|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-09-2005, 05:31 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2005
Posts: 36
OS: xp home
|
Another tiresome Hijack this log...
Hi there,
Sorry to say that I am back again. Was here 2 weeks ago when my whole laptop crashed and burned. Got up and running again thankfully, but Google has been hajacked again. Have followed your standard instructions (system restore off, show hidden files and folders etc.) Ran : Ad-aware:fixed ;coolwebsearch, tracking cookies, dataminers Ran: Spybot: fixed; webdiallers, DSO Exploit, ALLcybersearch Ran: CW Shredder; removed CWS.hidden.dll Ran Hijack this and fixed about:blank BUT unfortunatly its all still there... Have also installed Windows SP2 ( before all this happened) Sorry to be back again with the same problem. Was trying to look for some free Web Design Software, came upon a site called Freeware and was looking at the packages, was trying to close down lots of pop-ups while simultainously stopping automatic downloads, it all went a bit crazy for a moment and low and behold, when I went back to Google, found a lovely new toolbar... Please have a look at my log when someone has a moment. Thanks Fiona PS, Is there less security on your computer when you get broadband?? have had so many problems... Also, would anyone recommend some security software for me, this is so tiresome, as it is for you.... Logfile of HijackThis v1.99.1 Scan saved at 00:05:22, on 10/04/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS1\System32\smss.exe C:\WINDOWS1\system32\winlogon.exe C:\WINDOWS1\system32\services.exe C:\WINDOWS1\system32\lsass.exe C:\WINDOWS1\system32\svchost.exe C:\WINDOWS1\System32\svchost.exe C:\WINDOWS1\system32\spoolsv.exe C:\WINDOWS1\system32\IoctlSvc.exe C:\WINDOWS1\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe C:\WINDOWS1\System32\HotfixQ0306270.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS1\system32\RaConfig2500.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\WINDOWS1\System32\wuauclt.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: (no name) - {B92A9A97-EC2B-4A42-B74C-5E7F72AC23A4} - C:\WINDOWS1\System32\dcjn.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS1\System32\HotfixQ0306270.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Registration-Studio 7 SE.lnk = C:\Program Files\Pinnacle\Studio 7\Register\RegTool.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS1\system32\RaConfig2500.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02ac17d0...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112650995922 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O18 - Filter: text/html - {6DB6BDC5-D5A5-4DE4-B51E-C3D6230E43E1} - C:\WINDOWS1\System32\dcjn.dll O18 - Filter: text/plain - {6DB6BDC5-D5A5-4DE4-B51E-C3D6230E43E1} - C:\WINDOWS1\System32\dcjn.dll O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS1\system32\IoctlSvc.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-09-2005, 06:46 PM
|
#2 (permalink) |
|
Registered User
Join Date: Mar 2005
Posts: 36
OS: xp home
|
Inside I'm Screaming.....
I am so paitent, normally.. but I've just typed 5 pages of a word document which has encountered an error and its gone... this may or may not have anything to do with this problem of hijacking.. don't want to take the chance of typing anymore. :3-sqhot:
|
|
|
|
|
04-10-2005, 02:55 AM
|
#3 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
fionamaye:
As you never posted back to the conclusion of you last thread lets cover some points before attacking your log. a. Your OS is outdated. Both XP and IE6 need the latest service packs installed as well as ALL critical update. b. Please read through the spyware prevention section on how to protect yourself from spyware/adware Here and use the recommend programs and methods to protect yourself! In reality your PC should not even have internet access as it's unprotected. Ok....on to your log.... Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Right click on My Computer and go to Properties->System Restore and check the box for Turn ON System Restore. Then make a restore point in case this fix fails you can restore to that point. Download CW-Shredder at the link below: http://cwshredder.net/bin/CWShredder.exe Download SpSeHjfix http://www.derbilk.de/SpSeHjfix112.zip to the desktop and then right click a blank part of desktop & select new folder, call it spfix unzip the file into that folder Disconnect from the net and Close ALL OPEN PROGRAMS. Run SpSeHjfix and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder. If it doesn't find any of the SE files or any hidden re-installers it will say system clean and not go on to next stage Now run the Shredder - Hit The FIX button! Reboot and post a fresh HJT log and the log that was created by SpSeHjfix
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
04-10-2005, 08:31 AM
|
#4 (permalink) |
|
Registered User
Join Date: Mar 2005
Posts: 36
OS: xp home
|
Thanks for the advice...
Thanks for that. Sounds like its a bit of a mess.
Reason I didn't post back last time was that it took me ages to get my laptop up and running again and its still not complete. Neighbour managed to access my files through a linux system and copied over my word documents but I lost everything else. I re-installed XP/Windows again from the recovery CD that came with the laptop. Logfile of HijackThis v1.99.1 Scan saved at 14:34:56, on 10/04/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS1\System32\smss.exe C:\WINDOWS1\system32\winlogon.exe C:\WINDOWS1\system32\services.exe C:\WINDOWS1\system32\lsass.exe C:\WINDOWS1\system32\svchost.exe C:\WINDOWS1\System32\svchost.exe C:\WINDOWS1\system32\spoolsv.exe C:\WINDOWS1\system32\IoctlSvc.exe C:\WINDOWS1\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe C:\WINDOWS1\System32\HotfixQ0306270.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS1\system32\RaConfig2500.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\WINDOWS1\System32\wuauclt.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS1\System32\HotfixQ0306270.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Registration-Studio 7 SE.lnk = C:\Program Files\Pinnacle\Studio 7\Register\RegTool.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS1\system32\RaConfig2500.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02ac17d0...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112650995922 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS1\system32\IoctlSvc.exe 4/10/05 14:13:33) SPSeHjFix started v1.1.2 (4/10/05 14:13:33) OS: WinXP (5.1.2600) (4/10/05 14:13:33) Language: english (4/10/05 14:13:33) Win-Path: C:\WINDOWS1 (4/10/05 14:13:33) System-Path: C:\WINDOWS1\System32 (4/10/05 14:13:33) Temp-Path: C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\ (4/10/05 14:13:44) Disinfection started (4/10/05 14:13:44) Bad-Dll(IEP): c:\docume~1\fiona~1\locals~1\temp\se.dll (4/10/05 14:13:44) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS1\System32\dcjn.dll (4/10/05 14:13:44) Searchassistant Uninstaller - Keys Deleted (4/10/05 14:13:44) UBF: 6 - UBB: 4 - UBR: 11 (4/10/05 14:13:44) FilterKey: HKCR\text/html (deleted) (4/10/05 14:13:44) FilterKey: HKCR\CLSID\{6DB6BDC5-D5A5-4DE4-B51E-C3D6230E43E1} (deleted) (4/10/05 14:13:44) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (4/10/05 14:13:44) FilterKey: HKCR\text/plain (deleted) (4/10/05 14:13:44) FilterKey: HKCR\CLSID\{6DB6BDC5-D5A5-4DE4-B51E-C3D6230E43E1} (error while deleting) (4/10/05 14:13:44) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting) (4/10/05 14:13:44) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B92A9A97-EC2B-4A42-B74C-5E7F72AC23A4} (deleted) (4/10/05 14:13:44) BHO-Key: HKCR\CLSID\{B92A9A97-EC2B-4A42-B74C-5E7F72AC23A4} (deleted) (4/10/05 14:13:44) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Meara\LOCALS~1\Temp\se.dll,DllInstall (deleted) (4/10/05 14:13:44) UBF: 4 - UBB: 3 - UBR: 10 (4/10/05 14:13:44) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona~1\locals~1\temp\se.dll/spage.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona~1\locals~1\temp\se.dll/spage.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (4/10/05 14:13:44) Stealth-String not found (4/10/05 14:13:44) File added to delete: c:\windows1\system32\dcjn.dll (4/10/05 14:13:44) File added to delete: c:\docume~1\meara\locals~1\temp\se.dll (4/10/05 14:13:44) Reboot (4/10/05 14:15:16) SPSeHjFix started v1.1.2 (4/10/05 14:15:16) OS: WinXP (5.1.2600) (4/10/05 14:15:16) Language: english (4/10/05 14:15:16) Win-Path: C:\WINDOWS1 (4/10/05 14:15:16) System-Path: C:\WINDOWS1\System32 (4/10/05 14:15:16) Temp-Path: C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\ (4/10/05 14:27:04) Disinfection started (4/10/05 14:27:04) Bad-Dll(IEP): c:\docume~1\fiona~1\locals~1\temp\se.dll (4/10/05 14:27:04) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS1\System32\dcjn.dll (4/10/05 14:27:04) Searchassistant Uninstaller - Keys Deleted (4/10/05 14:27:04) UBF: 6 - UBB: 4 - UBR: 11 (4/10/05 14:27:04) FilterKey: HKCR\text/html (deleted) (4/10/05 14:27:04) FilterKey: HKCR\CLSID\{AFB244A6-B573-4E3E-9FEB-8E2E66A12BE6} (deleted) (4/10/05 14:27:04) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (4/10/05 14:27:04) FilterKey: HKCR\text/plain (deleted) (4/10/05 14:27:04) FilterKey: HKCR\CLSID\{AFB244A6-B573-4E3E-9FEB-8E2E66A12BE6} (error while deleting) (4/10/05 14:27:04) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting) (4/10/05 14:27:04) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{011DBA76-B300-4F30-A850-A6BE4CD7D75A} (deleted) (4/10/05 14:27:04) BHO-Key: HKCR\CLSID\{011DBA76-B300-4F30-A850-A6BE4CD7D75A} (deleted) (4/10/05 14:27:04) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Meara\LOCALS~1\Temp\se.dll,DllInstall (deleted) (4/10/05 14:27:04) UBF: 4 - UBB: 3 - UBR: 10 (4/10/05 14:27:04) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona~1\locals~1\temp\se.dll/spage.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona~1\locals~1\temp\se.dll/spage.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (4/10/05 14:27:04) Stealth-String not found (4/10/05 14:27:04) File added to delete: c:\windows1\system32\dcjn.dll (4/10/05 14:27:04) File added to delete: c:\docume~1\meara\locals~1\temp\se.dll (4/10/05 14:27:04) Reboot (4/10/05 14:28:55) SPSeHjFix started v1.1.2 (4/10/05 14:28:55) OS: WinXP (5.1.2600) (4/10/05 14:28:55) Language: english (4/10/05 14:28:55) Win-Path: C:\WINDOWS1 (4/10/05 14:28:55) System-Path: C:\WINDOWS1\System32 (4/10/05 14:28:55) Temp-Path: C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\ (4/10/05 14:31:42) SPSeHjFix started v1.1.2 (4/10/05 14:31:42) OS: WinXP (5.1.2600) (4/10/05 14:31:42) Language: english (4/10/05 14:31:42) Win-Path: C:\WINDOWS1 (4/10/05 14:31:42) System-Path: C:\WINDOWS1\System32 (4/10/05 14:31:42) Temp-Path: C:\DOCUME~1\FIONA~1\LOCALS~1\Temp\ (4/10/05 14:31:45) Disinfection started (4/10/05 14:31:45) Bad-Dll(IEP): (not found) (4/10/05 14:31:45) Bad-Dll(IEP) in BHO: (not found) (4/10/05 14:31:45) UBF: 4 - UBB: 3 - UBR: 10 (4/10/05 14:31:45) UBF: 4 - UBB: 3 - UBR: 10 (4/10/05 14:31:45) Bad IE-pages: (none) (4/10/05 14:31:45) Stealth-String not found (4/10/05 14:31:45) Not infected->END |
|
|
|
|
04-10-2005, 02:40 PM
|
#5 (permalink) |
|
Registered User
Join Date: Mar 2005
Posts: 36
OS: xp home
|
Ok...Think all is fine now..
Ok, Ive done a lot of work today to update my computer. Followed your security advice above (thanks so much for that) downloaded all the windows critical security patches, also got some antivirus software and new search engine Mozilla Firefox which seems to be recomended in here.
Spent the whole day on this and think that I am now free of all the nasties. Will post another Hijack log, just to be sure. If someone could just take a quick look to confirm. I think that you'll be impressed!!  Hopefully wont ever have to bother all you clever people in here again! Thanks, Fiona Logfile of HijackThis v1.99.1 Scan saved at 21:31:37, on 10/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS1\System32\smss.exe C:\WINDOWS1\system32\winlogon.exe C:\WINDOWS1\system32\services.exe C:\WINDOWS1\system32\lsass.exe C:\WINDOWS1\system32\svchost.exe C:\WINDOWS1\System32\svchost.exe C:\WINDOWS1\system32\spoolsv.exe C:\WINDOWS1\Explorer.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS1\system32\IoctlSvc.exe C:\WINDOWS1\system32\slserv.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS1\System32\HotfixQ0306270.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS1\system32\RaConfig2500.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS1\System32\HotfixQ0306270.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS1\system32\RaConfig2500.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02ac17d0...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112650995922 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS1\system32\IoctlSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS1\SYSTEM32\slserv.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe |
|
|
|
|
04-10-2005, 03:12 PM
|
#6 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Outstanding.. Your clean. You can't see it...but I'm beeming with pride!!
 ...lolMake sure you use SpywareBlaster, Spywareguard and Winpatrol from that link I posted. This will prevent the spyware from getting installed in the first place.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
| Thread Tools | |
|
|
