Jump to content


Photo

DSO exploit?


  • Please log in to reply
1 reply to this topic

#1 njmbo

njmbo

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 June 2004 - 07:45 AM

Well I seem to have contracted some kind of spyware and I am not able to rid my computer of it. Tried Spybot, CWshredder, Pepperkill and some other spyware removers which ofcourse didn't help.

Took the liberty of sending my HijackThis log below.
Would very much appreciate any help,

Logfile of HijackThis v1.97.7
Scan saved at 21:15:20, on 8-6-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSYE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\STARTEAK.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\D3ZM32.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 908-948\BRIDGEMON.EXE
C:\PROGRAM FILES\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pvkkk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://pvkkk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://pvkkk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pvkkk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://pvkkk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pvkkk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {726D2B7F-C41E-24A8-CA2E-30DD6D5653C9} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {84A681B3-E783-D1F5-37D5-AD282032FCEC} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {B90BB54E-72B6-78D4-04FA-ABFDF525AD27} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FF567645-763C-B5C6-55C1-519A989D81F5} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {1D1CADD5-6348-28AA-18F4-39B3DCC7341E} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {B32A367C-21DE-1DE1-AFDE-2FE09A442DB3} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {C9ABB7AA-A229-2253-B534-939537720B84} - C:\WINDOWS\IPEO.DLL (file missing)
O2 - BHO: (no name) - {C7D8EAF4-9E2D-6571-B2CF-2DCDEDD86EB8} - C:\WINDOWS\SYSTEM\CROB32.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [D3ZM32.EXE] C:\WINDOWS\D3ZM32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [ADDHZ32.EXE] C:\WINDOWS\ADDHZ32.EXE
O4 - HKLM\..\RunServices: [SYSBB32.EXE] C:\WINDOWS\SYSBB32.EXE
O4 - HKLM\..\RunServices: [JAVAKR.EXE] C:\WINDOWS\JAVAKR.EXE
O4 - HKLM\..\RunServices: [MFCNY.EXE] C:\WINDOWS\MFCNY.EXE
O4 - HKLM\..\RunServices: [SYSRP32.EXE] C:\WINDOWS\SYSTEM\SYSRP32.EXE
O4 - HKLM\..\RunServices: [SYSWB.EXE] C:\WINDOWS\SYSWB.EXE
O4 - HKLM\..\RunServices: [JAVADZ32.EXE] C:\WINDOWS\SYSTEM\JAVADZ32.EXE
O4 - HKLM\..\RunServices: [MSCR.EXE] C:\WINDOWS\MSCR.EXE
O4 - HKLM\..\RunServices: [SDKJT.EXE] C:\WINDOWS\SYSTEM\SDKJT.EXE
O4 - HKLM\..\RunServices: [D3CR.EXE] C:\WINDOWS\SYSTEM\D3CR.EXE
O4 - HKLM\..\RunServices: [WINUC.EXE] C:\WINDOWS\WINUC.EXE
O4 - HKLM\..\RunServices: [IEQU32.EXE] C:\WINDOWS\SYSTEM\IEQU32.EXE
O4 - HKLM\..\RunServices: [CRWJ.EXE] C:\WINDOWS\SYSTEM\CRWJ.EXE
O4 - HKLM\..\RunServices: [D3QA32.EXE] C:\WINDOWS\D3QA32.EXE
O4 - HKLM\..\RunServices: [APIJZ32.EXE] C:\WINDOWS\APIJZ32.EXE
O4 - HKLM\..\RunServices: [D3UL32.EXE] C:\WINDOWS\SYSTEM\D3UL32.EXE
O4 - HKLM\..\RunServices: [MFCDP32.EXE] C:\WINDOWS\MFCDP32.EXE
O4 - HKLM\..\RunServices: [APIUB32.EXE] C:\WINDOWS\APIUB32.EXE
O4 - HKLM\..\RunServices: [SYSKX.EXE] C:\WINDOWS\SYSTEM\SYSKX.EXE
O4 - HKLM\..\RunServices: [JAVAVW32.EXE] C:\WINDOWS\SYSTEM\JAVAVW32.EXE
O4 - HKLM\..\RunServices: [IPNR.EXE] C:\WINDOWS\SYSTEM\IPNR.EXE
O4 - HKLM\..\RunServices: [MSNL.EXE] C:\WINDOWS\SYSTEM\MSNL.EXE
O4 - HKLM\..\RunServices: [IPAC32.EXE] C:\WINDOWS\SYSTEM\IPAC32.EXE
O4 - HKLM\..\RunServices: [SDKRM.EXE] C:\WINDOWS\SDKRM.EXE
O4 - HKLM\..\RunServices: [NETDO.EXE] C:\WINDOWS\NETDO.EXE
O4 - HKLM\..\RunServices: [NETUQ32.EXE] C:\WINDOWS\NETUQ32.EXE
O4 - HKLM\..\RunServices: [MFCLM.EXE] C:\WINDOWS\MFCLM.EXE
O4 - HKLM\..\RunServices: [MSCV.EXE] C:\WINDOWS\MSCV.EXE
O4 - HKLM\..\RunServices: [JAVAGZ32.EXE] C:\WINDOWS\JAVAGZ32.EXE
O4 - HKLM\..\RunServices: [WINGE.EXE] C:\WINDOWS\WINGE.EXE
O4 - HKLM\..\RunServices: [APIQS32.EXE] C:\WINDOWS\APIQS32.EXE
O4 - HKLM\..\RunServices: [APIUJ.EXE] C:\WINDOWS\SYSTEM\APIUJ.EXE
O4 - HKLM\..\RunServices: [APIYH.EXE] C:\WINDOWS\SYSTEM\APIYH.EXE
O4 - HKLM\..\RunServices: [IEYM.EXE] C:\WINDOWS\IEYM.EXE
O4 - HKLM\..\RunServices: [MSPL.EXE] C:\WINDOWS\MSPL.EXE
O4 - HKLM\..\RunServices: [MFCKM32.EXE] C:\WINDOWS\MFCKM32.EXE
O4 - HKLM\..\RunServices: [NTOI32.EXE] C:\WINDOWS\SYSTEM\NTOI32.EXE
O4 - HKLM\..\RunServices: [SYSYE.EXE] C:\WINDOWS\SYSYE.EXE
O4 - Startup: BridgeMon.lnk = C:\Program Files\SAGEM\SAGEM F@st 908-948\BridgeMon.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8156.2394560185
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab

#2 njmbo

njmbo

    Member

  • New Member
  • Pip
  • 2 posts

Posted 09 July 2004 - 04:02 PM

Well, none of the proscribed remedies worked, so basically I hacked away at some funny looking stuff, most seemingly random generated five letter files in the temp department or something. Solved most of the problems but my laptop kept freezing up on me so I did what any sane christian would: format the mother...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button