Jump to content


Photo

Explorer errors


  • Please log in to reply
14 replies to this topic

#1 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 June 2004 - 12:06 PM

Explorer has caused an error in IEFRARED.DLL Explorer will now close.

I know I have malware and was slowly trying to clear it out of the system with Adaware, CWS, and virus scans. I grabbed BHO and Spyware Blaster while I was at it and before installing those the error quoted above read "Explorer has caused an error in <unknown>". Now I have a file name but I have no clue what's causing the problem. It also comes up in Safe Mode and I can't use ALT CTRL DEL to shut down unncessary programs without killing Explorer first. Hijack This log follows-

Logfile of HijackThis v1.97.7
Scan saved at 11:55:22 AM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNEW\SYSTEM\KERNEL32.DLL
C:\WINNEW\SYSTEM\MSGSRV32.EXE
C:\WINNEW\SYSTEM\mmtask.tsk
C:\WINNEW\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINNEW\EXPLORER.EXE
C:\WINNEW\RUNDLL32.EXE
C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE
C:\WINNEW\TASKMON.EXE
C:\WINNEW\SYSTEM\SYSTRAY.EXE
C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE
C:\WINNEW\SYSTEM\HPZTSB06.EXE
C:\WINNEW\LOADQM.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\WINNEW\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINNEW\SYSTEM32\IPNUT.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...//sbc.yahoo.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNEW\SYSUPD.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [IPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Arkadium (HKLM)
O9 - Extra 'Tools' menuitem: Arkadium (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n4/dlhelper.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7909.7341550926
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...?affiliate=WISH
O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tourname...myInetUtils.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/S...s/WalletCab.CAB
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium....kDownloader.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.c...X/LPControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldw...v44/sol/sol.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldw...focus/focus.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldw...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera....webeditpro3.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pog...r-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire02.p...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pog...l-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.po...n-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.co...m-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldw...iv/solotriv.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...74/QDow_AS2.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldw...am/skillgam.cab

#2 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 June 2004 - 09:21 PM

bump. Please help asap! Am expected to work on campaign matters and can't until I resolve this.

#3 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 July 2004 - 10:18 AM

Bumping again. Folks, please, I'm facing a deadline here and can't meet it until I fix the computer issues! :eek:

#4 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 July 2004 - 10:21 AM

I forgot I updated to the newest version of HJT and scanned again- here's the current log-file

Logfile of HijackThis v1.98.0
Scan saved at 9:51:57 AM, on 7/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNEW\SYSTEM\KERNEL32.DLL
C:\WINNEW\SYSTEM\MSGSRV32.EXE
C:\WINNEW\SYSTEM\SPOOL32.EXE
C:\WINNEW\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINNEW\SYSTEM\mmtask.tsk
C:\WINNEW\EXPLORER.EXE
C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE
C:\WINNEW\RUNDLL32.EXE
C:\WINNEW\TASKMON.EXE
C:\WINNEW\SYSTEM\SYSTRAY.EXE
C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE
C:\WINNEW\SYSTEM\HPZTSB06.EXE
C:\WINNEW\LOADQM.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINNEW\SYSTEM32\IPNUT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNEW\SYSUPD.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [IPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n4/dlhelper.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...?affiliate=WISH
O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tourname...myInetUtils.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/S...s/WalletCab.CAB
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium....kDownloader.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.c...X/LPControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldw...v44/sol/sol.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldw...focus/focus.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldw...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera....webeditpro3.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pog...r-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire02.p...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pog...l-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.po...n-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.co...m-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldw...iv/solotriv.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...74/QDow_AS2.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldw...am/skillgam.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

#5 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 July 2004 - 06:23 PM

Bumping so I can post a new log shortly.

I updated CWS Shredder and ran it, ran Trojan Hunter twice (it found and removed one Trojan) and now am running RAV online virus scan (so far it's managed to find several other Trojans! :gasp: ) and then BitDefender's online scan since I can't seem to get Housecall to work.

#6 OSC

OSC

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 397 posts

Posted 01 July 2004 - 09:21 PM

Hi diamondsoul,

You have the Look2Me parasite here.

But first, since you have an inordinate number of Active-X controls, we'll take them all out using hijackthis. These entries represent those dialog boxes that popup when you go to those game sites asking you "Yes" or "No". When and if you go to these sites or if you have game sites you go to on a regular basis, you will be prompted to install these Active-X controls again.

Run hijackthis again, click Scan. Check the boxes next to these entries. Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n4/dlhelper.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...?affiliate=WISH
O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tourname...myInetUtils.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/S...s/WalletCab.CAB
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium....kDownloader.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.c...X/LPControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldw...v44/sol/sol.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldw...focus/focus.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldw...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera....webeditpro3.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pog...r-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire02.p...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pog...l-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.po...n-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.co...m-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldw...iv/solotriv.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...74/QDow_AS2.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldw...am/skillgam.cab


Now, let's deal with this Look2Me parasite. Go here and download this file:
http://www.downloads...VX2Finder9x.exe

Save it to your desktop and run it. Click Make Log and paste the log back here along with an updated hijackthis log.

#7 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 July 2004 - 10:36 PM

Ok, cleaned out all activeX controls and ran the program you directed me to- here's what it found :gasp:

(If I'm supposed to get a notepad window with a log like we do from HJT, it didn't work that way, just wanted to let you know in case this isn't the kind of log you were looking for)

Files Found---
C:\WINNEW\SYSTEM\CqCFG32.DLL
C:\WINNEW\SYSTEM\HeTPLUG.DLL
C:\WINNEW\SYSTEM\HrTPLUG.DLL
C:\WINNEW\SYSTEM\HvTPLUG.DLL
C:\WINNEW\SYSTEM\IaSETUP.DLL
C:\WINNEW\SYSTEM\IbSETUP.DLL
C:\WINNEW\SYSTEM\IeFRARED.DLL
C:\WINNEW\SYSTEM\IpFRARED.DLL
C:\WINNEW\SYSTEM\IrSETUP.DLL
C:\WINNEW\SYSTEM\IsFRARED.DLL
C:\WINNEW\SYSTEM\IxFRARED.DLL
C:\WINNEW\SYSTEM\IyFRARED.DLL
C:\WINNEW\SYSTEM\MqLOCUSR.DLL
C:\WINNEW\SYSTEM\RjCLTC5.DLL
C:\WINNEW\SYSTEM\RoCLTS5.DLL
C:\WINNEW\SYSTEM\UgBUI.DLL
C:\WINNEW\SYSTEM\UmBUI.DLL
C:\WINNEW\SYSTEM\UtBUI.DLL
C:\WINNEW\SYSTEM\VtWWDM32.DLL
C:\WINNEW\SYSTEM\WbNG.DLL
C:\WINNEW\SYSTEM\WsNG.DLL
C:\WINNEW\SYSTEM\WuNG.DLL


User Agent String---
{DD6D7DC5-44DD-4E1D-90ED-7E7675853E64}

Note that IeFRARED.DLL is the file named in the error message.


Logfile of HijackThis v1.98.0
Scan saved at 10:34:35 PM, on 7/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNEW\SYSTEM\KERNEL32.DLL
C:\WINNEW\SYSTEM\MSGSRV32.EXE
C:\WINNEW\SYSTEM\SPOOL32.EXE
C:\WINNEW\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINNEW\SYSTEM\mmtask.tsk
C:\WINNEW\EXPLORER.EXE
C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE
C:\WINNEW\RUNDLL32.EXE
C:\WINNEW\TASKMON.EXE
C:\WINNEW\SYSTEM\SYSTRAY.EXE
C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE
C:\WINNEW\SYSTEM\HPZTSB06.EXE
C:\WINNEW\LOADQM.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINNEW\SYSTEM32\IPNUT.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINNEW\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\WINNEW\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNEW\SYSUPD.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [IPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

Edited by diamondsoul, 02 July 2004 - 12:05 AM.


#8 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 July 2004 - 08:05 AM

Bumping for early morning help..

Hey guys, you know it's bad when you have dreams about cleaning spyware out of your system! :rofl: :weee:

#9 OSC

OSC

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 397 posts

Posted 02 July 2004 - 10:42 AM

Hi diamondsoul,

Yes, that is the log we are looking for.

Run Vx2Finder again, select the files and delete them all (your desktop will temporarily disappear. That is supposed to happen so don't panic) :)

Next, click the User Agent$ button which will remove the User Agent String in the registry. Finally, click the Look2Me.reg button which should fix the Double Quicklaunch toolbar.

Then run hijackthis again, click Scan. Check the boxes next to these entries (if they are there). Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com


Now run vx2finder again and post a new log along with an updated hijackthis log.

#10 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 July 2004 - 10:43 AM

Ok, OSC, I cheated and went ahead and deleted the pesky error message file- IeFRARED

I know I probably shouldn't have but not having access to task manager was driving me buggy. So far no errors on reboot, so I'll edit to show new VXFinder and HJT log in just a sec.

#11 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 July 2004 - 12:54 PM

Running Vx2Finder and removing all the logged entries left me with no response from the prgram when I hit the User Agent$ button.

Current Vx2 Finder log is empty no files listed under either heading

Current HJT log follows-(blinks...didn't we just wipe the ActiveX files?! Wha'happened?!)

Logfile of HijackThis v1.98.0
Scan saved at 12:47:17 PM, on 7/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNEW\SYSTEM\KERNEL32.DLL
C:\WINNEW\SYSTEM\MSGSRV32.EXE
C:\WINNEW\SYSTEM\SPOOL32.EXE
C:\WINNEW\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINNEW\SYSTEM\mmtask.tsk
C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE
C:\WINNEW\EXPLORER.EXE
C:\WINNEW\TASKMON.EXE
C:\WINNEW\SYSTEM\SYSTRAY.EXE
C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE
C:\WINNEW\SYSTEM\HPZTSB06.EXE
C:\WINNEW\LOADQM.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINNEW\SYSTEM32\IPNUT.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNEW\SYSUPD.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [IPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.micro...n4/dlhelper.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} - http://www.rovion.co...?affiliate=WISH
O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} - https://www.tourname...myInetUtils.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} - http://64.69.77.23/S...s/WalletCab.CAB
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} - http://www.arkadium....kDownloader.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.c...ers/play365.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} - http://www.mgisoft.c...X/LPControl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} - http://mirror.worldw...shape/shape.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://mirror.worldw...v44/sol/sol.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} - http://mirror.worldw...se/collapse.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} - http://mirror.worldw...focus/focus.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://mirror.worldw...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} - https://www.kintera....webeditpro3.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} - http://download.palt....x/regdload.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pog...r-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire02.p...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pog...l-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.co...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo....g-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.po...n-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.co...m-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} - http://mirror.worldw...iv/solotriv.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...74/QDow_AS2.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - http://mirror.worldw...am/skillgam.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

#12 OSC

OSC

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 397 posts

Posted 02 July 2004 - 09:18 PM

NOTE: Was helped in chat room. Going to clean the O16's again and post a new log. Also, computer is clean of Look2Me.

#13 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 03 July 2004 - 06:44 AM

New HJT log- Any idea what those last two items are? AUHook, I don't remember seeing that on previous logs (before these recent problems) or recognize it.

Logfile of HijackThis v1.98.0
Scan saved at 6:39:11 AM, on 7/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNEW\SYSTEM\KERNEL32.DLL
C:\WINNEW\SYSTEM\MSGSRV32.EXE
C:\WINNEW\SYSTEM\SPOOL32.EXE
C:\WINNEW\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINNEW\SYSTEM\mmtask.tsk
C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE
C:\WINNEW\EXPLORER.EXE
C:\WINNEW\TASKMON.EXE
C:\WINNEW\SYSTEM\SYSTRAY.EXE
C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE
C:\WINNEW\SYSTEM\HPZTSB06.EXE
C:\WINNEW\LOADQM.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINNEW\SYSTEM32\IPNUT.EXE
C:\WINNEW\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\WINNEW\WUAUCLT.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNEW\SYSUPD.EXE
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [IPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

#14 diamondsoul

diamondsoul

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 04 July 2004 - 08:25 AM

Bumping just to check in on that last log.

#15 OSC

OSC

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 397 posts

Posted 07 July 2004 - 06:54 PM

Hi diamondsoul,

Sorry for the delay in responding. Haven't been near a computer for a few days. :evilgrin: Was having withdrawals. :D

Anyway, are these the items you are talking about:
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL


If so, and you are sure you don't need or want this program, check Add/Remove Programs and look for Arkadium. If it's there, uninstall it. Then fix these 2 with hijackthis (again, only if you are sure you don't use/need this program):
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe


As for the last one, leave that one alone as it is a critical operating system file. :!:

The rest of your log is clean. :) Here's some reading for prevention.

Protection - download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacools...areblaster.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.staff.uiu...rce.htm#IESPYAD

Both are very small free programs that you run once, and then just occasionally to check for updates.

And also see So how did I get infected in the first place?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button