Jump to content

[SOLVED]Spyware? Virus?


Ryan233

Recommended Posts

Hello, my homepage keeps getting changed. I can't seem to get rid of it. Also I am having problems with the internet being sluggish and installing programmes. Please help. The following is my Hijack Log. Thanks in advance,

 

 

 

 

Logfile of HijackThis v1.98.2

Scan saved at 4:26:24 AM, on 10/3/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\WSCRIPT.EXE

C:\PROGRAM FILES\APOINT\APOINT.EXE

C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.msn.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {36F41050-B14B-2AE5-8753-60550DA7264C} - C:\WINDOWS\SYSTEM\KLGU.DLL (file missing)

O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [service Manager] C:\windows\dxsound.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart

O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe

O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O19 - User stylesheet: (file missing)

Link to comment
Share on other sites

Hi Ryan, I hope you're still with us :)

 

Rescan with HJT...close all browsers/explorer windows, check these items then click 'fix checked':

 

O2 - BHO: (no name) - {36F41050-B14B-2AE5-8753-60550DA7264C} - C:\WINDOWS\SYSTEM\KLGU.DLL (file missing)

 

O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM

FILES\AIM TOOLBAR\AIMHELPER.DLL (file missing)

 

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

 

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

 

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

 

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

 

O4 - HKCU\..\Run: [service Manager] C:\windows\dxsound.exe

 

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

 

O19 - User stylesheet: (file missing)

 

***Items in blue: I recommend that you remove Weatherbug entirely. It is becoming a nuisance and may install spyware/malware if you are not using the paid version. WeatherPulse by Tropic Designs is, in my opinion, a better program and does not install any spyware/malware; You can download it here (free): http://www.tropicdesigns.net

 

Reboot into safe mode

show hidden files and folders

 

Find and delete:

O4 - HKCU\..\Run: [service Manager] C:\windows\dxsound.exe

 

Reboot into normal mode and post a new HJT log

Link to comment
Share on other sites

OK Jacee I have done what you said to do and here is the HJT log:

 

 

Logfile of HijackThis v1.98.2

Scan saved at 5:44:46 PM, on 10/6/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PASSRV.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PAVFNSVR.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PSIMSVC.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\FIREWALL\PAVFIRES.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PAVPROT.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PREVSRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\APOINT\APOINT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE

C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE

C:\WINDOWS\RUNDLL32.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\APVXDWIN.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\WEBPROXY.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.msn.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [sCANINICIO] "D:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe

O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "D:\Program Files\Panda Software\Panda Platinum Internet Security\Pavsched.exe"

O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "D:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"

O4 - HKLM\..\RunServices: [PAVFNSVR] D:\Program Files\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe

O4 - HKLM\..\RunServices: [PSIMSVC] "D:\Program Files\Panda Software\Panda Platinum Internet Security\PSIMSVC.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] D:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O4 - HKLM\..\RunServices: [PAVPROT] D:\Program Files\Panda Software\Panda Platinum Internet Security\pavprot.exe

O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PREVSRV.EXE"

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe

O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

 

 

*** Thanks alot for your help. I really appreciate this. Please let me know if there is still something else for me to do. Once again, thank you for your help.

Link to comment
Share on other sites

Have HJT fix these two items (browsers and explorer windows closed) and reboot:

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

Next...go into Internet Options - General tab. Delete temporary internet files, and choose to delete all Offline content. Also, go to Start - Find - Files or folders - in the named box, type: *.tmp and choose Edit - select all - File - delete. Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one. Empty Recycle bin, clear history and cookies. (WinME might be a bit different than this, but I'm sure you will know how to clean out the temps and such)

 

Add these free programs to your arsenal of protection:

 

Install and how to use Ad-aware SE

http://www.bleepingcomputer.com/forums/ind...showtutorial=48

 

Install and how to use Spybot s&d

http://www.bleepingcomputer.com/forums/ind...showtutorial=43

 

SpywareBlaster (<--update after downloading) and SpywareGuard:

http://www.javacoolsoftware.com/products.html

Spyware Guard is a real-time malware scanner

 

IE-SPYADS: https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD

Tutorial on how to use:

http://www.bleepingcomputer.com/forums/ind...showtutorial=53

 

When you've done all of that, set a new restore point! :)

 

BTW, this was your worm:

O4 - HKCU\..\Run: [service Manager] C:\windows\dxsound.exe

 

http://www.esecurityplanet.com/alerts/article.php/3289261

Link to comment
Share on other sites

WOW!! I have been using the Netscape Internet because my Internet Explorer was in such bad shape. It works now!! There is a world of a difference. I can't thank you enough Jacee. Thanks alot for all the help and concern You guys are amazing! This is the Hijack Log with all of the previous changes you asked me to make. If there is anything else I should then please tell me. I still can't get over this its just amazing. Thanks alot Jacee.

 

 

Logfile of HijackThis v1.98.2

Scan saved at 1:38:49 AM, on 10/7/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PASSRV.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PAVFNSVR.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PSIMSVC.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\FIREWALL\PAVFIRES.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PAVPROT.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PREVSRV.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\APOINT\APOINT.EXE

C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE

C:\WINDOWS\RUNDLL32.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\APVXDWIN.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE

C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE

D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\WEBPROXY.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.msn.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ck68bmjm.slt\prefs.js)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [sCANINICIO] "D:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe

O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "D:\Program Files\Panda Software\Panda Platinum Internet Security\Pavsched.exe"

O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "D:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"

O4 - HKLM\..\RunServices: [PAVFNSVR] D:\Program Files\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe

O4 - HKLM\..\RunServices: [PSIMSVC] "D:\Program Files\Panda Software\Panda Platinum Internet Security\PSIMSVC.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] D:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O4 - HKLM\..\RunServices: [PAVPROT] D:\Program Files\Panda Software\Panda Platinum Internet Security\pavprot.exe

O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "D:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\PREVSRV.EXE"

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart

O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe

O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...