Jump to content


Photo

Should I reformat hard drive and start over?


  • Please log in to reply
5 replies to this topic

#1 jtheking

jtheking

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 07:33 PM

Your help would be VERY VERY appreciated

After a serious fight to get about:blank off my computer, I installed and I often run all the security measures reccomended. Everything was fine until a week ago when Spyware gaurd started sending "An attempt to change internet settings has been detected" message. BHO's were being added in new. dll files. I removed the BHO but 30 seconds later it was back. I deleted the .dll file and a new one was created in it's place. All total I probably deleted about 150 new .dll files that had no purpose but to contain a BHO. Now those warnings have tapered off (although suddenly today again I am getting a new .dll file every minute or so - no joke) but Spyware gaurd reports every few minutes that my browser has been changed. I always change it back but I can't do this every five minutes. Plus I'm getting pop-ups again that my pop-up blocker program can't stop. Getting rid of about:blank was horrible. I don't want to reformat my hard drive but if I can do that , install all the security again and not have to deal with the constant hijackers, I will.

Anyway, here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 9:17:58 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crfq.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\iemq.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iemq.exe] C:\WINDOWS\system32\iemq.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKLM\..\RunOnce: [crfq.exe] C:\WINDOWS\system32\crfq.exe
O4 - HKLM\..\RunOnce: [mfcup32.exe] C:\WINDOWS\system32\mfcup32.exe
O4 - HKLM\..\RunOnce: [sdkbq.exe] C:\WINDOWS\system32\sdkbq.exe
O4 - HKLM\..\RunOnce: [netuu.exe] C:\WINDOWS\netuu.exe
O4 - HKLM\..\RunOnce: [ievi32.exe] C:\WINDOWS\ievi32.exe
O4 - HKLM\..\RunOnce: [ntyt.exe] C:\WINDOWS\system32\ntyt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8122.7347453704
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 06 July 2004 - 07:34 PM

Hello please download About:Buster Version 1.25 and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.


Ducky
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 jtheking

jtheking

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 08:42 PM

Thanks!

Okay. I did it. Here they are.

About:Buster Version 1.25
Removed! : C:\WINDOWS\alxycc.dat
Removed! : C:\WINDOWS\avtnkb.dat
Removed! : C:\WINDOWS\azojp.dat
Removed! : C:\WINDOWS\bkadcw.dat
Removed! : C:\WINDOWS\bmabt.dat
Removed! : C:\WINDOWS\bsmzbn.dat
Removed! : C:\WINDOWS\bthyt.dat
Removed! : C:\WINDOWS\bypkt.dat
Removed! : C:\WINDOWS\bzdjei.dat
Removed! : C:\WINDOWS\caedp.dll
Removed! : C:\WINDOWS\cdvda.dat
Removed! : C:\WINDOWS\clstlr.dat
Removed! : C:\WINDOWS\cnnfn.dat
Removed! : C:\WINDOWS\cntapc.dat
Removed! : C:\WINDOWS\cpzbn.dat
Removed! : C:\WINDOWS\cqced.dat
Removed! : C:\WINDOWS\croa32.exe
Removed! : C:\WINDOWS\ddyhs.dat
Removed! : C:\WINDOWS\dgubo.dat
Removed! : C:\WINDOWS\dokpyx.dat
Removed! : C:\WINDOWS\ecsnb.dat
Removed! : C:\WINDOWS\ecydw.dat
Removed! : C:\WINDOWS\enykc.dat
Removed! : C:\WINDOWS\fboac.dat
Removed! : C:\WINDOWS\fbsgf.dat
Removed! : C:\WINDOWS\gfufxp.dat
Removed! : C:\WINDOWS\ghqjph.dat
Removed! : C:\WINDOWS\gsctb.dat
Removed! : C:\WINDOWS\hdash.dat
Removed! : C:\WINDOWS\hpauk.dat
Removed! : C:\WINDOWS\hycnc.dat
Removed! : C:\WINDOWS\iegfs.dat
Removed! : C:\WINDOWS\ievi32.exe
Removed! : C:\WINDOWS\ijhqm.dat
Removed! : C:\WINDOWS\ikalm.dat
Removed! : C:\WINDOWS\istqx.dat
Removed! : C:\WINDOWS\ivnpo.dat
Removed! : C:\WINDOWS\jcswg.dat
Removed! : C:\WINDOWS\jhmkj.dat
Removed! : C:\WINDOWS\jwjly.dat
Removed! : C:\WINDOWS\kozwhx.dat
Removed! : C:\WINDOWS\laaqq.dat
Removed! : C:\WINDOWS\mllmc.dat
Removed! : C:\WINDOWS\netuu.exe
Removed! : C:\WINDOWS\njwob.dat
Removed! : C:\WINDOWS\nnnpa.dat
Removed! : C:\WINDOWS\nubjkj.dat
Removed! : C:\WINDOWS\nwzdr.dat
Removed! : C:\WINDOWS\oyfmu.dll
Removed! : C:\WINDOWS\pckdv.dat
Removed! : C:\WINDOWS\pmcgi.dat
Removed! : C:\WINDOWS\qohpg.dat
Removed! : C:\WINDOWS\qqumu.dat
Removed! : C:\WINDOWS\sgvhl.dat
Removed! : C:\WINDOWS\sverzg.dat
Removed! : C:\WINDOWS\sysqx32.dll
Removed! : C:\WINDOWS\sysqx32.exe
Removed! : C:\WINDOWS\ugxnmn.dat
Removed! : C:\WINDOWS\ushgi.dat
Removed! : C:\WINDOWS\uvifud.dat
Removed! : C:\WINDOWS\vlzmk.dat
Removed! : C:\WINDOWS\vonyl.dat
Removed! : C:\WINDOWS\xbbcv.dat
Removed! : C:\WINDOWS\xqgwrn.dat
Removed! : C:\WINDOWS\yevyu.dat
Removed! : C:\WINDOWS\yobse.dat
Removed! : C:\WINDOWS\ypuns.dat
Removed! : C:\WINDOWS\ywnfe.dat
Removed! : C:\WINDOWS\ywodn.dat
Removed! : C:\WINDOWS\zhjhn.dat
Removed! : C:\WINDOWS\zincpv.dat
Removed! : C:\WINDOWS\zjhfh.dat
Removed! : C:\WINDOWS\zwhyc.dat
Removed! : C:\WINDOWS\zygmp.dat
Removed! : C:\WINDOWS\System32\aacdj.dat
Removed! : C:\WINDOWS\System32\adfnx.dat
Removed! : C:\WINDOWS\System32\akujs.dat
Removed! : C:\WINDOWS\System32\aubdd.dat
Removed! : C:\WINDOWS\System32\azxcr.dat
Removed! : C:\WINDOWS\System32\bmzpr.dat
Removed! : C:\WINDOWS\System32\bttvh.dat
Removed! : C:\WINDOWS\System32\cjyyl.dat
Removed! : C:\WINDOWS\System32\crfq.exe
Removed! : C:\WINDOWS\System32\czfoj.dat
Removed! : C:\WINDOWS\System32\dmjvy.dat
Removed! : C:\WINDOWS\System32\fgrdn.dat
Removed! : C:\WINDOWS\System32\fnghl.dat
Removed! : C:\WINDOWS\System32\fqbgs.dat
Removed! : C:\WINDOWS\System32\gmlcs.dat
Removed! : C:\WINDOWS\System32\gomfj.dat
Removed! : C:\WINDOWS\System32\gqjgx.dat
Removed! : C:\WINDOWS\System32\hvour.dat
Removed! : C:\WINDOWS\System32\iemq.exe
Removed! : C:\WINDOWS\System32\irfcv.dat
Removed! : C:\WINDOWS\System32\jadhn.dat
Removed! : C:\WINDOWS\System32\kcjhi.dat
Removed! : C:\WINDOWS\System32\kgoni.dat
Removed! : C:\WINDOWS\System32\lgmso.dat
Removed! : C:\WINDOWS\System32\lnceu.dat
Removed! : C:\WINDOWS\System32\mfcup32.exe
Removed! : C:\WINDOWS\System32\mvinx.dat
Removed! : C:\WINDOWS\System32\ndubh.dat
Removed! : C:\WINDOWS\System32\nkpab.dat
Removed! : C:\WINDOWS\System32\ntyt.exe
Removed! : C:\WINDOWS\System32\ofbph.dat
Removed! : C:\WINDOWS\System32\ooriw.dat
Removed! : C:\WINDOWS\System32\ozzgj.dat
Removed! : C:\WINDOWS\System32\praat.dat
Removed! : C:\WINDOWS\System32\qfaww.dat
Removed! : C:\WINDOWS\System32\qgzav.dat
Removed! : C:\WINDOWS\System32\qhunj.dat
Removed! : C:\WINDOWS\System32\qpncd.dat
Removed! : C:\WINDOWS\System32\ritsq.dat
Removed! : C:\WINDOWS\System32\rjspq.dat
Removed! : C:\WINDOWS\System32\rzzpm.dat
Removed! : C:\WINDOWS\System32\sdkbq.exe
Removed! : C:\WINDOWS\System32\shuwk.dat
Error Removing! : C:\WINDOWS\System32\sysnn.dll
Removed! : C:\WINDOWS\System32\thwdg.dat
Removed! : C:\WINDOWS\System32\tknse.dat
Removed! : C:\WINDOWS\System32\tvxde.dat
Removed! : C:\WINDOWS\System32\tyajn.dat
Removed! : C:\WINDOWS\System32\uocxo.dat
Removed! : C:\WINDOWS\System32\uxlrq.dat
Removed! : C:\WINDOWS\System32\vasgq.dat
Removed! : C:\WINDOWS\System32\vcvat.dat
Removed! : C:\WINDOWS\System32\vsfib.dat
Removed! : C:\WINDOWS\System32\vyqga.dat
Removed! : C:\WINDOWS\System32\wacch.dat
Removed! : C:\WINDOWS\System32\wkfxb.dat
Removed! : C:\WINDOWS\System32\wmjrf.dat
Removed! : C:\WINDOWS\System32\xblyt.dat
Removed! : C:\WINDOWS\System32\xlwpa.dat
Removed! : C:\WINDOWS\System32\xzguy.dat
Removed! : C:\WINDOWS\System32\zdtws.dat
Removed! : C:\WINDOWS\System32\zmeuo.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


AND hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 10:39:29 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8122.7347453704
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8122.7347453704
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx

#4 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 06 July 2004 - 08:49 PM

Hey looks really good. A good idea would be to delete this file. Should be a lot better.

C:\WINDOWS\System32\sysnn.dll
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#5 jtheking

jtheking

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 09:06 PM

Yeah. I would love to delete that file. IT is one of the one's that kept recreating when I deleted it before. Now I can't delete it. Access denied.

Any ideas?

#6 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 06 July 2004 - 09:11 PM

Two Suggestions

1) Use Killbox. Program is pretty self explanatory.

2) Goto the files properties. Uncheck Read Only, Hidden etc.. Then reboot and try to delete.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button