the words below them.
  • 0

Advertisements


#26
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
As I said before... activeX doesn't work in Firefox.
When you have that problem with pictures, can't you see a yellow bar at the top to ask you if you want to download and install the plugin? Because with firefox, you need to download and install plugins seperately. Do you have this with all sites? I don't think so.
Another browser is also netscape: http://browser.netscape.com/ns8/

Ok, let's repair your IE first.

It seems like you are missing iexplore.exe. Let's search if there is another iexplore.exe present on your system.

Can you perform next?

Launch Notepad, and copy/paste next bold in it:

dir c:\iexplore.exe /a h /s > ie.txt
start notepad ie.txt


Save it as ie.bat, choose to save as all files and save it on your Desktop.
Double-click on it. It will open Notepad with some text in it. Please post the contents of it in your next reply.

Edited by miekiemoes, 05 July 2005 - 05:10 AM.

  • 0

#27
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

As I said before... activeX doesn't work in Firefox.
When you have that problem with pictures, can't you see a yellow bar at the top to ask you if you want to download and install the plugin? Because with firefox, you need to download and install plugins seperately. Do you have this with all sites? I don't think so.
Another browser is also netscape: http://browser.netscape.com/ns8/

Ok, let's repair your IE first.

It seems like you are missing iexplore.exe. Let's search if there is another iexplore.exe present on your system.

Can you perform next?

Launch Notepad, and copy/paste next bold in it:

dir c:\iexplore.exe /a h /s > ie.txt
start notepad ie.txt


Save it as ie.bat, choose to save as all files and save it on your Desktop.
Double-click on it. It will open Notepad with some text in it. Please post the contents of it in your next reply.

View Post


Volume in drive C has no label.
Volume Serial Number is A0A9-DC57

Is that what you wanted?
  • 0

#28
HelpMe000

HelpMe000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Well I fixed Firefox by downloading some plugins and fixing some options. But still have the IE problem.
  • 0

#29
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Good you fixed firefox. :tazz:
Was just a matter of missing plugins. ;)

Seems like there is no other iexplore.exe present on your system.
What happened before that problem started with your IE? When did you get that error it couldn't find it? Is it possible a virusscanner or antispywarescanner deleted it because it was infected?
Do you have your original XP cd? Because we are going to need it to repair your IE.
Go to start > run and type: sfc /scannow
there's a space beween sfc and /
It will ask your original cd, because I'm pretty sure a lot of files are damaged or deleted because they were infected with the malware present on your system.

If this doesn't help, you need to reinstall Internet explorer again. Read here how to do this:

http://support.micro...8&Product=winxp

Edited by miekiemoes, 05 July 2005 - 05:34 AM.

  • 0

#30
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP