Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with look today and atdmt


  • Please log in to reply

#16
jdstoll

jdstoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is that log.


Mon 18 Oct 04 23:54:52

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows XP Home Edition 5.1 Service Pack 2 (Build 2600)
*IE version:
6.0.2900.2180 SP2

The type of the file system is NTFS.


MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!

The operation completed successfully
23:54:51.81 Mon 10/18/2004
__________________________________

*Local time:
Monday, October 18, 2004 (10/18/2004)
11:54 PM, Central Daylight Time
*Uptime:
23:54:54 up 0 days, 5:02:25

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group JUSTIN-8MX31211\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Group BUILTIN\Administrators matches list.
Group BUILTIN\Users matches list.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [JUSTIN-8MX31211\Justin], is a member of:

BUILTIN\Administrators
\Everyone

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINDOWS
Logon Domain is JUSTIN-8MX31211
Administrator's Name is Justin
Computer Name is JUSTIN-8MX31211
LOGON SERVER is \\JUSTIN-8MX31211

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...


»»»»» (*2*) »»»»»........

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»

»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINDOWS\SYSTEM32 Including: *.DLL

241. Dpwsockx Dll 57,344 . . . . A 8-04-04 2:56 am
623. Msasn1 Dll 57,344 . . . . A 8-04-04 2:56 am
857. Packet Dll 57,344 . . . . A 7-24-04 9:38 pm
209. Dmloader Dll 35,840 . . . . A 8-04-04 2:56 am
358. Imgutil Dll 35,840 . . . . A 8-04-04 2:56 am
1090. Umandlg Dll 35,840 . . . . A 8-04-04 2:56 am
237. Dpvacm Dll 21,504 . . . . A 8-04-04 2:56 am
285. Feclient Dll 21,504 . . . . A 8-04-04 2:56 am

____________________________________________________________________________
*By size and date...


C:\WINDOWS\SYSTEM32\
dpwsockx.dll Wed Aug 4 2004 2:56:42a A.... 57,344 56.00 K
msasn1.dll Wed Aug 4 2004 2:56:42a A.... 57,344 56.00 K
packet.dll Sat Jul 24 2004 9:38:30p A.... 57,344 56.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 172,032 bytes 168.00 K

C:\WINDOWS\SYSTEM32\
dmloader.dll Wed Aug 4 2004 2:56:42a A.... 35,840 35.00 K
imgutil.dll Wed Aug 4 2004 2:56:42a A.... 35,840 35.00 K
umandlg.dll Wed Aug 4 2004 2:56:46a A.... 35,840 35.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 107,520 bytes 105.00 K

C:\WINDOWS\SYSTEM32\
dpvacm.dll Wed Aug 4 2004 2:56:42a A.... 21,504 21.00 K
feclient.dll Wed Aug 4 2004 2:56:42a A.... 21,504 21.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 43,008 bytes 42.00 K

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\DPWSOCKX.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\MSASN1.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\PACKET.DLL
SNiF 1.34 statistics

Matching files : 3 Amount in bytes : 172032
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\DMLOADER.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\IMGUTIL.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\UMANDLG.DLL
SNiF 1.34 statistics

Matching files : 3 Amount in bytes : 107520
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\DPVACM.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\FECLIENT.DLL
SNiF 1.34 statistics

Matching files : 2 Amount in bytes : 43008
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...



No matches found.

No matches found.

--*sp.html in temp folder was NOT FOUND!--

*Filter keys search...
REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html' (2)

--(*text/html Subkey was NOT FOUND!)--

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain' (2)

--(*text/plain Subkey was NOT FOUND!)--

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value Matches
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

No differences found.

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



»»Performing string scan....
00001150: vk f AppInit_DLLs G
00001190: h vk UDeviceNotSelectedTimeout 1 5
000011D0: P 9 0 vk ' zGDIProcessHandle
00001210:Quota" vk 8 Spooler2 y e s _ h
00001250: ` vk 5swapdisk vk
00001290: . TransmissionRetryTimeout h `
000012D0: vk ' t USERProcessHandleQuotar
00001310:
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
00001590:
000015D0:

---------- WIN.TXT
fùAppInit_DLLs֍æG
--------------
--------------
$01180: AppInit_DLLs
$011AF: UDeviceNotSelectedTimeout
$011FF: zGDIProcessHandleQuota
$01298: TransmissionRetryTimeout
$012E8: USERProcessHandleQuotar
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : ""
0000 00 00 | ..
-----------------------

»»»»»»Backups list...»»»»»»
0:01:09 up 0 days, 5:08:40
-----------------------
Tue 19 Oct 04 00:01:09


C:\FINDNFIX\
keyback.hiv Mon Oct 18 2004 11:54:52p A.... 8,192 8.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8,192 bytes 8.00 K

C:\FINDNFIX\KEYS1\
winkey.reg Mon Oct 18 2004 11:54:54p A.... 287 0.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0.28 K

*Temp backups...

"C:\Documents and Settings\Justin\Local Settings\Temp\Backs2\"
keyback2.hi_ Oct 18 2004 8192 "keyback2.hi_"
winkey2.re_ Oct 18 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8,479 bytes 8.28 K
-D---- JUNKXXX 00000000 23:54.52 18/10/2004
A----- STARTIT .BAT 00000060 23:54.52 18/10/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Tue 19 Oct 04 00:01:12

  • 0

Advertisements


#17
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Now we're getting somewhere! <_< There are some hidden malicious DLLS's here. Lets try the easy fix first.
  • Prepare CWShredder:
    • Download CWShredder v1.59.1.
    • Save it to your desktop.
    • Do not run it yet. We will run it later.
  • Run Symantec's BackDoor Removal Tool:
    • Download the Backdoor.Agent.B Removal Tool from Symantec.
    • Follow Symantec's instructions for how to run it.
    • Be sure to save the log file. I will need to see it later.
    • Restart your computer.
  • Run CWShredder. Be sure to click Fix as opposed to Scan Only. It should find some things and remove them.
  • Restart your computer once more.
  • Post a new HijackThis log and the log Symantec's tool gave you.

  • 0

#18
jdstoll

jdstoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There was nothing found in either thing. I didn't post the log from the first fix because all it said was that the backdoor wasn't found on my computer. That would make sense though since I use Norton Anti-Virus and always keep it updated and run it. CW Shredder also found nothing after restarting my computer a couple times and rerunning both of them. Here is my new log of Hijack this however.

Logfile of HijackThis v1.98.2
Scan saved at 12:36:38 AM, on 10/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Justin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigredreport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigredreport.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Trunk32] Trunk32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
  • 0

#19
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Go here http://download.broa.../DllCompare.exe and download and run CWS HiddenDLLFinder. Follow the prompts and post the log it makes back in this thread.
  • 0

#20
jdstoll

jdstoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the log.

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found <_<"
________________________________________________

1,250 items found: 1,250 files, 0 directories.
Total of file sizes: 271,342,464 bytes 258.77 M

Administrator Account = True

--------------------End log---------------------
  • 0

#21
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
False alarm, no malicious DLL's. I'm out of ideas. <_<
I'll keep looking around, and ask some others to check out this post.
  • 0

#22
learner04

learner04

    New Member

  • Member
  • Pip
  • 5 posts
Hi,
I have joined the forum recently. I am also facing the same problem. The look-today search bar won't go even though I run Adaware SE and SpyBot S & D. I am clue less now. Can any one help me in resolving the issue. Thank you.
My HJT Log is posted below.

Logfile of HijackThis v1.98.2
Scan saved at 9:39:14 AM, on 10/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\PrecisionScan Pro
3.0\hpscnsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\TurboNote\tbnote.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\una\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://www.atxowfxqv...veHswLVe0t.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page_bak = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", "
[url="http://www.dhqzgnqxrbznopcwzxves.biz/AEKSklGLWWTOYV1tlt2y9n/tYvcWlE/72e5Q7RxcWq4.htm");\nuser_pref("browser.startup.page"]http://www.dhqzgnqxrbznopcwzxves.biz/AEKSk...er.startup.page[/url]
", 1); (C:\Program Files\Netscape\Users\una\prefs.js)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{128C135C-493A-69D1-49CE-855A23BCC147} -
C:\PROGRA~1\ISOPLA~1\Slow Proc.exe (file missing)
O2 - BHO: (no name) -
{494FE6FA-D4E4-6D89-1FF7-9EBCE769598B} -
C:\DOCUME~1\una\APPLIC~1\ISOPLA~1\Slow Proc.exe
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Pile Owns Tray -
{7399F704-5F12-24EA-56CA-4680359BCE34} -
C:\PROGRA~1\ISOPLA~1\EachSoftware.dll (file missing)
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: corn axis -
{75200E74-2942-977D-79F0-27DC21D90D8A} -
C:\PROGRA~1\ISOPLA~1\EachSoftware.dll (file missing)
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two]
C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP LanScan Server] C:\Program
Files\Hewlett-Packard\PrecisionScan Pro 3.0\hpscnsvr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray]
C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [admin vc wipe htm] C:\Documents and
Settings\All Users\Application Data\mp3seekadminvc\Hold lite.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]
C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck]
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol]
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [tinySpell] C:\Program
Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bashdvd]
C:\DOCUME~1\una\APPLIC~1\THUNKH~1\meta plan.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\Launcher.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: TurboNote.lnk = C:\Program
Files\TurboNote\tbnote.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Corel Network monitor worker -
{E6919353-2085-427C-A75B-C3BBA4E4DB02} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker -
{E6919353-2085-427C-A75B-C3BBA4E4DB02} - (no file)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker -
{E6919353-2085-427C-A75B-C3BBA4E4DB02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker -
{E6919353-2085-427C-A75B-C3BBA4E4DB02} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850}
(Microsoft RDP Client Control (redist)) -
http://distbr1/TSWeb/msrdp.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
(YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB}
(Microsoft CMS HTML Editor Toolbar) -
http://www.cms1.godr...ort/nrdhtml.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
GILNT.COM
O17 - HKLM\Software\..\Telephony: DomainName = GILNT.COM
O17 -
HKLM\System\CCS\Services\Tcpip\..\{DDE8E6E8-3A01-4F14-95C3-344A84299F6A}:
NameServer = 10.10.1.210,10.10.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
GILNT.COM
  • 0

#23
jdstoll

jdstoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey guys I restarted my computer again and now it appears everything is fixed. I am not having any problems anymore. I really think the key to fixing this problem is deleting all the files under the temp folders mentioned in a previous reply to my problem. Thanks again for all your timely help. It is much appreciated.
  • 0

#24
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
JD: Glad to hear it. Post a log, so we can look at it. And Learner04, post a new thread in the HJThis forum so we can look at it. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP