• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
verntfb3

RES://orjts.dll/index.html#37049

16 posts in this topic

I got Browser hijacked with the CWS form RES://orjts.dll/index.html#37049.Plus I'm getting the only the best pop upand other as well.I didn't see anything posted about this variant>I tried CW shredder and it said I was clean>I've posted my hijack this log.I really need your help to get rid of these things!!!. Thanks ogfile of HijackThis v1.98.0

Scan saved at 8:20:21 PM, on 7/7/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\CSAFE\AUTOCHK.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\NUMBER9\HAWK_32.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\JAVAIB32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\orjts.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://orjts.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://orjts.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\orjts.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\orjts.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://orjts.dll/index.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\APIIF32.DLL

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} - C:\WINDOWS\APIIF32.DLL

O2 - BHO: Class - {D71F86E9-153C-EC16-809D-92D47ADFA43D} - C:\WINDOWS\APIIF32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [D3HU32.EXE] C:\WINDOWS\SYSTEM\D3HU32.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [JAVAUH.EXE] C:\WINDOWS\SYSTEM\JAVAUH.EXE

O4 - HKLM\..\RunServices: [iEKA32.EXE] C:\WINDOWS\IEKA32.EXE

O4 - HKLM\..\RunServices: [NETBQ32.EXE] C:\WINDOWS\NETBQ32.EXE

O4 - HKLM\..\RunServices: [iECK.EXE] C:\WINDOWS\IECK.EXE

O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE

O4 - HKLM\..\RunServices: [D3QQ.EXE] C:\WINDOWS\SYSTEM\D3QQ.EXE

O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\SYSTEM\CRPY.EXE

O4 - HKLM\..\RunServices: [NTRT.EXE] C:\WINDOWS\SYSTEM\NTRT.EXE

O4 - HKLM\..\RunServices: [WINTV32.EXE] C:\WINDOWS\SYSTEM\WINTV32.EXE

O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\SYSTEM\NETUO32.EXE

O4 - HKLM\..\RunServices: [ATLZG.EXE] C:\WINDOWS\ATLZG.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [sYSGT32.EXE] C:\WINDOWS\SYSGT32.EXE

O4 - HKLM\..\RunServices: [WINIC32.EXE] C:\WINDOWS\WINIC32.EXE

O4 - HKLM\..\RunServices: [APIIE32.EXE] C:\WINDOWS\APIIE32.EXE

O4 - HKLM\..\RunServices: [NETHH.EXE] C:\WINDOWS\SYSTEM\NETHH.EXE

O4 - HKLM\..\RunServices: [JAVAZR32.EXE] C:\WINDOWS\JAVAZR32.EXE

O4 - HKLM\..\RunServices: [JAVAIB32.EXE] C:\WINDOWS\SYSTEM\JAVAIB32.EXE

O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

OK Rubber Here is my log About:Buster Version 1.25

Removed! : C:\WINDOWS\tfjsii.dat

Removed! : C:\WINDOWS\zzricv.dat

Removed! : C:\WINDOWS\pjxyus.dat

Error Removing! : C:\WINDOWS\apiif32.dll

Removed! : C:\WINDOWS\ldgjpo.dat

Removed! : C:\WINDOWS\xgjfvo.dat

Removed! : C:\WINDOWS\netqa.exe

Removed! : C:\WINDOWS\mfcjs.exe

Removed! : C:\WINDOWS\toidpe.dat

Removed! : C:\WINDOWS\ecixbk.dat

Removed! : C:\WINDOWS\uzhbou.dat

Removed! : C:\WINDOWS\tbcgpg.dat

Removed! : C:\WINDOWS\hocuru.dat

Removed! : C:\WINDOWS\jciag.dat

Removed! : C:\WINDOWS\rsbifr.dat

Removed! : C:\WINDOWS\fxsuvg.dat

Removed! : C:\WINDOWS\xevous.dat

Removed! : C:\WINDOWS\ohvwwk.dat

Removed! : C:\WINDOWS\zxngpp.dat

Removed! : C:\WINDOWS\rklwyv.dat

Removed! : C:\WINDOWS\vkytft.dat

Removed! : C:\WINDOWS\demxnn.dat

Removed! : C:\WINDOWS\dkrwcx.dat

Removed! : C:\WINDOWS\rockit.dat

Removed! : C:\WINDOWS\addby.exe

Removed! : C:\WINDOWS\n_imgazq.dat

Removed! : C:\WINDOWS\atlfr.exe

Removed! : C:\WINDOWS\ixzoth.dat

Removed! : C:\WINDOWS\n_ioikiu.dat

Removed! : C:\WINDOWS\lmwgir.dat

Removed! : C:\WINDOWS\mfcfv32.exe

Error Removing! : C:\WINDOWS\System\javaib32.exe

Removed! : C:\WINDOWS\System\winmk.exe

Removed! : C:\WINDOWS\System\netmf.exe

Removed! : C:\WINDOWS\System\wcapb.dat

Removed! : C:\WINDOWS\System\rjikl.dat

Removed! : C:\WINDOWS\System\iegi32.exe

Removed! : C:\WINDOWS\System\swram.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done! OK Rubber Ducky,Here is the About buster log,and new Hijack this log ogfile of HijackThis v1.98.0

Scan saved at 9:01:06 PM, on 7/7/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\CSAFE\AUTOCHK.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\NUMBER9\HAWK_32.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\JAVAIB32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\APIIF32.DLL

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} - C:\WINDOWS\APIIF32.DLL

O2 - BHO: Class - {D71F86E9-153C-EC16-809D-92D47ADFA43D} - C:\WINDOWS\APIIF32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [D3HU32.EXE] C:\WINDOWS\SYSTEM\D3HU32.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [JAVAUH.EXE] C:\WINDOWS\SYSTEM\JAVAUH.EXE

O4 - HKLM\..\RunServices: [iEKA32.EXE] C:\WINDOWS\IEKA32.EXE

O4 - HKLM\..\RunServices: [NETBQ32.EXE] C:\WINDOWS\NETBQ32.EXE

O4 - HKLM\..\RunServices: [iECK.EXE] C:\WINDOWS\IECK.EXE

O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE

O4 - HKLM\..\RunServices: [D3QQ.EXE] C:\WINDOWS\SYSTEM\D3QQ.EXE

O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\SYSTEM\CRPY.EXE

O4 - HKLM\..\RunServices: [NTRT.EXE] C:\WINDOWS\SYSTEM\NTRT.EXE

O4 - HKLM\..\RunServices: [WINTV32.EXE] C:\WINDOWS\SYSTEM\WINTV32.EXE

O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\SYSTEM\NETUO32.EXE

O4 - HKLM\..\RunServices: [ATLZG.EXE] C:\WINDOWS\ATLZG.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [sYSGT32.EXE] C:\WINDOWS\SYSGT32.EXE

O4 - HKLM\..\RunServices: [WINIC32.EXE] C:\WINDOWS\WINIC32.EXE

O4 - HKLM\..\RunServices: [APIIE32.EXE] C:\WINDOWS\APIIE32.EXE

O4 - HKLM\..\RunServices: [NETHH.EXE] C:\WINDOWS\SYSTEM\NETHH.EXE

O4 - HKLM\..\RunServices: [JAVAZR32.EXE] C:\WINDOWS\JAVAZR32.EXE

O4 - HKLM\..\RunServices: [JAVAIB32.EXE] C:\WINDOWS\SYSTEM\JAVAIB32.EXE

O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

OK Rubber Ducky, Here is my Hijack this log,after rebooting in safe mode.How does it look now?can saved at 9:41:31 PM, on 7/7/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\CSAFE\AUTOCHK.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\NUMBER9\HAWK_32.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: Class - {D71F86E9-153C-EC16-809D-92D47ADFA43D} - C:\WINDOWS\APIIF32.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [D3HU32.EXE] C:\WINDOWS\SYSTEM\D3HU32.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [JAVAUH.EXE] C:\WINDOWS\SYSTEM\JAVAUH.EXE

O4 - HKLM\..\RunServices: [iEKA32.EXE] C:\WINDOWS\IEKA32.EXE

O4 - HKLM\..\RunServices: [NETBQ32.EXE] C:\WINDOWS\NETBQ32.EXE

O4 - HKLM\..\RunServices: [iECK.EXE] C:\WINDOWS\IECK.EXE

O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE

O4 - HKLM\..\RunServices: [D3QQ.EXE] C:\WINDOWS\SYSTEM\D3QQ.EXE

O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\SYSTEM\CRPY.EXE

O4 - HKLM\..\RunServices: [NTRT.EXE] C:\WINDOWS\SYSTEM\NTRT.EXE

O4 - HKLM\..\RunServices: [WINTV32.EXE] C:\WINDOWS\SYSTEM\WINTV32.EXE

O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\SYSTEM\NETUO32.EXE

O4 - HKLM\..\RunServices: [ATLZG.EXE] C:\WINDOWS\ATLZG.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [sYSGT32.EXE] C:\WINDOWS\SYSGT32.EXE

O4 - HKLM\..\RunServices: [WINIC32.EXE] C:\WINDOWS\WINIC32.EXE

O4 - HKLM\..\RunServices: [APIIE32.EXE] C:\WINDOWS\APIIE32.EXE

O4 - HKLM\..\RunServices: [NETHH.EXE] C:\WINDOWS\SYSTEM\NETHH.EXE

O4 - HKLM\..\RunServices: [JAVAZR32.EXE] C:\WINDOWS\JAVAZR32.EXE

O4 - HKLM\..\RunServices: [JAVAIB32.EXE] C:\WINDOWS\SYSTEM\JAVAIB32.EXE

O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

Well the Hijack is gone but can still be triggered. Can you please send any of these files to Here.

 

C:\WINDOWS\SYSTEM\JAVAUH.EXE

C:\WINDOWS\IEKA32.EXE

C:\WINDOWS\NETBQ32.EXE

C:\WINDOWS\IECK.EXE

C:\WINDOWS\MFCMN32.EXE

C:\WINDOWS\SYSTEM\D3QQ.EXE

C:\WINDOWS\SYSTEM\CRPY.EXE

C:\WINDOWS\SYSTEM\NTRT.EXE

C:\WINDOWS\SYSTEM\WINTV32.EXE

C:\WINDOWS\SYSTEM\NETUO32.EXE

C:\WINDOWS\ATLZG.EXE

 

 

Please send all of them if you can.

Remember to zip them up. I will provide an update shortly after you send them so that they will be removed.

Share this post


Link to post
Share on other sites

Hi Rubber Ducky, I've searched for these files,but I don't see them.I've look in the folders that are showing but I can't find any of them.Are they still on my system somewhere?C:\WINDOWS\SYSTEM\JAVAUH.EXE

C:\WINDOWS\IEKA32.EXE

C:\WINDOWS\NETBQ32.EXE

C:\WINDOWS\IECK.EXE

C:\WINDOWS\MFCMN32.EXE

C:\WINDOWS\SYSTEM\D3QQ.EXE

C:\WINDOWS\SYSTEM\CRPY.EXE

C:\WINDOWS\SYSTEM\NTRT.EXE

C:\WINDOWS\SYSTEM\WINTV32.EXE

C:\WINDOWS\SYSTEM\NETUO32.EXE

C:\WINDOWS\ATLZG.EXE

Share this post


Link to post
Share on other sites

These files;in my system; are loaded from the registry [machine service]location,whatever that means,and I don't seem to be able to access them.I had the appropriate box to show all files,even the hidden one to show.Also I was going through the registry and found a webroot spyware folder,I hoped that I had deleted previously,and found the RES://orjts/index.html#37049 values in two different locations hiding,and lurking in that folder.Amazing!I deleted them.I hope you could help me from here to find these remain executable files.Thanks Rubber Duckey

Share this post


Link to post
Share on other sites

These files;in my system; are loaded from the registry [machine service]location,whatever that means,and I don't seem to be able to access them.I had the appropriate box to show all files,even the hidden one to show.Also I was going through the registry and found a webroot spyware folder,I hoped that I had deleted previously,and found the RES://orjts/index.html#37049 values in two different locations hiding,and lurking in that folder.Amazing!I deleted them.I hope you could help me from here to find these remain executable files.Should I use

Share this post


Link to post
Share on other sites

Hey Rubber Ducky, Here is my Hijack This log for today:

Logfile of HijackThis v1.98.0

Scan saved at 6:04:38 PM, on 7/9/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\CSAFE\AUTOCHK.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\NUMBER9\HAWK_32.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/

O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: Class - {710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: Class - {D71F86E9-153C-EC16-809D-92D47ADFA43D} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [D3HU32.EXE] C:\WINDOWS\SYSTEM\D3HU32.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [JAVAUH.EXE] C:\WINDOWS\SYSTEM\JAVAUH.EXE

O4 - HKLM\..\RunServices: [iEKA32.EXE] C:\WINDOWS\IEKA32.EXE

O4 - HKLM\..\RunServices: [NETBQ32.EXE] C:\WINDOWS\NETBQ32.EXE

O4 - HKLM\..\RunServices: [iECK.EXE] C:\WINDOWS\IECK.EXE

O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE

O4 - HKLM\..\RunServices: [D3QQ.EXE] C:\WINDOWS\SYSTEM\D3QQ.EXE

O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\SYSTEM\CRPY.EXE

O4 - HKLM\..\RunServices: [NTRT.EXE] C:\WINDOWS\SYSTEM\NTRT.EXE

O4 - HKLM\..\RunServices: [WINTV32.EXE] C:\WINDOWS\SYSTEM\WINTV32.EXE

O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\SYSTEM\NETUO32.EXE

O4 - HKLM\..\RunServices: [ATLZG.EXE] C:\WINDOWS\ATLZG.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [sYSGT32.EXE] C:\WINDOWS\SYSGT32.EXE

O4 - HKLM\..\RunServices: [WINIC32.EXE] C:\WINDOWS\WINIC32.EXE

O4 - HKLM\..\RunServices: [APIIE32.EXE] C:\WINDOWS\APIIE32.EXE

O4 - HKLM\..\RunServices: [NETHH.EXE] C:\WINDOWS\SYSTEM\NETHH.EXE

O4 - HKLM\..\RunServices: [JAVAZR32.EXE] C:\WINDOWS\JAVAZR32.EXE

O4 - HKLM\..\RunServices: [JAVAIB32.EXE] C:\WINDOWS\SYSTEM\JAVAIB32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

Hi there,

 

Run Hijack This and tick the boxes next to these items.

 

O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: Class - {710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} - C:\WINDOWS\APIIF32.DLL (file missing)

O2 - BHO: Class - {D71F86E9-153C-EC16-809D-92D47ADFA43D} - C:\WINDOWS\APIIF32.DLL (file missing)

O4 - HKLM\..\Run: [D3HU32.EXE] C:\WINDOWS\SYSTEM\D3HU32.EXE

O4 - HKLM\..\RunServices: [JAVAUH.EXE] C:\WINDOWS\SYSTEM\JAVAUH.EXE

O4 - HKLM\..\RunServices: [iEKA32.EXE] C:\WINDOWS\IEKA32.EXE

O4 - HKLM\..\RunServices: [NETBQ32.EXE] C:\WINDOWS\NETBQ32.EXE

O4 - HKLM\..\RunServices: [iECK.EXE] C:\WINDOWS\IECK.EXE

O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE

O4 - HKLM\..\RunServices: [D3QQ.EXE] C:\WINDOWS\SYSTEM\D3QQ.EXE

O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\SYSTEM\CRPY.EXE

O4 - HKLM\..\RunServices: [NTRT.EXE] C:\WINDOWS\SYSTEM\NTRT.EXE

O4 - HKLM\..\RunServices: [WINTV32.EXE] C:\WINDOWS\SYSTEM\WINTV32.EXE

O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\SYSTEM\NETUO32.EXE

O4 - HKLM\..\RunServices: [ATLZG.EXE] C:\WINDOWS\ATLZG.EXE

O4 - HKLM\..\RunServices: [sYSGT32.EXE] C:\WINDOWS\SYSGT32.EXE

O4 - HKLM\..\RunServices: [WINIC32.EXE] C:\WINDOWS\WINIC32.EXE

O4 - HKLM\..\RunServices: [APIIE32.EXE] C:\WINDOWS\APIIE32.EXE

O4 - HKLM\..\RunServices: [NETHH.EXE] C:\WINDOWS\SYSTEM\NETHH.EXE

O4 - HKLM\..\RunServices: [JAVAZR32.EXE] C:\WINDOWS\JAVAZR32.EXE

O4 - HKLM\..\RunServices: [JAVAIB32.EXE] C:\WINDOWS\SYSTEM\JAVAIB32.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

 

Then close all windows and hit fix checked. Restart your computer.

Delete these files if present... most should be gone

 

 

C:\WINDOWS\IEKA32.EXE

C:\WINDOWS\NETBQ32.EXE

C:\WINDOWS\IECK.EXE

C:\WINDOWS\MFCMN32.EXE

C:\WINDOWS\ATLZG.EXE

C:\WINDOWS\SYSGT32.EXE

C:\WINDOWS\WINIC32.EXE

C:\WINDOWS\APIIE32.EXE

C:\WINDOWS\JAVAZR32.EXE

C:\WINDOWS\SYSTEM\JAVAIB32.EXE

C:\WINDOWS\SYSTEM\D3HU32.EXE

C:\WINDOWS\SYSTEM\JAVAUH.EXE

C:\WINDOWS\SYSTEM\NETHH.EXE

C:\WINDOWS\SYSTEM\D3QQ.EXE

C:\WINDOWS\SYSTEM\CRPY.EXE

C:\WINDOWS\SYSTEM\NTRT.EXE

C:\WINDOWS\SYSTEM\WINTV32.EXE

C:\WINDOWS\SYSTEM\NETUO32.EXE

 

Then restart once more and post a new Hijack This log.

Share this post


Link to post
Share on other sites

Ok Rubber Ducky, This my Hijack this log after I deleted those files.How does it look now?. I also noted there were backups made of them, in the Hijack This folder.Should I delete the backups also to be safe?Logfile of HijackThis v1.98.0

Scan saved at 8:05:24 PM, on 7/9/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\CSAFE\AUTOCHK.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\NUMBER9\HAWK_32.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Share this post


Link to post
Share on other sites

THANK YOU SO MUCH RUBBER DUCKY, For all your time and help.It's most appreciated!!...Well Done!..I couldn't have done it without you.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0