Jump to content


Photo

Infected with "P2P"


  • This topic is locked This topic is locked
1 reply to this topic

#1 Cthulhu

Cthulhu

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 June 2004 - 11:28 AM

Here is my logfile for hijackthis. I am getting errors running my cd burning software, Msn internet access, SpywareGuard and CWShredder.
Spybot S&D with the latest definition file picks up CIBV, and will remove it, but it returns. Its in my registry as p2p in C:/Windows/Coder/ the path does not exist.
Im having some problems with crashes, but I dont think this has anything to do with it.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\P2P

Thats what it displays as in registry editor, but I cant find the values in the Windows Folder. Please help




Logfile of HijackThis v1.97.7
Scan saved at 10:19:12 AM, on 6/14/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\ZWINDOWS\SYSTEM\KERNEL32.DLL
C:\ZWINDOWS\SYSTEM\MSGSRV32.EXE
C:\ZWINDOWS\SYSTEM\MPREXE.EXE
C:\ZWINDOWS\SYSTEM\mmtask.tsk
C:\ZWINDOWS\SYSTEM\MSTASK.EXE
C:\ZWINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\ZWINDOWS\EXPLORER.EXE
C:\ZWINDOWS\SYSTEM\RNAAPP.EXE
C:\ZWINDOWS\SYSTEM\TAPISRV.EXE
C:\ZWINDOWS\TASKMON.EXE
C:\ZWINDOWS\SYSTEM\SYSTRAY.EXE
C:\ZWINDOWS\SYSTEM\DDHELP.EXE
C:\ZWINDOWS\ptsnoop.exe
C:\ZWINDOWS\SYSTEM\STIMON.EXE
C:\ZWINDOWS\LOADQM.EXE
C:\ZWINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\ZWINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN\MSNIA\MSNIASVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\ZWINDOWS\REGEDIT.EXE
C:\ZWINDOWS\DESKTOP\JOSH'S FILES\LYRICS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\ZWINDOWS\Application Data\Mozilla\Profiles\default\i2hqvayi.slt\prefs.js)
O1 - Hosts: 66.250.51.66 misc-e.dal.net
O1 - Hosts: 198.32.245.252 torix-r.on.ca.dal.net
O1 - Hosts: 194.47.161.38 omen.se.eu.dal.net
O1 - Hosts: 199.184.165.134 jade.va.us.dal.net
O1 - Hosts: 193.11.251.6 ced.se.eu.dal.net
O1 - Hosts: 202.188.117.222 coins.kl.my.dal.net
O1 - Hosts: 212.74.101.21 dragons.ga.us.dal.net
O1 - Hosts: 212.110.161.45 games.it.eu.dal.net
O1 - Hosts: 207.96.122.252 jade.va.us.dal.net
O1 - Hosts: 64.212.171.241 liberty.nj.us.dal.net
O1 - Hosts: 151.189.12.24 matrix.de.eu.dal.net
O1 - Hosts: 192.228.128.64 mesra-e.kl.my.dal.net
O1 - Hosts: 212.74.101.21 tiscali.uk.eu.dal.net
O1 - Hosts: 65.122.104.42 twisted.ma.us.dal.net
O1 - Hosts: 203.121.68.222 vision.kl.my.dal.net
O1 - Hosts: 61.6.39.100 mesra.kl.my.dal.net
O1 - Hosts: 64.68.8.2 animals.ca.us.dal.net
O1 - Hosts: 195.50.191.12 arcor.de.eu.dal.net
O1 - Hosts: 198.31.210.181 kernel-c.nj.us.dal.net
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\ZWINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\ZWINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\ZWINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VAGCtrl] C:\PROGRAM FILES\VEXIRA ANTIVIRUS\VAGCTRL.EXE /min
O4 - HKLM\..\Run: [VAWUpd32] C:\PROGRA~1\VEXIRA~1\VAWUPD32.EXE /min
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\ZWINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7942.7153819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.ho...ex/HMAtchmt.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: ChatSpace Java Client 2.1.0.95 - http://69.33.12.20:8...va/cs4ms095.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: ConferenceRoom Java Client - http://glass.webmast...000/java/cr.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: ChatSpace Java Client 2.1.0.78 - http://64.85.11.100/Java/cs4ms078.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,18/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://64.151.77.123...va/cfs31235.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...366/mcfscan.cab

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 20 January 2005 - 02:53 AM

It has been a pleasure to help you :)

The problems here look to be resolved or the "Helper" has requested that the thread be closed, so I will close it. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button