Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter · #1 ·
This is a Windows ME system with many problems.

aLogfile of HijackThis v1.97.7
Scan saved at ¿ÀÈÄ 11:01:02, on 2004-03-26
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\ALISNDMG.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\N-CASE\MSBB.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\PALM\ALARMAPP.EXE
C:\PROGRAM FILES\WIRELESS LAN UTILITY\WLANUTILITY.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\¹ÙÅÁ È_¸é\HIJACKTHIS.EXE

R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\BENCEED.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-Cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-Cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-Cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [SSK Service] C:\WINDOWS\WINSSK32.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U
O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-Cillin 2000\PCCIOMON.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [SSK Service] C:\WINDOWS\WINSSK32.EXE
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: ADDLFNPR.REG
O4 - Startup: DOSSTART.BAT
O4 - Startup: MSDOS.SYS
O4 - Startup: WINSOCK.DLL
O4 - Startup: HWINFO.EXE
O4 - Startup: PIDGEN.DLL
O4 - Startup: SUBACK16.BIN
O4 - Startup: WIN1024.BIN
O4 - Startup: WIN640.BIN
O4 - Startup: WIN800.BIN
O4 - Startup: BILING.SYS
O4 - Startup: PCTWDM.INF
O4 - Startup: WAVEMIX.INI
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: EXTRAC32.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: GRPCONV.EXE
O4 - Startup: HH.EXE
O4 - Startup: ISO10646.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: NETCONN.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINCOOL.EXE
O4 - Startup: WJVIEW.EXE
O4 - Startup: WSCRIPT.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: HTMLHELP.HTM
O4 - Startup: README.HTM
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: ODBCINST.INI
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: NETDET.INI
O4 - Startup: SCANREGW.EXE
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: NET.EXE
O4 - Startup: NET.MSG
O4 - Startup: NETH.MSG
O4 - Startup: LOGOS.SYS
O4 - Startup: NETWORKS
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: 1STBOOT.BMP
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: »¡°£ ºí·Ï.bmp
O4 - Startup: WIN.COM
O4 - Startup: INETMIB1.DLL
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS409.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SNMPAPI.DLL
O4 - Startup: TWAIN_32.DLL
O4 - Startup: ACCSTAT.EXE
O4 - Startup: WUAURES.DLL
O4 - Startup: CLASSES.DAT
O4 - Startup: ARP.EXE
O4 - Startup: ASD.EXE
O4 - Startup: ATMADM.EXE
O4 - Startup: CDPLAYER.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: DIRECTCC.EXE
O4 - Startup: DVDPLAY.EXE
O4 - Startup: DVDRGN.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: FTP.EXE
O4 - Startup: IPCONFIG.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: NETDDE.EXE
O4 - Startup: NETSTAT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PING.EXE
O4 - Startup: PMRES.EXE
O4 - Startup: PMTS.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: USER.DAT
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: WINMINE.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: WINPOPUP.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUAUBOOT.EXE
O4 - Startup: WUAUCLT.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: WMPRFKOR.PRX
O4 - Startup: HOSTS.SAM
O4 - Startup: LMHOSTS.SAM
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: NLSFUNC.SYS
O4 - Startup: MSBATCH.INF
O4 - Startup: SYSTEM.DAT
O4 - Startup: ½£.bmp
O4 - Startup: ±Ý¼Ó üÀÎ.bmp
O4 - Startup: ¹Ù´Ã¶¡.bmp
O4 - Startup: TWAIN.DLL
O4 - Startup: CALC.EXE
O4 - Startup: CHARMAP.EXE
O4 - Startup: CLIPBRD.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: DRVSPACE.EXE
O4 - Startup: FREECELL.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: MPLAYER.EXE
O4 - Startup: MSHEARTS.EXE
O4 - Startup: NETWATCH.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: RSRCMTR.EXE
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: SOL.EXE
O4 - Startup: SYSMON.EXE
O4 - Startup: TWUNK_16.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: HIDCI.DLL
O4 - Startup: RESUME.TXT
O4 - Startup: COMMAND.COM
O4 - Startup: POWERPNT.INI
O4 - Startup: SOL.INI
O4 - Startup: SETVER.EXE
O4 - Startup: PTDLL16.DLL
O4 - Startup: HWINFO.DAT
O4 - Startup: QTW.INI
O4 - Startup: CONTROL.INI
O4 - Startup: MSOFFICE.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: TELEPHON.INI
O4 - Startup: PTDLL32.DLL
O4 - Startup: NDISLOG.TXT
O4 - Startup: PTHSP.DAT
O4 - Startup: setupapi.log
O4 - Startup: SchedLog.Txt
O4 - Startup: NET.949
O4 - Startup: NETH.949
O4 - Startup: ODBC.INI
O4 - Startup: QFECHECK.EXE
O4 - Startup: 񃧯.PWL
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: ±¸¸§.bmp
O4 - Startup: ±Ý»ö Á÷¹°.bmp
O4 - Startup: »ç¾Ï.bmp
O4 - Startup: ä³Î È_¸é º¸È£±â.SCR
O4 - Startup: progman.ini
O4 - Startup: Sti_Trace.log
O4 - Startup: Sti_Event.log
O4 - Startup: wiaservc.log
O4 - Startup: brndlog.txt
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: ModemCpl.txt
O4 - Startup: WMSysPrx.prx
O4 - Startup: brndlog.bak
O4 - Startup: IsUn0412.exe
O4 - Startup: PTUNINST.EXE
O4 - Startup: OEMLOGO.BMP
O4 - Startup: tmpdelis.bat
O4 - Startup: winstart.bat
O4 - Startup: tmpcpyis.bat
O4 - Startup: PCTVOICE.EXE
O4 - Startup: VMMHIBER.W9X
O4 - Startup: kds.jpg
O4 - Startup: ssdpcache.txt
O4 - Startup: msgdlgres.dll
O4 - Startup: VB98UTIL.DLL
O4 - Startup: PCC2K95.INI
O4 - Startup: vb98unres.dll
O4 - Startup: vbprop.dll
O4 - Startup: vbpropres.dll
O4 - Startup: LEXHBP.INI
O4 - Startup: WIN386.SWP
O4 - Startup: HSP56 MR.log
O4 - Startup: TrueSoft.dat
O4 - Startup: system.lex
O4 - Startup: win.lex
O4 - Startup: wlsplmgr.ini
O4 - Startup: plugin131_04.trace
O4 - Startup: REGTLIB.EXE
O4 - Startup: LOADQM.EXE
O4 - Startup: ACEMan-pro.log
O4 - Startup: SUSFAIL.TXT
O4 - Startup: winampa.ini
O4 - Startup: Winamp.ini
O4 - Startup: Faultlog.txt
O4 - Startup: Active Setup Log.txt
O4 - Startup: system.ini
O4 - Startup: Active Setup Log.BAK
O4 - Startup: wplog.txt
O4 - Startup: ttfCache
O4 - Startup: win.ini
O4 - Startup: wininitlog.old
O4 - Startup: GoogleToolbar1.dll
O4 - Startup: U.PWL
O4 - Startup: unvise32qt.exe
O4 - Startup: IsUninst.exe
O4 - Startup: dahotfix.log
O4 - Startup: vminst.log
O4 - Startup: command.PIF
O4 - Startup: wmsetup.log
O4 - Startup: netflix.ico
O4 - Startup: earnmoney.ico
O4 - Startup: DirectTVIcon.ico
O4 - Startup: readme.ico
O4 - Startup: Readme.txt
O4 - Startup: tiscali_it_2.ico
O4 - Startup: shop.ico
O4 - Startup: avocadolite1015.scr
O4 - Startup: avocadolite1015.exe
O4 - Startup: gscr.dll
O4 - Startup: avocadolite1015.prv
O4 - Startup: avocadolite0814.scr
O4 - Startup: avocadolite0814.exe
O4 - Startup: avocadolite0814.prv
O4 - Startup: 000.PWL
O4 - Startup: EPSTPLOG.TXT
O4 - Startup: Adobe PSEle2.log
O4 - Startup: Adobe PSEle2 Lang Installer.log
O4 - Startup: winssk32.exe
O4 - Startup: winmine.ini
O4 - Startup: ShellIconCache
O4 - Startup: BI.DLL
O4 - Startup: QTFont.qfn
O4 - Startup: java.exe
O4 - Startup: javaw.exe
O4 - Startup: hpfmsi.log
O4 - Startup: IE4 Error Log.txt
O4 - Startup: epspmgr4.ini
O4 - Startup: QUICKINSTALL.INI
O4 - Startup: hpdj3500.ini
O4 - Startup: hpdj3500.his
O4 - Startup: _delis32.ini
O4 - Startup: hpfmdl01.dat
O4 - Startup: hpfins01.dat
O4 - Startup: SYSTEMTH39Q131N87O.xml
O4 - Startup: QTFont.for
O4 - Startup: BIPREP.EXE
O4 - Startup: bxxs5.dll
O4 - Startup: bsx32.ini
O4 - Startup: eZinstall.exe
O4 - Startup: ADG.exe
O4 - Startup: BI.INI
O4 - Startup: Digital Signature 20040310.htm
O4 - Startup: didduid.ini
O4 - Startup: BELT.EXE
O4 - Startup: WININIT.BAK
O4 - Startup: BELT.INI
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.kds21.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.11/kontiki/kontiki/current/kdx.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
 

·
Registered
Joined
·
9,396 Posts
Hmmm!..........quite a compromised system.

Go to http://computercops.biz/downloads-cat-14.html , and download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.

Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)

Now re-boot...

Then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

Re-boot again.

Then post a new HijackThis log to check what is left.


;)
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top