Tech Support Guy banner
Cancel

How to remove this?

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 3 of 3 Posts
I

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Hi People

I think I have got a sidefind iseadh bug........
Please how can I remove it?
Here is my hjt log:

Logfile of HijackThis v1.99.0
Scan saved at 10:32:50, on 13-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
C:\Programmer\SpamPal\spampal.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\pavsrv.exe
C:\WINDOWS\System32\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Programmer\XoftSpy\XoftSpy.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Spyware Nuker 2004\SWN2.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\ice.ICE-CYK3WN2E1LU\Skrivebord\antibug\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kontakt.ofir.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "E:\\DOCUMENTS AND SETTINGS\\ICE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\z4xr3x5m.slt");
user_pref("browser.download.dir", "E:\\Documents and Settings\\ice\\Skrivebord");
user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "kontakt.ofir.dk");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("browser.tabs.force
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "E:\\DOCUMENTS AND SETTINGS\\ICE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\z4xr3x5m.slt");
user_pref("browser.download.dir", "E:\\Documents and Settings\\ice\\Skrivebord");
user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "kontakt.ofir.dk");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("browser.tabs.force
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Spyware Nuker] C:\Programmer\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Popup Ad Filter] E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: msmsgs.exe.lnk = C:\Programmer\MSN Messenger\msnmsgr.exe
O4 - Startup: PopFilter.exe.lnk = C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpamPal.lnk = C:\Programmer\SpamPal\spampal.exe
O4 - Startup: TeaTimer.exe.lnk = C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmer\Microsoft Office\Office\Osa9.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} -
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_06) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Panda anti-virus service - Unknown - pavsrv.exe (file missing)

And my SPYBOT 1.3 LOG:

ISearchTech.ISTactiveX: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1645522239-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
 
I

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Ok I removed

xmlparse.dll
and
xmltok.dll
in the system32 folder

But my system still has bugs.

How can I remove them?

Logfile of HijackThis v1.99.0
Scan saved at 12:15:19, on 13-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Programmer\Spyware Nuker 2004\swn2.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
C:\Programmer\SpamPal\spampal.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\pavsrv.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\AVENGINE.EXE
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\ice.ICE-CYK3WN2E1LU\Skrivebord\antibug\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kontakt.ofir.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "E:\\DOCUMENTS AND SETTINGS\\ICE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\z4xr3x5m.slt");
user_pref("browser.download.dir", "E:\\Documents and Settings\\ice\\Skrivebord");
user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "kontakt.ofir.dk");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("browser.tabs.force
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "E:\\DOCUMENTS AND SETTINGS\\ICE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\z4xr3x5m.slt");
user_pref("browser.download.dir", "E:\\Documents and Settings\\ice\\Skrivebord");
user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "kontakt.ofir.dk");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("browser.tabs.force
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Spyware Nuker] C:\Programmer\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Popup Ad Filter] E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: msmsgs.exe.lnk = C:\Programmer\MSN Messenger\msnmsgr.exe
O4 - Startup: PopFilter.exe.lnk = C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpamPal.lnk = C:\Programmer\SpamPal\spampal.exe
O4 - Startup: TeaTimer.exe.lnk = C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmer\Microsoft Office\Office\Osa9.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} -
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} -
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_06) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Panda anti-virus service - Unknown - pavsrv.exe (file missing)
 
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
iceb
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top