|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
May 26th, 2005, 06:51 PM
|
|||
|
|||
Trojan, Norton says Flsmngr.dll is infected, and POP UPS GALORE!
Okay.. so yesterday I was surfin some UK sites and now Norton says I have a "backdoor Trojan"... and it's affecting a file called "flsmngr.dll". Well.. Norton can't repair, quarantine, or delete this file.. so my computer is not working properly. TONS of pop-ups and who knows what else. I tried manually deleting this file.. but was denied access.
Here's my lastest Hijack This Log... Logfile of HijackThis v1.99.1 Scan saved at 4:39:54 PM, on 5/26/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\WinTools\WToolsA.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\ps1.exe C:\WINDOWS\System32\exp.exe C:\WINDOWS\System32\wintask.exe C:\WINDOWS\System32\Auooaz.exe C:\WINDOWS\System32\cxtpls_loader.exe C:\WINDOWS\System32\sndpro32.exe C:\Program Files\AutoUpdate\AutoUpdate.exe c:\windows\system32\ddjccls.exe C:\WINDOWS\System32\secmsft.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE C:\Documents and Settings\TSUNAMI BOMB\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\TSUNAM~1\LOCALS~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Mnfepg.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Auooaz.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\System32\cxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.SAV /ShowLegalNote=nonbranded O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenrz32.exe Last edited by DigitalSmash83 : May 27th, 2005 at 02:41 AM. Reason: i wasn't specific before..
|
|
#2
May 26th, 2005, 06:52 PM
|
|||
|
|||
|
log continued....
O4 - HKLM\..\Run: [2srP39h] sndpro32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [sdwhgye] c:\windows\system32\ddjccls.exe O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\TSUNAMI BOMB\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe O4 - HKCU\..\Run: [JB0FRVN5g] secmsft.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O16 - DPF: {105CE26D-3DA5-4A85-96FF-204536D4057F} - http://69.50.182.94/1/gdnUS1882.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe O18 - Filter: text/html - {A92F55DF-C228-4638-982F-B60616C00E99} - C:\WINDOWS\System32\pmam.dll O18 - Filter: text/plain - {A92F55DF-C228-4638-982F-B60616C00E99} - C:\WINDOWS\System32\pmam.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe thanks!
|
|
#3
May 27th, 2005, 02:38 AM
|
|||
|
|||
|
trojan hunter results
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoLoaderAproposClient
Removed registry key HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Unable to open key HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Removed registry key HKEY_CLASSES_ROOT\Wbho.Band\CLSID Removed registry key HKEY_CLASSES_ROOT\Wbho.Band\CurVer Removed registry key HKEY_CLASSES_ROOT\Wbho.Band Removed registry key HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid Removed registry key HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32 Removed registry key HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib Removed registry key HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64} Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\kydmzylki Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibjhin Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\ef Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\q8 Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\qe Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\qt Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\tg Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\tgv Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\tt1 Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\ttt Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m\vv Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools\nlibx4m Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinTools Removed registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinTools Removed registry key HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Removed registry key HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Removed registry key HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Removed registry key HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools Removed registry key HKEY_CURRENT_USER\Software\WinTools\URLSearchHooks Removed registry key HKEY_CURRENT_USER\Software\WinTools Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} Removed registry key HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} Removed registry key HKEY_CLASSES_ROOT\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\0\win32 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\0 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\FLAGS Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\HELPDIR Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875} Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\version Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient Removed registry key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings Removed registry key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer Removed registry key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings Removed registry key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Elitum Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Win Server Updt Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame\CurVer Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1 Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1 Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
|
|
#4
May 27th, 2005, 02:39 AM
|
|||
|
|||
|
the rest of the trojanhunter log...
Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0 Removed registry key HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9} Removed registry key HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid Removed registry key HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32 Removed registry key HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib Removed registry key HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649} Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7} Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser\CurVer Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser Removed registry key HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid Removed registry key HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32 Removed registry key HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib Removed registry key HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582} Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow\CurVer Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\Programmable Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\TypeLib Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\VersionIndependentProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046} Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49} Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame\CurVer Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1 Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32 Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID Removed registry key HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C} Removed registry key HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid Removed registry key HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32 Removed registry key HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib Removed registry key HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0} Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1\CLSID Removed registry key HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1 Removed registry key HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid Removed registry key HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32 Removed registry key HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib Removed registry key HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7} Removed registry key HKEY_CURRENT_USER\Software\intexp\Config Removed registry key HKEY_CURRENT_USER\Software\intexp\MyFileSystem2 Removed registry key HKEY_CURRENT_USER\Software\intexp Cleaning module WToolsB.dll in process WToolsA.exe Module WToolsB.dll successfully unloaded from process WToolsA.exe (1432) Renamed file C:\Program Files\AutoUpdate\AutoUpdate.exe to C:\Program Files\AutoUpdate\AutoUpdate.exe.tcf Renamed file C:\Program Files\Common Files\updmgr\updmgr.exe to C:\Program Files\Common Files\updmgr\updmgr.exe.tcf Unable to rename file C:\Program Files\Common Files\WinTools\WToolsB.dll (The process cannot access the file because it is being used by another process). Scheduling file to be renamed on reboot Renamed file C:\WINDOWS\systb.dll to C:\WINDOWS\systb.dll.tcf Renamed file C:\WINDOWS\SYSTEM32\PopOops.dll to C:\WINDOWS\SYSTEM32\PopOops.dll.tcf Renamed file C:\WINDOWS\SYSTEM32\PopOops2.dll to C:\WINDOWS\SYSTEM32\PopOops2.dll.tcf Renamed file C:\WINDOWS\SYSTEM32\SWLAD2.dll to C:\WINDOWS\SYSTEM32\SWLAD2.dll.tcf Renamed file C:\WINDOWS\tdtb.exe to C:\WINDOWS\tdtb.exe.tcf Trojan cleaning finished.
|
|
#5
May 27th, 2005, 09:57 AM
|
||||
|
||||
|
hello DigitalSmash83,
I can see traces of the Navidad Virus on your system. Quote:
This is a difficult to remove malware. Please unzip hijackthis to a permanent folder on you hardisk. That way hijackthis can make backups in case of any mistakes. You have posted a lot of information which is a very good thing. However please clarify a few points. Is that the hijacklog after the trojan hunter scan ? or before ? if it is infact before, then please perform the following: Download Adaware and Spybot from the links in my siganture below. Then reboot into safe mode by pressing f8 after the first beep when booting. Run adware, spybot and trojan hunter again. Then reboot into windows normally and run hijackthis and post the log here. The spybot S&D should be able to clean out a few of the less harmful entries on your system. I cannot guide you further, but i'm sure the other moderator TomMyboy will stop by and help you soon. Please try and do the steps i have mentioned and post a fresh log. Cheers 
__________________
Nigel ..Seeking code free nirvana... Nigel Fernandes Blog Never argue with fools. They will bring you down to their level and beat you with experience.  Manchester United Forever  
|
|
#6
May 30th, 2005, 01:29 AM
|
|||
|
|||
thanks!
Thank you thank you! I will do as you said, and post the results tomorrow. Also.. I wasn't able to access the internet for the last few days! My Virtual Memory was too low? AND... everytime i tried to access the internet.. it went to the "cannot find url" type of page. And yes.. I performed the Hijack this before the trojan hunter log. I should have posted a fresh HJT log.. but my computer wouldn't allow it. It's really really bad now! Sometimes I can access the internet.. sometimes I cannot! Yahoo comes up really funny.. and random words in web pages come up as links to a "clicksearch" website? I am assuming it's ad stuff.. OH MY GOSH.. what have I gotten myself INTO??? I'm a web designer, and my computer IS MY LIFE AND MY ONLY SOURCE OF INCOME! I am SOOOOO sad! Generally, I'm very savvy when it comes to this stuff.. but after not being able to get rid of this stuff in safe mode.. it was beyond me. I will be installing a firewall as well. I can't believe Norton didn't come with one.. I overlooked the fact that it comes seperate. Again, thank you for your help, and I'm looking forward to being able to use my computer again!
|
|
#7
May 31st, 2005, 03:43 PM
|
|||
|
|||
|
Fresh HJT Log...
Alrighty.. I ran Ad-aware and it came up with tons of stuff that it got rid of as well.
Here is my new HJT Log.. Logfile of HijackThis v1.99.1 Scan saved at 1:37:22 PM, on 5/31/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\exp.exe C:\WINDOWS\System32\wintask.exe C:\WINDOWS\system\bjjwhdplsq.exe c:\windows\system32\sipsgc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtrr.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\TSUNAMI BOMB\Desktop\HijackThis.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=9 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: SDWin32 Class - {03312A14-F862-4ABC-863A-2C329A6D24C2} - C:\WINDOWS\System32\kciok.dll O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll (file missing) O2 - BHO: SDWin32 Class - {CB50E1B6-39A3-40C4-8E1E-79E1D71A52A7} - C:\WINDOWS\System32\owwod.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [kciokc] C:\WINDOWS\System32\kciokc.exe O4 - HKLM\..\Run: [owwodc] C:\WINDOWS\System32\owwodc.exe
|
|
#8
May 31st, 2005, 03:44 PM
|
|||
|
|||
The rest of the log
HJT Log Continued....
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{CA1BD715-2F27-4AC8-8B95-3D5777C8079D}\SECURITY.EXE O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{CA1BD715-2F27-4AC8-8B95-3D5777C8079D}\SVCHOST.EXE O4 - HKLM\..\Run: [agdaoh] c:\windows\system32\sipsgc.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\unuump.exe reg_run O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\TSUNAMI BOMB\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O16 - DPF: {105CE26D-3DA5-4A85-96FF-204536D4057F} - http://69.50.182.94/1/gdnUS1882.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0002.exe O18 - Filter: text/html - {A92F55DF-C228-4638-982F-B60616C00E99} - C:\WINDOWS\System32\pmam.dll O18 - Filter: text/plain - {A92F55DF-C228-4638-982F-B60616C00E99} - C:\WINDOWS\System32\pmam.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe thanks!
|
|
#9
June 5th, 2005, 04:49 PM
|
|||
|
|||
yupp.....still not working
My computer is STILL not working correctly. Yahoo and some other webpage's fonts come up really large. Larger than they should. Still have tons of pop-ups, and my dekstop is Hijacked daily. I know how to get the desktop back to normal.. but it still changes back to some "security.html" stuff eventually. How frustrating!!! Norton says I have a different virus everytime..yup. Totally sucks.
|
|
#10
June 6th, 2005, 12:59 AM
|
||||
|
||||
|
hi digitalsmash83, sorry i have not had time to go over your log. I seems Tom has been quite busy as well. Please post a fresh log, as the one you have posted will be outdated by now. Re-scan your your pc and post the log again. Its a pain i'm sure, but it will give us the lastest to work with. I'll check on this thread tongiht and if Tom has not post |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
