Jump to content


Photo

I need help with hijacked browser


  • Please log in to reply
10 replies to this topic

#1 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 May 2004 - 12:57 PM

I believe my browser has been hijacked. I have updated Internet Explorer, run AdAware and run CWShredder but my browser continually shows about.blank in the address bar. I have included my Hijack scan results. Platform is Windows 98 SE. I appreciate any help/guidance that you can offer.


Logfile of HijackThis v1.97.7
Scan saved at 9:42:47 AM, on 5/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\MWW\MODEM\MWMWIN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\MWW\MANAGER\mwsw95.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\MCAIVFEI.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TGBCDE\MODULE32.EXE
C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\BZFZ1.EXE
C:\WINDOWS\SYSTEM\BZFZ1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\25WB6PYX\HIJACKTHIS[1].EXE

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [dbnjpjdj] C:\WINDOWS\mcaivfei.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [47MXZ9Q5W2XE3H] C:\WINDOWS\SYSTEM\UbgrYPnp.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\SYSTEM\wapisu.exe
O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O9 - Extra button: AIM (HKLM)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.93.68.65

Edited by greenejomonk, 31 May 2004 - 01:45 PM.


#2 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 31 May 2004 - 01:47 PM

First create a new folder called C:\HijackThis, extract the HijackThis.exe file from the zip file into the new folder and run it from there. This is necessary to ensure you have backups should anything go wrong.

Download and run Peper Removal Tool

Run an online scan from here and report back what is found.

Rescan with HJT and have it remove the following:

O4 - HKLM\..\Run: [dbnjpjdj] C:\WINDOWS\mcaivfei.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [47MXZ9Q5W2XE3H] C:\WINDOWS\SYSTEM\UbgrYPnp.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\SYSTEM\wapisu.exe

Reboot and search for the following and delete them:

mcaivfei.exe
zzb.exe
DP-HIM.EXE
wapisu.exe

Reboot again, rescan with HJT and post a new log here.

#3 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 May 2004 - 09:36 PM

Thank you for your help!


Results of HouseCall scan:

BKDR SANDBOX.A
TROJ GOLID.A
TRIOJ SMALL.EU
TROJ SCTHOUGHT.C
TROJ MSCACHE.A - deleted

Rescan with HJT and have it remove the following:

O4 - HKLM\..\Run: [dbnjpjdj] C:\WINDOWS\mcaivfei.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [47MXZ9Q5W2XE3H] C:\WINDOWS\SYSTEM\UbgrYPnp.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\SYSTEM\wapisu.exe

Removed all but HKLM\..\Run: [47MXZ9Q5W2XE3H] C:\WINDOWS\SYSTEM\UbgrYPnp.exe, which did not show up on scan.

Reboot and search for the following and delete them:

mcaivfei.exe – of the four, this was the only file that I found on file search.
zzb.exe
DP-HIM.EXE
wapisu.exe

Reboot again, rescan with HJT and post a new log here.

Logfile of HijackThis v1.97.7
Scan saved at 8:44:49 PM, on 5/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\MWW\MODEM\MWMWIN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\MWW\MANAGER\mwsw95.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TGBCDE\MODULE32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.93.68.65

#4 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 01 June 2004 - 06:18 AM

Boot into Safe Mode, Navagate to C:/Windows/RFV and delete it.

Download a free trial, Anti Trojan (TDS-3 is recommended) run it and post it's results.

Rescan with HJT and post a follow up log here.

#5 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 01 June 2004 - 08:13 AM

I could not locate C:/Windows/RFV.

TDS-3 Scan results:

Scan Control Dumped @ 09:01:12 01-06-04
Live trojan found (in process memory): Unknown Trojan
File: C:\WINDOWS\TGBCDE\MODULE32.EXE

Positive identification: Adware.Apropos
File: c:\sys_ai_client_loader.exe

Positive identification: TrojanDownloader.Win32.Lalus
File: c:\windows\msgcenter_lminv1.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\windows\bbb.exe

Positive identification (DLL): Adware.TalkStocks (dll)
File: c:\windows\temporary internet files\content.ie5\7j6iobi4\backup-20040526-181652-146.dll



Logfile of HijackThis v1.97.7
Scan saved at 9:06:32 AM, on 6/1/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\MWW\MODEM\MWMWIN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\MWW\MANAGER\mwsw95.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TGBCDE\MODULE32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TDS3\TDS-3.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.93.68.65

#6 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 01 June 2004 - 06:59 PM

I'm sorry, I should have been more specific.

Let TDS-3 fix what it finds.

Post another log afterwards to see if your clean???

#7 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 01 June 2004 - 11:06 PM

Sorry, I wasn’t sure.

TDS-3 Scan results:

Scan Control Dumped @ 09:01:12 01-06-04
Live trojan found (in process memory): Unknown Trojan
File: C:\WINDOWS\TGBCDE\MODULE32.EXE

Positive identification: Adware.Apropos
File: c:\sys_ai_client_loader.exe

Positive identification: TrojanDownloader.Win32.Lalus
File: c:\windows\msgcenter_lminv1.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\windows\bbb.exe

Positive identification (DLL): Adware.TalkStocks (dll)
File: c:\windows\temporary internet files\content.ie5\7j6iobi4\backup-20040526-181652-146.dll

Logfile of HijackThis v1.97.7
Scan saved at 11:59:45 PM, on 6/1/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\MWW\MODEM\MWMWIN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\MWW\MANAGER\mwsw95.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [tgbcde] C:\WINDOWS\tgbcde\module32.exe arg1
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.93.68.65

#8 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 02 June 2004 - 07:19 AM

Click Start, Run, and type "msconfig" without the quotes, then press "Enter" or click "OK"
click "Startup tab" look for module32.exe and uncheck it, reboot.


Download & install reg protection from
http://www.diamondcs...hp?page=regprot

Reboot

it will pop up lots of entries do not let it start this file module32.exe

Then boot into safe mode, Show Hidden Files & run hijackthis, remove the following:

O4 - HKCU\..\Run: [tgbcde] C:\WINDOWS\tgbcde\module32.exe arg1

Close HJT

While still in safe mode, Search for the following folder and delete it:

C:\WINDOWS\tgbcde

Click Start, Run, type "regedit" without the quotes, click Edit, Find and search for "module32" and delete what you find. Keep clicking "Find Next" until you have completely searched the registry.

Reboot back to normal mode and post another HJT log.

That should be the end of it?

Edited by dolphins, 02 June 2004 - 07:22 AM.


#9 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 June 2004 - 11:54 AM

Logfile of HijackThis v1.97.7
Scan saved at 12:41:02 PM, on 6/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\MWW\MODEM\MWMWIN.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\MWW\MANAGER\mwsw95.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TEMP\REGPROT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RegProt] c:\windows\temp\regprot.exe /start
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.93.68.65


dolphins,

I am very thankful for your help and guidance. I was feeling lost prior to the direction that you provided me.

#10 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 02 June 2004 - 04:46 PM

WOOHOO :bounce: Your log is clean :gasp:

Now protect that machine from further infections-> http://forums.net-in...?showtopic=3051

Also I would put RegProt in a permanant folder not in Temp Folder. It doesn't use any resources so you can keep it running to help stop future infections.

Let me know if you have any questions?

and your welcome.

#11 greenejomonk

greenejomonk

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 June 2004 - 05:35 PM

Thanks again! :wave:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button