Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Silly DI.AK infection

Started by roacham , Dec 10 2004 03:10 PM

  • Please log in to reply

#1
roacham
Posted 10 December 2004 - 03:10 PM

roacham

    Member

  • Member
  • PipPipPip
  • 245 posts
First I keep getting Dr Watson Postmortem debugger closing my internet and now I also get a message form my EZ Antivirus telling my I might have a Win32 silly DI. AK infection but when it scans it finds no infections. My computer is going crazy. Everything is freezing and closing or freezing and won't close. Please help. I am very frustrated. Here is my message I am getting...

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP615\A0196271.exe
Virus Name: Win32.SillyDl.AK


Here is my hi-jack log...


Logfile of HijackThis v1.98.2
Scan saved at 10:54:03 AM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Fonts\Mobsters\webinet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CATLEvents Object - {30279F2D-1A38-4785-97D4-5C3508BDB289} - C:\DOCUME~1\Angie\LOCALS~1\Temp\lldten.dat
O2 - BHO: CATLEvents Object - {446CF8A5-617E-4D91-95AE-AE78CE0D06AF} - C:\DOCUME~1\Angie\LOCALS~1\Temp\codca.dat
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat
O2 - BHO: VPN-OEM Extension - {89044184-F260-4FDD-8FAB-2662814846E5} - C:\WINDOWS\System32\tvdhlom.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [*avfont] C:\WINDOWS\ServicePackFiles\avfont.exe
O4 - HKLM\..\Run: [*runnut] C:\WINDOWS\Registration\runnut.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [compobj] C:\WINDOWS\System32\compobj.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {0AB5CBCF-6984-4122-BCF7-BE33BF5B1CF1} - http://www.topmoxie....se/upro1050.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry....yFamilyTree.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.g...gleActivate.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab
O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\System32\tvdhlom.dll



Someone please help me. Do I need to remove anything or what should I do?
  • 0

Advertisements

#2
roacham
Posted 10 December 2004 - 04:29 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
I do not know if this will halp but here is my virus scan info...


eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 5:35:40 PM, 12/7/2004
Dat file v8787

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Portfolio\333333333333333333333333333333333333333333300000006.wsb - unable to open file - not scanned.
C:\Documents and Settings\Angie\Application Data\Aim\qdnozpxw\roachamroach\cert8.db - unable to open file - not scanned.
C:\Documents and Settings\Angie\Application Data\Aim\qdnozpxw\roachamroach\key3.db - unable to open file - not scanned.
C:\Documents and Settings\Angie\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\MSHist012004120720041208\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\HZF17LR8\pharmacy-24x7[2] - scan incomplete.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\HZF17LR8\pharmacy-24x7[5] - scan incomplete.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Angie\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6DVWTG3A\azlyrics[1] - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AEDENHTS\IAicm[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\JL0OHO5W\MiniBugTransporter[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YYR55BTV\CANQ18PB.swf - scan incomplete.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\CDSZ4Z8B\draft[1] - scan incomplete.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\K16FC1IF\CASPEVMJ.swf - scan incomplete.
C:\hiberfil.sys - unable to open file - not scanned.
C:\i386\WBCACHE.DE_ - scan incomplete.
C:\i386\WBCACHE.EN_ - scan incomplete.
C:\i386\WBCACHE.ES_ - scan incomplete.
C:\i386\WBCACHE.FR_ - scan incomplete.
C:\i386\WBCACHE.IT_ - scan incomplete.
C:\i386\WBCACHE.NL_ - scan incomplete.
C:\i386\WBCACHE.SV_ - scan incomplete.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf>PBrush - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf - scan incomplete.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{17FA2C3E-A9BB-469D-B640-9DA2B60F149A}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{CB560962-5EE9-4B30-A336-43C78CB6258C}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\DEFAULT - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SOFTWARE - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SYSTEM - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

Finished scanning: 8:05:59 PM, 12/7/2004
Number of files scanned: 341400.
Number of files that could not be scanned: 56
No file viruses detected.

eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 7:23:40 PM, 12/8/2004
Dat file v8790

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Portfolio\333333333333333333333333333333333333333333300000006.wsb - unable to open file - not scanned.
C:\Documents and Settings\Angie\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\MSHist012004120820041209\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Angie\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6DVWTG3A\azlyrics[1] - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AEDENHTS\IAicm[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\JL0OHO5W\MiniBugTransporter[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YYR55BTV\CANQ18PB.swf - scan incomplete.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\CDSZ4Z8B\draft[1] - scan incomplete.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\K16FC1IF\CASPEVMJ.swf - scan incomplete.
C:\hiberfil.sys - unable to open file - not scanned.
C:\i386\WBCACHE.DE_ - scan incomplete.
C:\i386\WBCACHE.EN_ - scan incomplete.
C:\i386\WBCACHE.ES_ - scan incomplete.
C:\i386\WBCACHE.FR_ - scan incomplete.
C:\i386\WBCACHE.IT_ - scan incomplete.
C:\i386\WBCACHE.NL_ - scan incomplete.
C:\i386\WBCACHE.SV_ - scan incomplete.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf>PBrush - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf - scan incomplete.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{17FA2C3E-A9BB-469D-B640-9DA2B60F149A}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\DEFAULT - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SOFTWARE - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SYSTEM - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\netext\C920C7758C2EB9FFEBEAFDA0BD2F6157CC5E1267.tpr - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

Finished scanning: 9:26:08 PM, 12/8/2004
Number of files scanned: 314826.
Number of files that could not be scanned: 55
No file viruses detected.

eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 2:07:16 PM, 12/10/2004
Dat file v8793

Scanning boot sectors...
C:\ Master Boot Record is OK: standard IBM 3.3.
C:\ Partition Boot Record is OK: standard Win2000 (2).

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Portfolio\333333333333333333333333333333333333333333300000006.wsb - unable to open file - not scanned.
C:\Documents and Settings\Angie\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24}\Microsoft\Outlook Express\Folders.dbx - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24}\Microsoft\Outlook Express\Inbox.dbx - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24}\Microsoft\Outlook Express\Offline.dbx - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24}\Microsoft\Outlook Express\Pop3uidl.dbx - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\MSHist012004121020041211\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temp\Acr7.tmp - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temp\Acr8.tmp - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temp\AcrB1.tmp - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\5M5B8WGL\JJA4JA50\Offline\HashFile.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Angie\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Angie\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\6DVWTG3A\azlyrics[1] - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\AEDENHTS\IAicm[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\JL0OHO5W\MiniBugTransporter[1].cab - scan incomplete.
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\YYR55BTV\CANQ18PB.swf - scan incomplete.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\CDSZ4Z8B\draft[1] - scan incomplete.
C:\Documents and Settings\Trent\Local Settings\Temporary Internet Files\Content.IE5\K16FC1IF\CASPEVMJ.swf - scan incomplete.
C:\hiberfil.sys - unable to open file - not scanned.
C:\i386\WBCACHE.DE_ - scan incomplete.
C:\i386\WBCACHE.EN_ - scan incomplete.
C:\i386\WBCACHE.ES_ - scan incomplete.
C:\i386\WBCACHE.FR_ - scan incomplete.
C:\i386\WBCACHE.IT_ - scan incomplete.
C:\i386\WBCACHE.NL_ - scan incomplete.
C:\i386\WBCACHE.SV_ - scan incomplete.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf>PBrush - unable to open file - not scanned.
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\about.rtf - scan incomplete.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{17FA2C3E-A9BB-469D-B640-9DA2B60F149A}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{CB560962-5EE9-4B30-A336-43C78CB6258C}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\DEFAULT - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SOFTWARE - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SYSTEM - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\Temp\Cookies\index.dat - unable to open file - not scanned.
C:\WINDOWS\Temp\History\History.IE5\index.dat - unable to open file - not scanned.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

Finished scanning: 4:24:20 PM, 12/10/2004
Number of files scanned: 316904.
Number of files that could not be scanned: 66
No file viruses detected.
  • 0

#3
roacham
Posted 12 December 2004 - 02:26 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
O.K. :tazz:
Someone please help me. Is there something else I need to do before someone will help me? Please let me know. I do not understand why no one will help me. My computer is driving me crazy. Is there anything you see in these logs that I might be able to fix? ;)
Thank you
  • 0

#4
Metallica
Posted 12 December 2004 - 02:55 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

O2 - BHO: CATLEvents Object - {30279F2D-1A38-4785-97D4-5C3508BDB289} - C:\DOCUME~1\Angie\LOCALS~1\Temp\lldten.dat
O2 - BHO: CATLEvents Object - {446CF8A5-617E-4D91-95AE-AE78CE0D06AF} - C:\DOCUME~1\Angie\LOCALS~1\Temp\codca.dat
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat
O2 - BHO: VPN-OEM Extension - {89044184-F260-4FDD-8FAB-2662814846E5} - C:\WINDOWS\System32\tvdhlom.dll

O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [*avfont] C:\WINDOWS\ServicePackFiles\avfont.exe
O4 - HKLM\..\Run: [*runnut] C:\WINDOWS\Registration\runnut.exe

O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun

O4 - HKCU\..\Run: [compobj] C:\WINDOWS\System32\compobj.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry....yFamilyTree.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab

O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\System32\tvdhlom.dll

Reboot in safe mode and use the DiskCleanup Tool to empty all your Temp folders.
Still in safe mode, delete:
C:\Program Files\Upromise_RemindU <= entire folder
C:\WINDOWS\ServicePackFiles\avfont.exe
C:\WINDOWS\Registration\runnut.exe
C:\WINDOWS\Fonts\Mobsters\webinet.exe
C:\WINDOWS\System32\compobj.exe

Boot normally and post a new HijackThis log.

Regards,

Pieter
  • 0

#5
roacham
Posted 12 December 2004 - 05:28 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
:tazz: Thank you so much for giving me some help. I have doen everything you said. I did have some problems trying to delete the items you told me delete. I could not find any of the C:\WINDOWS files except for the mobster one and it told me it could not delete it. It said it was teniweb instead of webinet.
Well, I hope my computer is doing better now. Here is my new hiJack this log...


Logfile of HijackThis v1.98.2
Scan saved at 5:27:29 PM, on 12/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Fonts\Mobsters\webinet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {0AB5CBCF-6984-4122-BCF7-BE33BF5B1CF1} - http://www.topmoxie....se/upro1050.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.g...gleActivate.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab
  • 0

#6
roacham
Posted 12 December 2004 - 07:52 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
Just to let you know, my computer is still doing the same thing. One thing that is also happening is a pop-up window to download win antivirus and firewall keeps coming up and freezing the internet.
  • 0

#7
admin
Posted 13 December 2004 - 01:05 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Let's try this removal tool:
http://securityrespo...er/FixVundo.exe

Post a fresh log when finished. :tazz:
  • 0

#8
roacham
Posted 13 December 2004 - 01:36 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
O.K.,
Here is my log after using the trojan thing...


Logfile of HijackThis v1.98.2
Scan saved at 1:37:05 PM, on 12/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Fonts\Mobsters\webinet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\infectionreport.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {0AB5CBCF-6984-4122-BCF7-BE33BF5B1CF1} - http://www.topmoxie....se/upro1050.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.g...gleActivate.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab



Hope it is at least on the way to being fixed. Thank you for your help.
  • 0

#9
Metallica
Posted 13 December 2004 - 01:53 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download Killbox from:
http://www.bleepingc...les/killbox.php

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat

O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun

O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm

O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)

Select the option Delete on Reboot and paste in this path:
C:\WINDOWS\Fonts\Mobsters\webinet.exe
Reboot when prompted into safe mode and use the DiskCleanup Tool to empty all your Temp folders.

Then boot normally and post a new log.

Regards,

Pieter
  • 0

#10
roacham
Posted 13 December 2004 - 02:55 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
I now have another problem whin I click on the bleepingcomputer my computer freezes. My address bar is now gone and I cannot get it back. What do I do now?
  • 0

Advertisements

#11
roacham
Posted 13 December 2004 - 03:13 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
I got the killbox downloaded. Do I need to run it before checking everything in hijack this? If so, which do I mark to run under?
  • 0

#12
admin
Posted 13 December 2004 - 04:46 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
You only need the Killbox for this entry:

Open the Killbox...
Select the option Delete on Reboot and paste in this path:
C:\WINDOWS\Fonts\Mobsters\webinet.exe
  • 0

#13
roacham
Posted 13 December 2004 - 06:41 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
Here is my new log. Computer keeps getting slower and slower so I don't think it is fixed yet. Whatever is taking over this thing is a monster.


Logfile of HijackThis v1.98.2
Scan saved at 6:40:45 PM, on 12/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Fonts\Mobsters\webinet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Angie\LOCALS~1\Temp\tenibew.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {0AB5CBCF-6984-4122-BCF7-BE33BF5B1CF1} - http://www.topmoxie....se/upro1050.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.g...gleActivate.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab
  • 0

#14
roacham
Posted 13 December 2004 - 07:07 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
meant to say I think it is not fixed yet
  • 0

#15
Yarnouth
Posted 13 December 2004 - 07:53 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Follow this closely and read it through to make sure your able to reboot in safemode and view hidden files. The links are underlined. I would suggest you read these before starting the fixing process.:

1)Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe
O4 - HKLM\..\RunOnce: [*webinet] C:\WINDOWS\Fonts\Mobsters\webinet.exe rerun

2)Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). If you miss the reboot into safe mode you will need to go back to step one.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\Program Files\WildTangent <----this folder
C:\WINDOWS\Fonts\Mobsters <----this folder

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP