• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
grubz

http://69.20.62.53/yyy4.html Again :)))

11 posts in this topic

Hey there!! This popunder is resisting any attempt by Ad-Aware 6, Bazooka, & Spybot. I've pasted a H-T log since that's what I see many do here. Lemme know if more infor is needed. Thanks in advance!!

 

Logfile of HijackThis v1.97.7

Scan saved at 7:30:37 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

C:\Program Files\Memorex Keyboard\KMaestro.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Memorex Keyboard\WTS_KEY.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Documents and Settings\Owner\My Documents\Tomek's Stuff\Computer Shit\Spyware Killers\HIjack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

O4 - HKLM\..\Run: [KeyMaestro] C:\Program Files\Memorex Keyboard\KMaestro.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Forget Me Not.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Control Pad (HKLM)

O9 - Extra 'Tools' menuitem: Control Pad (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.173.193.218/activex/AxisCamControl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7960.8149537037

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://wrosystem.um.wroc.pl/kamera/wg_webeye.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Run Hijack This and check these boxes:

 

R3 - Default URLSearchHook is missing

 

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l

 

Close your browser and hit fix.

 

Download VX2Finder from this link:

http://www.downloads.subratam.org/VX2Finder.exe

 

 

Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.

 

Copy and paste the contents of the log into your next reply here.

Share this post


Link to post
Share on other sites

i doubt you need this up:(unless using musicmatch)

 

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

close out of these kinds of programs before posting (for future ref) LEAVE IT ON:

 

C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

 

this goes:

 

R3 - Default URLSearchHook is missing

 

dont need these starting up:

 

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

dont need:

 

O4 - Global Startup: Forget Me Not.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

take this off:

 

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

 

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

 

 

i saw you prolly have a webcam and use those other 016 things for it so i left them out.

 

actually nothing was really WRONG with your log. that stuff above is basically common clean-up. in my signature try running and UPDATING cwshredder and see if that does it. when you enter adaware it closes it out right away? is that what your saying?

 

i hope i didn't miss anything. try to do a full virus scan AFTER updating your definitions.

 

hope this helps {SoW}Rob

Share this post


Link to post
Share on other sites

Thanks Guys (gals?) I yanked the items suggested nut it hasn't helped much. CWshredder gives a clean bill of health. Adaware shows nothing either. I ran Vx2Finder & H-T and pasted the logs below. Thanks again!!!

 

 

MY latest H-T log file

 

Logfile of HijackThis v1.97.7

Scan saved at 8:52:22 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

C:\Program Files\Memorex Keyboard\KMaestro.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Memorex Keyboard\WTS_KEY.EXE

C:\Documents and Settings\Owner\My Documents\Tomek's Stuff\Computer Shit\Spyware Killers\HIjack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

O4 - HKLM\..\Run: [KeyMaestro] C:\Program Files\Memorex Keyboard\KMaestro.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Control Pad (HKLM)

O9 - Extra 'Tools' menuitem: Control Pad (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7960.8149537037

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

Vx2Finder log (I'm presuming I need to delete these files)

 

iles Found---

C:\WINDOWS\System32\3yViewer.dll

C:\WINDOWS\System32\6ao4svc.dll

C:\WINDOWS\System32\6ho4svc.dll

C:\WINDOWS\System32\6io4svc.dll

C:\WINDOWS\System32\acd.dll

C:\WINDOWS\System32\agd.dll

C:\WINDOWS\System32\apaamon.dll

C:\WINDOWS\System32\asaamon.dll

 

 

Guardian Key--- is called: GuardianXOGWQ

Asynchronous 000

DllName C:\WINDOWS\system32\acd.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 124

ID {269FE47D-9CAC-4658-8B0B-8C10A7F4AE86}

IDex CS3

 

User Agent String---

{269FE47D-9CAC-4658-8B0B-8C10A7F4AE86}

Share this post


Link to post
Share on other sites

You have the vx2 infection. :gack:

 

Sign off and stay off the internet until the entire procedure is complete.

 

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

 

Put a check on all of the files.

Then select the *Delete these files* button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file (Reboot)

 

-----------------

Once back in Windows

 

 

Open VX2Finder again and click on these buttons in the right pane:

 

user agent, Guardian.reg, restore policy

 

Exit and reboot.

 

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Post it here with a fresh HijackThis log please.

Share this post


Link to post
Share on other sites

VXfinder came back clean.. It looks like the prob. has gone away. Lemme know if anything's brewing in the log below. Thanks again

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:48:23 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

C:\Program Files\Memorex Keyboard\KMaestro.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Memorex Keyboard\WTS_KEY.EXE

C:\WINDOWS\System32\cidaemon.exe

C:\Documents and Settings\Owner\My Documents\Tomek's Stuff\Computer Shit\Spyware Killers\HIjack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

O4 - HKLM\..\Run: [KeyMaestro] C:\Program Files\Memorex Keyboard\KMaestro.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Control Pad (HKLM)

O9 - Extra 'Tools' menuitem: Control Pad (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7960.8149537037

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

That looks good. :D

 

Run Hijack This and check these boxes:

 

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

 

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} -

 

Hit fix and reboot. Those lines should go away. If not post back.

 

Prevention might be easier than cure. I suggest you do this to prevent reinfection:

 

Make sure you have the latest critical updates. This will help prevent some of these from getting on your PC.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

Download and install-

SpywareBlaster will block bad ActiveX and malevolent cookies. Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

http://www.javacoolsoftware.com/spywareblaster.html

Alternate download location:

http://www.net-integration.net/tools/spywareblaster.html

 

And also see: So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Well, I tried twice and those lines keep coming back. Any suggestions??

 

Here's a fresh log...

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:45:22 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

C:\Program Files\Memorex Keyboard\KMaestro.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Memorex Keyboard\WTS_KEY.EXE

C:\Documents and Settings\Owner\My Documents\Tomek's Stuff\Computer Shit\Spyware Killers\HIjack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Wheel Mouse\5.2\MOUSE32A.EXE

O4 - HKLM\..\Run: [KeyMaestro] C:\Program Files\Memorex Keyboard\KMaestro.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Control Pad (HKLM)

O9 - Extra 'Tools' menuitem: Control Pad (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7960.8149537037

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

This is not normal. Could you boot into safe mode and give it a try?

 

Reboot into 'SAFE MODE'. How to reboot into 'SAFE MODE'

 

Run Hijack This and check these boxes:

 

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

 

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} -

 

Hit fix and reboot into normal mode. Let me know if that works. The good news is that the files are gone so no worries. These are just stray entries in the registry.

Share this post


Link to post
Share on other sites

Nope, tried that and they keep coming back. I even individually searched regedit and erased all instances of them. After reboot they still show on the H-T log, just like before. I'm baffeled... Now since the files are gone, is this indicative of anything worse??

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0