1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help

Discussion in 'Virus & Other Malware Removal' started by Espart, Oct 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Espart

    Espart Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    Hi iam a new member and dont realy know much about log files, i've read some of the topics and replies here, so i decided to download HijakThis. would you be plz let me know what to keep and what to deleat. Thanks alot in advance, here is the Log File:




    Logfile of HijackThis v1.97.2
    Scan saved at 21:30:58, on 09.10.2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAMFILER\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAMFILER\ROXIO\WINONCD\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAMFILER\FELLESFILER\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAMFILER\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAMFILER\DAP\DAP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAMFILER\WINRAR\WINRAR.EXE
    C:\WINDOWS\TEMP\RAR$EX01.304\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ /> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com /> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
    O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAMFILER\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\WinOnCD\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMFILER\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [AvxIni] c:\programfiler\softwin\bdhome\avxinit.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Symantec Setup Launcher.lnk = C:\WINDOWS\TEMP\SymLnch.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programfiler\Free Downloads Accelerator\fdaie.htm
    O9 - Extra button: Kangaroo (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Net2Phone (HKLM)
    O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab /> O16 - DPF: {73973630-3F6B-4112-972E-F9CB01365C1F} (PalInstl Class) - http://www.paltalk.com/paltalk2/Download/InstlWiz.CAB /> O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab /> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab /> O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab /> O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab /> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab /> O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB /> O16 - DPF: {B842835B-769C-4041-9E0C-5CCC1D0334AB} (kevin.UserControl1) - http://voicecafe.optecs.net/kevin/kevin.CAB /> O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab /> O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab /> O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab /> O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab /> O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab /> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab /> O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab /> O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab /> O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab /> O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab />
     
  2. Espart

    Espart Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    By the way the reason i posted the Log File is that my loving computer is infected by this virus or whatever called "Dialer". Your help is much appreciated.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    I can't see any sign of a dialler running there.

    Who said you have a dialler virus/trojan ?

    If it was an AV scan it likely has removed it for you
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Welcome to T.S.G:)

    Thats pretty clean.

    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows and "fix checked"

    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)


    Re-boot after.

    ;)
     
  5. Espart

    Espart Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    The AV must have done the job, but iam sure i had it in my pc every time i logged on the stupid thing would run too.
    but anyways thanks for ur hepl now i can be free of worries, knowing its no longer there.
     
  6. Espart

    Espart Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    Thanks dvk01 and $teve
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    are you sure about this one Steve
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL

    According to pac-man start-ups it's a goodie, free download accellerator
     
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    $teve

    I don't know why Pieter put that one on his list for removal as it has been listed on TK's BHO list as legit for quite some time. Unless something has changed and the list has not been updated.

    From TK's BHO list:

    L {98DE779A-2364-4293-AB71-2B97C61C4640}: Fdahlp.dll - Free Downloads Accelerator

    I see the dll (ie.. the 99) is different but the CLSID is the same
     
  10. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Thanx for the info mark...................its saturday night and i didnt have much time to surf around for confirmation....just saw the one link and i thought....better to be safe.

    ;)
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171202

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice