Adware Removal [resolved]
Started by
Fluteloop
, Aug 04 2005 07:14 PM
#1
Posted 04 August 2005 - 07:14 PM
#2
Posted 04 August 2005 - 07:17 PM
Logfile of HijackThis v1.99.1
Scan saved at 03:00:41, on 01/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARCHIVOS DE PROGRAMA\IOLO\SYSTEM MECHANIC 4 PROFESSIONAL\SMNSTLWTCH.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
Scan saved at 03:00:41, on 01/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARCHIVOS DE PROGRAMA\IOLO\SYSTEM MECHANIC 4 PROFESSIONAL\SMNSTLWTCH.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
#3
Posted 05 August 2005 - 06:10 PM
Hello. I posted here yesterday cuz I had a problem with adware that couldn't be resolved with Ad-Aware, Spybot and Search and Destroy, so I downloaded Hijack This to see if I could get some help here, but looks like my post got erased. WHy is that? The adware that keeps popping up is loadingwebsite and paypopup. Please can someone help me. Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 02:04:37, on 02/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
Logfile of HijackThis v1.99.1
Scan saved at 02:04:37, on 02/01/01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MIS DOCUMENTOS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
Edited by Fluteloop, 05 August 2005 - 06:12 PM.
#4
Posted 06 August 2005 - 04:59 AM
Welcome Fluteloop to Geeks to Go!
Your previous topic wasn't removed, I found it and merged it into this one.
Please download L2m9xfix.
Unzip it to the desktop and run RunThis.bat.
A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.
***
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
***
Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.
***
Then please reboot your computer to normal mode.
***
Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.
***
Post back to this topic using the button 'add reply' with a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
Your previous topic wasn't removed, I found it and merged it into this one.
Please download L2m9xfix.
Unzip it to the desktop and run RunThis.bat.
A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.
***
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
***
Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbtqzbjzf...L0JAK8yt2y3.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B8719F2E-D323-A2DC-20E4-D3865BBFDBE3} - (no file)
O3 - Toolbar: (no name) - {C84A0D22-651C-A1AC-D2C0-66516D2E9981} - (no file)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.
***
Then please reboot your computer to normal mode.
***
Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.
***
Post back to this topic using the button 'add reply' with a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
#5
Posted 06 August 2005 - 10:16 AM
Hi g2i2r4. Thanks for the help. I said my first post was erased, but then after posting the second post, I thought that maybe it was the fact that there are so many posts in this forum, that it gets lost in the shuffle. Anyway, here's the log from Runthis.bat.
Log of L2M9XFix v1
************
Running from directory:
C:\Mis documentos\Runthis\l2m9xfix
************
Files found:
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
************
Registry entries found:
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
AND NOW HERE IS THE NEW LOG FROM HIJACK THIS.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
Hope to hear from you soon, and thanks again.
Log of L2M9XFix v1
************
Running from directory:
C:\Mis documentos\Runthis\l2m9xfix
************
Files found:
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ALDCXC32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\ANKRNL32.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\BJACKBOX.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\CKYPTNET.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DEDIM.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DPDIM700.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\DXSCRIPT.DLL
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\dxvx.dll
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\HOD.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\IJ32_32.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\INRT1625.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IOETCPLC.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQ32_32.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\IQRNONCE.DLL
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\iqss.dll
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\IT1XDD.DLL
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\iV.dll
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\mavcr71.dll
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\MBMICICM.DLL
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\mcdxmlc.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\meuni11.dll
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\MFDCTRL.DLL
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\mhident.dll
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\MIWDAT10.DLL
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\mkltus35.dll
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\MKR2C.DLL
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\mkxml4.dll
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MLTEXT40.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMI.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MMJET35.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQCD30.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MQSTDFMT.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\MUCMS.DLL
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\mzrd2x35.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\nfiew.dll
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\NPNDS.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OBBCINT.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OXBCBCP.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\OZE32.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\RCCLTC1.DLL
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\rvxam.dll
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\RYCMQCL.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\SBNCENG.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\skrrun.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\spoes.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\SQELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\STELL.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SWSTHUNK.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\SXELL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\ULL.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\VLR.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WPBCHECK.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
C:\WINDOWS\system\WXVCORE.DLL
************
Registry entries found:
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{E14620C0-EA90-11D9-9450-0050BFA82CA1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\ALDCXC32.DLL"
AND NOW HERE IS THE NEW LOG FROM HIJACK THIS.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mixmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telefonica.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.es/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\ARCHIVOS DE PROGRAMA\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0002.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
Hope to hear from you soon, and thanks again.
#6
Posted 06 August 2005 - 10:52 AM
The logs look clean. Is the computer running ok now?
#7
Posted 06 August 2005 - 02:50 PM
Yes looks like it. Although I have a little problem with the taskbar after I opened runthis.bat, gonna see if I can fix it myself, if not, I'll repost on the forum. THANK YOU SOOOOOOOOOOO MUCH. Not like adware is as dangerous as spyware, but still annoying. THAAAAAAAAANKS.
#8
Posted 06 August 2005 - 03:29 PM
I'll keep the topic open for a while then.
#9
Posted 06 August 2005 - 06:08 PM
I got the taskbar problem fixed, so thanks alot, and you can close the topic if you'd like.
#10
Posted 07 August 2005 - 04:08 AM
Please follow these simple steps in order to keep your computer clean and secure:
Glad I was able to help.
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Renable system restore with instructions from tutorial above
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Glad I was able to help.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users