|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
January 24th, 2005, 05:16 PM
|
|||
|
|||
|
Help
Hello,
this is my first time using this so pls bear with me.I have been having problems with searchtheweb2 along with some other LOB infections.I will attach a hijackthis log for someone to look at, thanks........RickLogfile of HijackThis v1.99.0 Scan saved at 7:10:20 PM, on 24/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\scheck45.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uninstaller\Tray icon tool.exe C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Rick\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kytnygkvmfuwkz.net/m_gHtdNoZdPg1JTvqcGCJrIPgUUwXGT9up6zVUo8xUN1NbLa1nx_bHjDN0e/X0XN.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Rick\Application Data\Mozilla\Profiles\default\7wbu6ol3.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A36F8E9-2002-2458-301F-F4D351C951B5} - C:\PROGRA~1\ENCMED~1\4 BEEP.exe (file missing) O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: CTypo Object - {DCE80CA4-B555-44D8-B423-A75D6C345EE1} - C:\WINDOWS\System32\stype10.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [scheck] C:\WINDOWS\System32\scheck45.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093006913734 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA905A7-19A6-47E1-90F8-001ADF264938}: NameServer = 142.177.1.2 142.177.129.11 O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOW
|
|
#2
January 31st, 2005, 02:15 PM
|
|||
|
|||
|
Print out these instructions and then close all windows including Internet Explorer.
Then I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kytnygkvmfuwkz.net/m_gHtdNoZdPg1JTvqcGCJrIPgUUwXGT9up6zVUo8xUN1NbLa1nx_bHjDN0e/X0XN.jpg O2 - BHO: (no name) - {1A36F8E9-2002-2458-301F-F4D351C951B5} - C:\PROGRA~1\ENCMED~1\4 BEEP.exe (file missing) O2 - BHO: CTypo Object - {DCE80CA4-B555-44D8-B423-A75D6C345EE1} - C:\WINDOWS\System32\stype10.dll O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe Reboot your computer into Safe Mode Then delete these files or directories (Do not be concerned if they do not exist) C:\WINDOWS\System32\stype10.dll C:\DOCUMENTS AND SETTINGS\Rick\APPLICATION DATA\BOOKAB~1\ Reboot your computer to go back to normal mode and post a new log.
__________________
Grinler BleepingComputer.com: Computer Help & Tutorials for the beginning computer user
|
|
#3
February 5th, 2005, 07:32 AM
|
|||
|
|||
|
hER IS ANOTHER COPY OF HIJACKTHIS
Logfile of HijackThis v1.99.0
Scan saved at 9:30:25 AM, on 05/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\scheck45.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uninstaller\Tray icon tool.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Documents and Settings\Rick\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Rick\Application Data\Mozilla\Profiles\default\7wbu6ol3.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing) O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [scheck] C:\WINDOWS\System32\scheck45.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093006913734 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA905A7-19A6-47E1-90F8-001ADF264938}: NameServer = 142.177.1.2 142.177.129.11 O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
|
|
#4
February 5th, 2005, 11:13 AM
|
|||
|
|||
|
Print out these instructions and then close all windows including Internet Explorer.
Then I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button: O4 - HKLM\..\Run: [scheck] C:\WINDOWS\System32\scheck45.exe O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe Reboot your computer into Safe Mode Then delete these files or directories (Do not be concerned if they do not exist) C:\WINDOWS\System32\scheck45.exe C:\Program Files\NavExcel\ C:\DOCUMENTS AND SETTINGS\Rick\APPLICATION DATA\BOOKAB~1\ Reboot your computer to go back to normal mode and post a new log.
|
|
#5
February 5th, 2005, 01:20 PM
|
|||
|
|||
|
New Files
Logfile of HijackThis v1.99.0
Scan saved at 3:16:27 PM, on 05/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uninstaller\Tray icon tool.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe C:\NavPress\ZIPscrpt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Rick\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otoouxclwnkyjq.com/m_gHtdNoZdPg1JTvqcGCJrIPgUUwXGT9up6zVUo8xUMnHa/VTN8H2XjDN0e/X0XN.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.larpizxjmmqfeysdn.com/m_gHtdNoZdMngxZuawekGv9pa2d3jJv/UuHoc1gPowY.htm");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Rick\Application Data\Mozilla\Profiles\default\7wbu6ol3.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing) O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [scheck] C:\WINDOWS\System32\scheck45.exe O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093006913734 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA905A7-19A6-47E1-90F8-001ADF264938}: NameServer = 142.177.1.2 142.177.129.11 O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
|
|
#6
February 5th, 2005, 01:22 PM
|
|||
|
|||
|
Just fix this and post a new log:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otoouxclwnkyjq.com/m_gHtdNoZdPg1JTvqcGCJrIPgUUwXGT9up6zVUo8xUMnHa/VTN8H2XjDN0e/X0XN.html
|
|
#7
February 6th, 2005, 06:05 AM
|
|||
|
|||
|
New Log File
Here is a new log file,I think I still have some unwanted files or programs here,
Logfile of HijackThis v1.99.0 Scan saved at 3:16:27 PM, on 05/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uninstaller\Tray icon tool.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe C:\NavPress\ZIPscrpt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Rick\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otoouxclwnkyjq.com/m_gHtdNoZdPg1JTvqcGCJrIPgUUwXGT9up6zVUo8xUMnHa/VTN8H2XjDN0e/X0XN.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.larpizxjmmqfeysdn.com/m_gHtdNoZdMngxZuawekGv9pa2d3jJv/UuHoc1gPowY.htm");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Rick\Application Data\Mozilla\Profiles\default\7wbu6ol3.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing) O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [scheck] C:\WINDOWS\System32\scheck45.exe O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093006913734 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA905A7-19A6-47E1-90F8-001ADF264938}: NameServer = 142.177.1.2 142.177.129.11 O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
|
|
#8
February 6th, 2005, 10:56 AM
|
|||
|
|||
|
Yup you have some bad stuff in there:
Navapp.exe I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory: C:\WINDOWS\System32\scheck45.exe C:\NavPress\ZIPscrpt.exe C:\Program Files\Uninstaller\Tray icon tool.exe To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder. If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php, fill in the required fields, and browse to the file. Then click on the Send File button. Print out these instructions and then close all windows including Internet Explorer. Then I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button: O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKCU\..\Run: [dashplus] C:\DOCUME~1\Rick\APPLIC~1\BOOKAB~1\bind software bib.exe Reboot your computer into Safe Mode Then delete these files or directories (Do not be concerned if they do not exist) C:\Program Files\NavExcel\ C:\DOCUMENTS AND SETTINGS\Rick\APPLICATION DATA\BOOKAB~1\ Reboot your computer to go back to normal mode and Download and unzip to one folder: http://metallica.geekstogo.com/gettasks.zip Inside the folder find gettasks.bat Doubleclick it and it will create the file C:\tasks.txt Find that file and copy the content into your next post along with a new hijackthis log
|
|
#9
February 6th, 2005, 07:37 PM
|
|||
|
|||
|
Help finding submit directory
Hello'
This may sound foolish,but how do I find the c:\submit directory.Iam sorry Iam not very pc friendly but Iam learning, thankyou ...........Rick
|
|
#10
February 6th, 2005, 09:39 PM
|
|||
|
|||
|
You make the submit directory by opening up my computer and then double-clicking on the c: drive. Then right click on a empty area and select new>folder. name that folder submit and then copy those programs i listed into that folder.
|
|
#11
February 7th, 2005, 06:29 AM
|
|||
|
|||
|
Files
Hello,
I cannot seem to find these files, they show up when I run Highjackthis but I cannot find them when I look in search,any ideas how Ican find these,Iam sorry as I said IAM learni ng pc's slowly...........Thankyou so much.............Rick. c:\windows\system32\scheck45.exe c:\navpress\zipscipt.exe c  rogramfiles\unistaller\tray icon tool.exe
|
|
#13
February 7th, 2005, 11:25 AM
|
|||
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
