Jump to content


Photo

New Computer Hijacked When Data from Old computer


  • This topic is locked This topic is locked
12 replies to this topic

#1 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 08 June 2004 - 10:19 AM

I hope I am following all the rules properly. I have a new PC and transferred over data from old one using one of those linking programs and USB cable. Here is my log for Hijackthis

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
C:\WINDOWS\System32\pvaidnls.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SysAI\SysAI.exe
C:\lotus\123\123w.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuoteTracker\stocks.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Pat\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f109.mail....ead=b&box=Trash
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [aPObTEcf3] C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [ehhuyruggw] C:\WINDOWS\System32\pvaidnls.exe
O4 - HKLM\..\Run: [2F2V37R] dskfw32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...utocomplete.cab

#2 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 08 June 2004 - 10:47 AM

I'm looking over your log right now to see what needs to be done. I'll be back once I've figured out what needs to be done.

In the meantime, create a new folder/directory called C:\HJT and move HijackThis to it. Temp directories aren't good places for it since it will be deleted (along with the backups it creates) if the temp folder is cleared.

Also, run a full virus scan (I saw evidence of a virus infection). Report back with the names of the viruses found and infected files.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#3 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 08 June 2004 - 11:58 AM

Norton AntiVirus Quarantine Report
Created: Tuesday, June 08, 2004 12:56:45 PM
------------------------------------------------------------------------------

File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted

------------------------------------------------------------------------------

nem218[1].txt
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\Y1RCTWJ6
Backup of a deleted Security Risk 84.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:21 PM
Not submitted

------------------------------------------------------------------------------

CSIE.DLL
C:\Program Files\ClearSearch
Backup of a deleted Security Risk 96.5 KB Adware.ClearSearch
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:08 AM
Not submitted

------------------------------------------------------------------------------

Zdd9.exe
C:\I386
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:58 AM
Not submitted

------------------------------------------------------------------------------

Overpro323.exe
C:
Backup of a deleted Security Risk 184 KB Adware.IEDriver
Pat PATS MSHOME
Monday, June 07, 2004 11:45:50 AM
Not submitted

------------------------------------------------------------------------------

infamous.exe
C:\WINDOWS
Backup of a deleted Security Risk 208 KB Adware.WinFavorites
Pat PATS MSHOME
Monday, June 07, 2004 12:17:48 PM
Not submitted

------------------------------------------------------------------------------

Zdd9.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 2:13:16 PM
Not submitted

------------------------------------------------------------------------------

install.exe
C:\update
Backup of a deleted Security Risk 48.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 2:13:14 PM
Not submitted

------------------------------------------------------------------------------

Sync.exe
C:\Program Files\ClockSync
Backup of a deleted Security Risk 112 KB Adware.WhenU
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

Loader.exe
C:\Program Files\ClearSearch
Backup of a deleted Security Risk 76.0 KB Adware.ClearSearch
Pat PATS MSHOME
Monday, June 07, 2004 11:45:49 AM
Not submitted

------------------------------------------------------------------------------

wowex32[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:17:49 PM
Not submitted

------------------------------------------------------------------------------

terrabyte.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 124 KB Adware.IEDriver
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

SaveUninst.exe
C:\Program Files\Save
Backup of a deleted Security Risk 23.5 KB Adware.WhenU
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

ClrSchP072.exe
C:
Backup of a deleted Security Risk 76.0 KB Adware.ClearSearch
Pat PATS MSHOME
Monday, June 07, 2004 12:40:19 PM
Not submitted

------------------------------------------------------------------------------

dskfw32.exe
C:\I386
Backup of a deleted Security Risk 184 KB Download.Adware
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:56 AM
Not submitted

------------------------------------------------------------------------------

Bsbj0h6.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:17:47 PM
Not submitted

------------------------------------------------------------------------------

infamous[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\Y1RCTWJ6
Backup of a deleted Security Risk 208 KB Adware.WinFavorites
Pat PATS MSHOME
Monday, June 07, 2004 12:17:48 PM
Not submitted

------------------------------------------------------------------------------

Mvs32C.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

Xqeccx.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:17:49 PM
Not submitted

------------------------------------------------------------------------------

Ekm2OBS.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

Installer2.exe
C:\Documents and Settings\Pat\Local Settings\Temp
Backup of a deleted Security Risk 561 KB Adware.BlazeFind
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

a.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 14.5 KB Adware.WinFavorites
Pat PATS MSHOME
Monday, June 07, 2004 12:17:46 PM
Not submitted

------------------------------------------------------------------------------

bdlc4126.exe
C:\WINDOWS
Backup of a deleted Security Risk 132 KB Adware.Binet
Pat PATS MSHOME
Tuesday, June 08, 2004 12:55:56 PM
Not submitted

------------------------------------------------------------------------------

AutoUpdaterInstaller[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\SHQZW5Q3
Backup of a deleted Security Risk 503 KB Adware.Envolo
Pat PATS MSHOME
Monday, June 07, 2004 11:45:49 AM
Not submitted

------------------------------------------------------------------------------

YotvKCI.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:17:49 PM
Not submitted

------------------------------------------------------------------------------

bridge.dll
C:\I386
Backup of a deleted Security Risk 68.0 KB Adware.WinFavorites
Pat PATS MSHOME
Monday, June 07, 2004 2:13:13 PM
Not submitted

------------------------------------------------------------------------------

uptodate.EXE
C:\WINDOWS
Backup of a deleted Security Risk 77.5 KB Adware.TurboDownload
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

Key2.txt
C:\WINDOWS
Backup of a deleted Security Risk 231 KB Adware.BlazeFind
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

IEHost.EXE
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 156 KB Adware.IEDriver
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:08 AM
Not submitted

------------------------------------------------------------------------------

Pdo77j0.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:50 AM
Not submitted

------------------------------------------------------------------------------

bridge.dll
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 68.0 KB Adware.WinFavorites
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:56 AM
Not submitted

------------------------------------------------------------------------------

Bel277g.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:19 PM
Not submitted

------------------------------------------------------------------------------

Prs38O.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:50 AM
Not submitted

------------------------------------------------------------------------------

Xlo4l60H.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

SaveInstCsSm.exe
C:
Backup of a deleted Security Risk 387 KB Adware.WhenU
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

Wzpd25sB.exe
C:\I386
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:58 AM
Not submitted

------------------------------------------------------------------------------

auto_update_uninstall.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Envolo
Pat PATS MSHOME
Monday, June 07, 2004 11:45:48 AM
Not submitted

------------------------------------------------------------------------------

actulice.exe
C:\WINDOWS
Backup of a deleted Security Risk 64.0 KB Adware.Winpup
Pat PATS MSHOME
Monday, June 07, 2004 12:40:18 PM
Not submitted

------------------------------------------------------------------------------

ms.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 36.0 KB Adware.IEDriver
Pat PATS MSHOME
Monday, June 07, 2004 11:45:50 AM
Not submitted

------------------------------------------------------------------------------

auto_update_install.exe
C:\Documents and Settings\Pat\Local Settings\Temp\AutoUpdate0
Backup of a deleted Security Risk 248 KB Adware.Envolo
Pat PATS MSHOME
Monday, June 07, 2004 11:45:48 AM
Not submitted

------------------------------------------------------------------------------

install.exe
C:\Program Files\Internet Optimizer
Backup of a deleted Security Risk 48.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 2:13:14 PM
Not submitted

------------------------------------------------------------------------------

msmc.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 46.0 KB Adware.OMI
Pat PATS MSHOME
Monday, June 07, 2004 12:17:48 PM
Not submitted

------------------------------------------------------------------------------

IEHost.EXE
C:\I386
Backup of a deleted Security Risk 156 KB Adware.IEDriver
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:57 AM
Not submitted

------------------------------------------------------------------------------

stlbdist.DLL
C:\I386
Backup of a deleted Security Risk 212 KB Adware.TurboDownload
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:57 AM
Not submitted

------------------------------------------------------------------------------

ZzskYX.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:24 PM
Not submitted

------------------------------------------------------------------------------

actalert.exe
C:\Program Files\Internet Optimizer\update
Backup of a deleted Security Risk 33.2 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:18 PM
Not submitted

------------------------------------------------------------------------------

optimize[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\KFJRQ8LH
Backup of a deleted Security Risk 68.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:22 PM
Not submitted

------------------------------------------------------------------------------

JlyNv62.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

wowex32[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\KFJRQ8LH
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:23 PM
Not submitted

------------------------------------------------------------------------------

bdlc4126.exe
C:\WINDOWS
Backup of a deleted Security Risk 132 KB Adware.Binet
Pat PATS MSHOME
Tuesday, June 08, 2004 8:46:56 AM
Not submitted

------------------------------------------------------------------------------

SPATCHAM.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 64.0 KB Adware.Winpup
Pat PATS MSHOME
Monday, June 07, 2004 12:40:23 PM
Not submitted

------------------------------------------------------------------------------

2_0_1browserhelper2.dll
C:\WINDOWS
Backup of a deleted Security Risk 213 KB Adware.BlazeFind
Pat PATS MSHOME
Monday, June 07, 2004 12:40:17 PM
Not submitted

------------------------------------------------------------------------------

Installer2[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\Y1RCTWJ6
Backup of a deleted Security Risk 561 KB Adware.BlazeFind
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

dskfw32.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 184 KB Download.Adware
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:08 AM
Not submitted

------------------------------------------------------------------------------

Yum5.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:23 PM
Not submitted

------------------------------------------------------------------------------

Bin9.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:49 AM
Not submitted

------------------------------------------------------------------------------

search.dll
C:\Program Files\WhenUSearch
Backup of a deleted Security Risk 209 KB Adware.WhenU
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

Jks3.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:49 AM
Not submitted

------------------------------------------------------------------------------

NjpM9X44.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:21 PM
Not submitted

------------------------------------------------------------------------------

Wzpd25sB.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 2:13:16 PM
Not submitted

------------------------------------------------------------------------------

updmgr.exe
C:\Program Files\Common Files\updmgr
Backup of a deleted Security Risk 60.0 KB SecurityRisk.Downldr
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:10 AM
Not submitted

------------------------------------------------------------------------------

LixY2.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:49 AM
Not submitted

------------------------------------------------------------------------------

Mfh5TdA.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 228 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:40:20 PM
Not submitted

------------------------------------------------------------------------------

bdl14122[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\KFJRQ8LH
Backup of a deleted Security Risk 132 KB Adware.Binet
Pat PATS MSHOME
Monday, June 07, 2004 2:13:13 PM
Not submitted

------------------------------------------------------------------------------

stlbdist.DLL
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 212 KB Adware.TurboDownload
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:09 AM
Not submitted

------------------------------------------------------------------------------

AutoUpdate.exe
C:\Program Files\AutoUpdate
Backup of a deleted Security Risk 220 KB Adware.Envolo
Administrator PATS PATS
Tuesday, June 08, 2004 9:43:08 AM
Not submitted

------------------------------------------------------------------------------

Uninstaller.exe
C:\Documents and Settings\Pat\Local Settings\Temp
Backup of a deleted Security Risk 128 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 2:13:15 PM
Not submitted

------------------------------------------------------------------------------

install[1]
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\ZJP3FX8W
Backup of a deleted Security Risk 48.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 2:13:14 PM
Not submitted

------------------------------------------------------------------------------

searchupdate.exe
C:\Program Files\WhenUSearch
Backup of a deleted Security Risk 447 KB Adware.WhenU
Pat PATS MSHOME
Monday, June 07, 2004 11:45:51 AM
Not submitted

------------------------------------------------------------------------------

optimize.exe
C:\Documents and Settings\Pat\Local Settings\Temp
Backup of a deleted Security Risk 68.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:22 PM
Not submitted

------------------------------------------------------------------------------

QayhI.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 11:45:50 AM
Not submitted

------------------------------------------------------------------------------

cln262.tmp
C:\Documents and Settings\Pat\Local Settings\Temp
Backup of a deleted Security Risk 33.2 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 2:13:13 PM
Not submitted

------------------------------------------------------------------------------

actalert[1]
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\ZJP3FX8W
Backup of a deleted Security Risk 64.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:18 PM
Not submitted

------------------------------------------------------------------------------

UnstSA2.exe
C:\WINDOWS
Backup of a deleted Security Risk 407 KB Adware.BlazeFind
Pat PATS MSHOME
Monday, June 07, 2004 12:40:23 PM
Not submitted

------------------------------------------------------------------------------

wowex32[1].exe
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\50CZDPWP
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 2:13:15 PM
Not submitted

------------------------------------------------------------------------------

nem218.dll
C:\WINDOWS
Backup of a deleted Security Risk 33.7 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 12:40:21 PM
Not submitted

------------------------------------------------------------------------------

Tovs.exe
C:\WINDOWS\SYSTEM32
Backup of a deleted Security Risk 448 KB Adware.Quadro
Pat PATS MSHOME
Monday, June 07, 2004 12:17:49 PM
Not submitted

------------------------------------------------------------------------------

optimize.exe
C:\Program Files\Internet Optimizer
Backup of a deleted Security Risk 68.0 KB Adware.NetOptimizer
Pat PATS MSHOME
Monday, June 07, 2004 2:13:15 PM
Not submitted

------------------------------------------------------------------------------

Hope this helps - thanx in advance!!!

#4 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 08 June 2004 - 12:21 PM

oOPS - i DON'T THINK THAT IS WHAT YOU NEEDED - please advise how i get that info plz?

#5 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 08 June 2004 - 12:41 PM

I'm not sure how Norton AV works, but I'm guessing that when you run a full virus scan there's some kind of report produced with what viruses were found during that particular scan. That would be the info I need.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#6 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 08 June 2004 - 01:21 PM

Won't work - will only put the stuff I gave you in a text file. On the screen it shows the different threats. Any other ideas or programs you are familiar with that I coud download and run to produce the report you need?

#7 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 08 June 2004 - 02:56 PM

Skip the anti-virus thing for now.

If you haven't done so already, Download Ad-Aware:
http://www.lavasoft....ftware/adaware/

After installing AAW, and before running the program.

Reconfigure Ad-Aware for Full Scan:
Please update the reference file following the instructions here:
http://www.lavahelp....dref/index.html

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed.

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys. Click 'Next' again
Right-click in that pane and choose "select all"

If it finds "bad" files and registry keys, press "Next" again
It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot. Post a new log (make sure you post the entire log this time. You left the header info out the last time).

-- LB

Edited by VashonDude, 08 June 2004 - 03:02 PM.

Want to help in the fight against malware? Join the SWI boot camp.

#8 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 09 June 2004 - 08:14 AM

Here is my new log after running adaware - once again thanx for all your help!!!

Logfile of HijackThis v1.97.7
Scan saved at 9:13:46 AM, on 6/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Pat\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f109.mail....ead=b&box=Trash
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [aPObTEcf3] C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [2F2V37R] dskfw32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...utocomplete.cab

#9 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 09 June 2004 - 10:09 AM

There's still a few things left to remove, but before doing that you'll need to create a new folder called C:\HJT and move HijackThis to it (otherwise the backups that are made will be lost if the temp directory is cleared).

After doing that, go back into HijackThis (close all browser windows first) and remove the following entries:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [aPObTEcf3] C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [2F2V37R] dskfw32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"


Next, change settings to show hidden files. After doing that, restart in safe mode (while the computer is restarting, repeatedly hit F8 until you see a menu. Choose safe mode from that menu). Once you're in safe mode, delete the following files:

C:\documents and settings\pat\local settings\temp\aPObTEcf3.exe
C:\WINDOWS\System32\IEHost.exe
dskfw32.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe


You'll have to do a search to file dskfw32.exe

After doing this, reboot and post a new log.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#10 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 09 June 2004 - 10:46 AM

Ok - I did all that but none of those three files you wanted me to delete could be found when I searched for them (also looked in the directories stated). Here is my new log

Logfile of HijackThis v1.97.7
Scan saved at 11:44:06 AM, on 6/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\Pat\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f109.mail....ead=b&box=Trash
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...utocomplete.cab

#11 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 09 June 2004 - 11:26 AM

Looks like you're clean :bounce:

There's a couple of additional items to remove (not malware related, but they're dead startup links):

O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?


I suggest downloading and installing the following:

SpywareBlaster
IE-Spyad
MVPS Hosts

These will prevent much of the stuff from getting onto your computer.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#12 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 09 June 2004 - 12:14 PM

Thank you very much

#13 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 09 June 2004 - 03:41 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button