Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Please - Hijack this log

Started by goodday , Jan 18 2005 03:01 AM

  • Please log in to reply

#1
goodday
Posted 18 January 2005 - 03:01 AM

goodday

    Member

  • Member
  • PipPip
  • 24 posts
Thanks in advance,

I have been infected with home search assistant, shopping wizard, search extender, and who maybe others. Please take a look @ my hijack log and advise. Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 12:42:30 AM, on 1/18/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\CRYX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {DF6FA459-DEB5-1461-C7D8-1C69ABCE95BD} - C:\WINDOWS\SYSTEM\MSTE32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CRYX.EXE] C:\WINDOWS\CRYX.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit...ngs/PlayerX.CAB
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37946.966400463
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://download.micr...42/wmsp9dmo.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...f7dd0/enter.cab

Thanks Again,
Dan
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 18 January 2005 - 01:20 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Ok.... Here we go! This is a fun one. Remember Do not turn off the computer until specifically instructed to do so since this infection will change on us and we'll have to start all over.

Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here. From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work

Also you will need the latest version of Hijack This. Click Here download the latest version of Hijack This (1.99.0). It's better able to catch the latest threats. Please post a Hijack This log also.

-=jonnyrotten=- :tazz:
  • 0

#3
goodday
Posted 18 January 2005 - 02:15 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny Rotten,

I did as instructed, but I got this message "This program will only work with Windows XP, 2000, NT, and 2003."

I have Windows 98.

Do I still proceed?

Thanks a bunch for the help ------------

Dan
  • 0

#4
-=jonnyrotten=-
Posted 18 January 2005 - 02:16 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Oops, I overlooked that part hang on a sec and I will find the proper app.

-=jonnyrotten=- :tazz:
  • 0

#5
-=jonnyrotten=-
Posted 18 January 2005 - 02:25 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Ok, I can't find a getservices for win98, but I'm sure I will be able to shortly, in the meantime, download the newest version of Hijack This and post that log, we may not need the getservices file.

-=jonnyrotten=- :tazz:
  • 0

#6
goodday
Posted 18 January 2005 - 02:56 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny,

Thanks again.

I downloaded the new version of hijackthis as per your instructions and I might be double posting, but not being familiar with this site I don't if my last hijackthis log got to you so I will resend:

Logfile of HijackThis v1.99.0
Scan saved at 2:41:59 PM, on 1/18/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\CRYX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\G92N8LIJ\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {DF6FA459-DEB5-1461-C7D8-1C69ABCE95BD} - C:\WINDOWS\SYSTEM\MSTE32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CRYX.EXE] C:\WINDOWS\CRYX.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit...ngs/PlayerX.CAB
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...f7dd0/enter.cab
  • 0

#7
goodday
Posted 18 January 2005 - 06:01 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Latest Hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 2:41:59 PM, on 1/18/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\CRYX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\G92N8LIJ\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {DF6FA459-DEB5-1461-C7D8-1C69ABCE95BD} - C:\WINDOWS\SYSTEM\MSTE32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CRYX.EXE] C:\WINDOWS\CRYX.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit...ngs/PlayerX.CAB
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...f7dd0/enter.cab
  • 0

#8
-=jonnyrotten=-
Posted 18 January 2005 - 08:08 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xcyxi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [CRYX.EXE] C:\WINDOWS\CRYX.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...f7dd0/enter.cab


Then delete the following files (if they exist):

C:\WINDOWS\xcyxi.dll
C:\WINDOWS\CRYX.EXE

Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

-=jonnyrotten=- :tazz:
  • 0

#9
goodday
Posted 19 January 2005 - 11:46 AM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny,

You are a genius & thank you. I followed your instructions closely and I believe that we are making excellent progress in alleviating the problems. I was able to accomplish all of what you wanted me to do with the exception of not being able to load http://housecall.tre.../start_corp.asp . I tried 6 times and came up with the same message of the site not being able to update to my system. I was able to run http://www.pandasoft...n_principal.htm and it was clean.

Do you want me to try some other virus scan that you would suggest?

Will it be safe to empty my recycle bin and defrag as there was a ton of stuff that we got deleted?

I am somewhat of a computer novice, but your instructions were easy to follow and I thank you for that. Please review my running programs and make suggestions as to what is not needed and what you would delete if any. While on HJT I took the liberty to delete some items that I didn’t think I needed and was mainly following a name or topic that I found in the address. I hope that I accomplished all of the right maneuvers that you wanted.

As per your request here is the HiJackThis Log and the About:Buster Log. Again thank you very much.

Logfile of HijackThis v1.97.7
Scan saved at 11:11:27 AM, on 1/19/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOAD\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37946.966400463
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://download.micr...42/wmsp9dmo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab



-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 23

ADS not scanned System(FAT)
Removed! : C:\WINDOWS\xugaz.dat
Removed! : C:\WINDOWS\iwklv.dat
Removed! : C:\WINDOWS\xcyxi.dll
Removed! : C:\WINDOWS\cryx.exe
Removed! : C:\WINDOWS\gplitx.dat
Removed! : C:\WINDOWS\opavzn.dat
Removed! : C:\WINDOWS\qqeovh.dat
Removed! : C:\WINDOWS\jrwtqk.dat
Removed! : C:\WINDOWS\iejq32.exe
Removed! : C:\WINDOWS\apiso32.exe
Removed! : C:\WINDOWS\msga.exe
Removed! : C:\WINDOWS\appfd.exe
Removed! : C:\WINDOWS\javalh32.exe
Removed! : C:\WINDOWS\SYSTEM\mste32.dll
Removed! : C:\WINDOWS\SYSTEM\croo32.exe
Removed! : C:\WINDOWS\SYSTEM\addpi32.exe
Removed! : C:\WINDOWS\SYSTEM\addsx32.exe
Removed! : C:\WINDOWS\SYSTEM\apiol32.exe
Removed! : C:\WINDOWS\SYSTEM\addlv32.exe
Removed! : C:\WINDOWS\SYSTEM\ipdc32.exe
Removed! : C:\WINDOWS\SYSTEM\sysdo32.exe
Removed! : C:\WINDOWS\SYSTEM\atlxt.exe
Removed! : C:\WINDOWS\SYSTEM\netkc32.exe
Removed! : C:\WINDOWS\SYSTEM\appff.exe
Removed! : C:\WINDOWS\SYSTEM\apiml32.exe
Removed! : C:\WINDOWS\SYSTEM\crrc.exe
Removed! : C:\WINDOWS\SYSTEM\iebp32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 23

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!
  • 0

#10
-=jonnyrotten=-
Posted 19 January 2005 - 03:50 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Lookin good to me, lets use the newest version of Hijack This just to be sure. Were you using Internet Explorer to load housecall? Because if not then that's why.

Click Here download the latest version of Hijack This (1.99.0). It's better able to catch the latest threats.

-=jonnyrotten=- :tazz:
  • 0

Advertisements

#11
goodday
Posted 19 January 2005 - 05:04 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny,

I got your email and opened the forum up directly from the email and saw your post, but I went back to the forum and refreshed I couldn't find it. I found that in order to get back and get your posts, I am having to delete my cookies and re-sign in to get back to the forum which is ok. I am probably doing something wrong.

At any rate, I did as you said and used the new HJT as I am almost positive that I downloaded and used on the earlier posts, but I did as you said and will post the results.

I would like your advice. Please look @ the duplication of C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE on running processes. Do I need 2 of these. Also, I am using SBC DSL and may have old links to others that I have used and was not smart enough to uninstall. Please Advise. This also looks questionable------ R3 - Default URLSearchHook is missing.

Other questionables are:
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Thanks again and thanks for putting up with my novice questions.


Logfile of HijackThis v1.99.0
Scan saved at 4:10:17 PM, on 1/19/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\A8IPZ1C4\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#12
EricB
Posted 19 January 2005 - 05:09 PM

EricB

    New Member

  • Member
  • Pip
  • 3 posts
What u need is a program called about:buster and another one called CW shreddar

They can be found at majorgeeks.com and they get rid of those stuff!
  • 0

#13
-=jonnyrotten=-
Posted 19 January 2005 - 07:04 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Remove the following entries with Hijack This:

R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

The google ones are ok, since it looks as if you have the google toolbar installed. Also is IE running while your are scanning with HJT? IEXPLORE.EXE should only show up in the processes when you have IE running, the file will show up once for every IE you have open. If you don't have IE running then we may still have some bugs to take care of.

-=jonnyrotten=- :tazz:
  • 0

#14
goodday
Posted 19 January 2005 - 10:00 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny,

You are getting me closer and I thank you! Please tell me when you get the time as to when you want me to dump my recycled bin and when it will be safe to do so and defrag.

I shut down everything but the opened HJT that I downloaded from your post, deleted the 2 sites as you suggested and here are the results:

Logfile of HijackThis v1.99.0
Scan saved at 9:52:53 PM, on 1/19/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\A8IPZ1C4\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
  • 0

#15
goodday
Posted 19 January 2005 - 10:06 PM

goodday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Jonny,

Sorry, but on that last post I didn't get all of the HJT log cut and pasted properly. Here we go again.

Logfile of HijackThis v1.99.0
Scan saved at 9:52:53 PM, on 1/19/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\IWARE\IWARE MOUSE\3.2\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\A8IPZ1C4\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/p...v9/investor.cab
O16 - DPF: {89AE9BC0-1E25-11D1-9170-0000C0D23BD8} (AOLInstallObj Class) - file://C:\WINDOWS\OPTIONS\CABS\CONTENT\AOL\aolinstr.cab
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} (MSN Setup BBS Object) - http://fdl.msn.com/p...oc/setupbbs.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5....m/c381/chat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.h...ex/HMAtchmt.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP