• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
papavrn

I can't get rid of it even if I fix it!!

82 posts in this topic

That should be it. At the tops of the page is the link for the irc chatroom.

Use that and i am in the chatroom. you can use the java client. This one may get hairy to remove. it might be easier to talk you through removing this one.

Share this post


Link to post
Share on other sites

I'd love to but it's not loading. I get the popup and then it's done with nothing happening , just a gray screen!!!!!!

Share this post


Link to post
Share on other sites

ok let me know.. then i will have to give you instructions on how to use it and what to do.

can you print out instructions or write them down? you wont have internet access while we do this.

Also do you know your administrator account password?

Share this post


Link to post
Share on other sites

I can write them down. I don't think I have a password for administrator. Do I???

It's finished with the installation

Share this post


Link to post
Share on other sites

ok after thats all done.

 

1. reboot

2. a bootmenu will appear. Chose the recovery console option.

3. it will load up and drop you to a dos prompt that will look like this:

 

c:\windows

 

type on that line:

 

cd system32

(hit enter)

the prompt should change to

c:\windows\system32

 

type on that line this command:

 

ren hlpl.dll hlpl.bad

(hit enter)

 

it should just go to the next prompt with no error message or anything.

 

Reboot to normal mode( you can shut the computer off and back on.

 

look in c:\windows\system32 again and see if you see hlpl.bad there.

If you do dont do anything yet.

Post back here.

Share this post


Link to post
Share on other sites

Ok I was cut in the middle. When I typed ren hlpl.dll hlpl.bad it said either: the parameter is not valid. I typed insted RENAME hlpl.dll hlpl.bad and it said the system cannot find the file or directory specified.

Share this post


Link to post
Share on other sites

I don't believe this I just checked on System 32 and the one moment the hlpl.bad was there and the other it wasn't. I didn't touch it, I just stolled the bar of the window and when I got to it, it disappeared!!!

Edited by papavrn

Share this post


Link to post
Share on other sites

You'r no longer on the chat so here is the result. When I typed the "attrib...." thing I got back a message that the parameter is not valid. When I typed "del hlpl.dll" and "del hlpl.bad" both times it said "no matching files". I hate it

Share this post


Link to post
Share on other sites

Ok here is the log from dllfix

CWSDLL Appinit Fix By Shadowwar

Please Do not mirror Without Permission!

I can be contacted at spywaresubmit at aol.com

Wed 05/26/2004

07:34 AM

 

Backing up Registry Hive

 

The operation completed successfully

 

Deleting Windows Key

 

The operation completed successfully

 

Adding Test Windows Key

 

The operation completed successfully

 

Restoring temp Values Key

 

The operation completed successfully

 

Deleting Bad Appinit Value

 

The operation completed successfully

 

 

Backup of Modified Hiv

 

The operation completed successfully

 

Deleting test Windows key

 

The operation completed successfully

 

Adding Back Windows Key

 

The operation completed successfully

 

Restoring Registry Hive

 

The operation completed successfully

 

 

Restoring Cleaned Appinit Value

 

The operation completed successfully

 

Deleting Filter text

Running from C:\Documents and Settings\Papavramidou\Desktop\FixFolder\dllfix

Unlocking Locked File

Scanning For main hijacker.

Scanning for Hidden Dll in system32 1st pass

File was not found on first Pass.

 

Scanning for Hidden Dll in system32 2nd pass

A file could not be found.

 

Here is a directory listing to post.

 

 

---------- DIR.TXT

05/02/2004 11:45 AM 157,696 rmoc3260.dll

05/02/2004 11:44 AM 5,632 pndx5032.dll

05/02/2004 11:44 AM 6,656 pndx5016.dll

05/02/2004 11:44 AM 278,528 pncrt.dll

04/14/2004 11:17 AM 53,248 unrar.dll

04/09/2004 04:53 PM 6,656 spmsg.dll

03/29/2004 08:48 PM 257,536 gdi32.dll

03/29/2004 08:48 PM 439,808 ipnathlp.dll

03/29/2004 08:48 PM 136,704 schannel.dll

03/29/2004 08:48 PM 548,352 rtcdll.dll

03/29/2004 08:48 PM 593,408 h323msp.dll

03/29/2004 08:48 PM 971,264 msgina.dll

03/29/2004 08:48 PM 306,176 netapi32.dll

03/29/2004 08:48 PM 667,648 lsasrv.dll

03/29/2004 08:48 PM 51,712 msasn1.dll

03/29/2004 08:48 PM 36,864 mf3216.dll

03/16/2004 01:44 PM 30,749 vbajet32.dll

03/16/2004 01:44 PM 1,507,356 msjet40.dll

03/16/2004 12:38 PM 614,431 mswstr10.dll

03/16/2004 12:38 PM 151,583 msjint40.dll

03/10/2004 12:59 PM 593,408 xpsp2res.dll

03/05/2004 09:16 PM 977,920 msdtctm.dll

03/05/2004 09:16 PM 499,712 clbcatq.dll

03/05/2004 09:16 PM 226,816 es.dll

03/05/2004 09:16 PM 1,183,744 ole32.dll

03/05/2004 09:16 PM 535,552 rpcrt4.dll

03/05/2004 09:16 PM 1,194,496 comsvcs.dll

03/05/2004 09:16 PM 263,680 rpcss.dll

03/05/2004 09:16 PM 499,200 comuid.dll

03/05/2004 09:16 PM 225,280 catsrv.dll

03/05/2004 09:16 PM 82,432 mtxoci.dll

03/05/2004 09:16 PM 594,944 catsrvut.dll

03/05/2004 09:16 PM 150,528 msdtcuiu.dll

03/05/2004 09:16 PM 110,080 clbcatex.dll

03/05/2004 09:16 PM 97,280 txflog.dll

03/05/2004 09:16 PM 64,512 colbact.dll

03/05/2004 09:16 PM 367,616 msdtcprx.dll

03/05/2004 09:16 PM 64,512 mtxclu.dll

03/02/2004 01:18 PM 593,408 INETCOMM.DLL

03/01/2004 01:55 PM 348,189 msxbde40.dll

03/01/2004 01:55 PM 552,989 msrepl40.dll

03/01/2004 01:55 PM 258,077 mstext40.dll

03/01/2004 01:55 PM 348,189 mspbde40.dll

03/01/2004 01:55 PM 241,693 msjtes40.dll

03/01/2004 01:55 PM 319,517 msexcl40.dll

03/01/2004 01:55 PM 512,029 msexch40.dll

03/01/2004 01:52 PM 358,976 msjetoledb40.dll

02/09/2004 10:10 PM 200,984 wuaueng.dll

02/09/2004 10:09 PM 183,064 iuengine.dll

02/09/2004 10:08 PM 115,480 iuctl.dll

02/06/2004 06:05 PM 588,288 WININET.DLL

01/21/2004 04:21 PM 1,026,048 BROWSEUI.DLL

01/21/2004 04:20 PM 484,352 URLMON.DLL

01/21/2004 04:19 PM 2,795,520 MSHTML.DLL

01/21/2004 04:15 PM 1,339,904 SHDOCVW.DLL

01/21/2004 03:18 PM 395,264 SHLWAPI.DLL

01/10/2004 06:37 AM 380,957 expsrv.dll

01/10/2004 06:36 AM 831,519 mswdat10.dll

01/10/2004 06:36 AM 315,423 msrd3x40.dll

01/10/2004 06:36 AM 421,919 msrd2x40.dll

01/10/2004 06:36 AM 213,023 msltus40.dll

01/10/2004 06:36 AM 53,279 msjter40.dll

01/02/2004 03:20 PM 466,944 capicom.dll

Share this post


Link to post
Share on other sites

Ok here's the new log

 

--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==--

 

Wed 05/26/2004

08:08 AM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (143D:DAAA) - FS:NTFS clusters:4k

Total: 29 956 468 736 [28G] - Free: 22 744 215 552 [21G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q832894;Q831167;

 

*Google Toolbar version and Attributes:

Defaults: "A" ;"R"

Path not found - C:\Program Files\google

Path not found - C:\Program Files\google

 

*UserAgent:

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

*Wmplayer version:

8.0.0.4490 C:\Program Files\Windows Media Player\wmplayer.exe

6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

 

*M$Java version:

5.0.3810.0 C:\WINDOWS\System32\msjava.dll

 

 

*PC uptime:

8:09am up 0 days, 0:33

Locked or 'Suspect' file(s) found...

 

 

*List of top level windows:

HWND PID PRIO TITLE

10094 1280 norm Start Menu

10090 1280 norm CiceroUIWndFrame

20050 1280 norm _Shell_TrayWnd

10026 700 high NetDDE Agent

50258 2128 norm C:\WINDOWS\System32\cmd.exe

60414 304 norm MCI command handling window

103da 304 norm Animated BMP Sequence

103d8 304 norm Animated BMP

203e2 304 norm MSNMSGRPassportLogin

103e0 304 norm MSBLNetConn

1039a 304 norm DDE Server Window

20174 436 norm Notification Wnd for PNSetupMgr

1012a 1280 norm Connections Tray

101ac 436 norm RealPlayer

101aa 436 norm Audio Services Internal Messages

101a4 436 norm RMAEngineCommInternal

101a0 472 norm Music Match Tray Applet

1015a 424 norm Touchpad driver tray icon window

10158 424 norm Touchpad driver backward compatibility window

10156 424 norm Touchpad driver helper window

10152 444 norm DVDSentry

10150 412 norm Touchpad driver helper window

2012e 400 norm HkWndName

10128 1832 norm Support

100c6 1280 norm Power Meter

30040 1620 norm UnErase Process

100c4 1280 norm MS_WebcheckMonitor

20228 1280 norm SysFader

10092 1280 norm Program Manager

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"Appinit_Dlls"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83CA973E-8DED-480E-9497-0AD5F0B0C84E}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access NIKI\Papavramidou

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access NIKI\Papavramidou

 

 

Share this post


Link to post
Share on other sites

You know what? something you did got rid of the file.. Its no longer there.

 

Post a hijackthis log please.

Share this post


Link to post
Share on other sites

You think?? Please, please, please, please...

 

Logfile of HijackThis v1.97.7

Scan saved at 8:22:55 AM, on 5/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\carpserv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\America Online 8.0\aol.exe

C:\Program Files\America Online 8.0\waol.exe

C:\Program Files\America Online 8.0\aolwbspd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\unzipped\hijackthis1977\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {83CA973E-8DED-480E-9497-0AD5F0B0C84E} - C:\WINDOWS\System32\bgge.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /startup

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BD88753F-CB0F-45D4-A14E-8362BD288E91}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

ok close all ie's and fix the following:

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bgge.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {83CA973E-8DED-480E-9497-0AD5F0B0C84E} - C:\WINDOWS\System32\bgge.dll (file missing)

 

click fix.

 

Post me a fresh hijackthis log again. That should be it.

Share this post


Link to post
Share on other sites

OK here is the last log from HJT

 

Logfile of HijackThis v1.97.7

Scan saved at 8:40:20 AM, on 5/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\carpserv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\unzipped\hijackthis1977\HijackThis.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /startup

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Please run your windows updates to help prevent being reinfected.

 

internet explorer/tools(at top of screen)/windows updates

Install all critical at least. After you reboot Recheck again as there may be more!

 

Also see the link in my signature:

 

how did I get infected in the first place?

 

Here is some software that will help with prevention:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Also a good firewall if you do not have one like Zonealarm in my signature will help protect you and monitor what is accessing the internet.

 

Also an antivirus if you do not have one already : http://www.grisoft.com/us/us_dwnl_free.php

 

All free programs.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0