Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
119 Posts
Discussion Starter · #1 ·
hi

can you look at my HT log and tell me whats up.
thanks
joe

Logfile of HijackThis v1.99.0
Scan saved at 18:36:40, on 16/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\INTEL\DSLSETUP\PRODSL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\E_S4I0F2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPY_STUFF\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goolge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search-system.com/re.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {088754AC-C4D3-5B92-73E4-B7FC4C7DD8C8} - C:\WINDOWS\SYSTEM32\MSADBLOCK32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [DSL Connection Manager] C:\intel\DSLSetup\prodsl.exe /P
O4 - HKLM\..\Run: [dhcpagnt] C:\intel\DSLSetup\dhcpagnt.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\SYSTEM\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O7 "EPUSB1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKLM\..\Run: [Windows ControlAd] C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLAD.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O15 - Trusted Zone: http://*.xxxtoolbar.com
O15 - Trusted Zone: http://*.windupdates.com
 

·
Registered
Joined
·
49,014 Posts
Print this out – boot to safe mode

Fix these

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search-system.com/re.html

O2 - BHO: (no name) - {088754AC-C4D3-5B92-73E4-B7FC4C7DD8C8} - C:\WINDOWS\SYSTEM32\MSADBLOCK32.DLL (file missing)

O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE

O4 - HKLM\..\Run: [Windows ControlAd] C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLAD.EXE

O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE

O15 - Trusted Zone: http://*.xxxtoolbar.com
O15 - Trusted Zone: http://*.windupdates.com

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete
C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE - file
C:\PROGRAM FILES\WINDOWS CONTROLAD – folder

START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin

Boot and post a new log
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top