Modem keeps on Dialing

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
My modem keeps on dialing some unknown number, even when I am working in Microsoft Office (i.e, MS words, MS excel, MS Powerpoint etc), even then my modem will be keep on dialing what may be the problem ?

As my modem will keep on dialing, my broadband connection will get terminated with in 1 or 2 minutes what should I do.
In Internet Properties > Connection Tab I have already selected > Never Dial a Connection mode.
But still it is dialing some unknown number, I have removed this number several times, but it will come back automatically.
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,448
Hi..your system may be infected..
Run a Hijack this log..log experts will check it..link below..
D/load..install in C:\ program file..click scan and save logfile..it will open in notepad..
Click edit>select all>edit>copy>back to your thread>paste on your thread..
 
Joined
Oct 8, 2005
Messages
480
Go into device manager and disable the dialup modem or better still if it's a PCI modem remove it from the slot! Your broadband should be unaffected by this. Like blues_harp28 says you have an infection and you need to run the Hijackthis prog.
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
I am pasting logfile my, friends, but i said in the beginning itself, my modem will get dis-connected with in 1 (or) 2 minutes, so i can not down load files, at all. so while answering my question keep this point in mind. (Previously i have saved Hijack this in my system so it was possible for me to paste this log file)

Logfile of HijackThis v1.99.1
Scan saved at 7:00:50 AM, on 1/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\POPCORN72.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
F:\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DIAL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [dmjsw.exe] C:\WINDOWS\SYSTEM\dmjsw.exe
O4 - HKLM\..\Run: [cshwm.exe] cshwm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Anti-Spyware Blocker.lnk = F:\Anti-Spyware Blocker\Anti-Virus.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
O21 - SSODL: IVzghabprqChq - {07075660-ADAD-FCCA-CEF1-9AC04D19AE02} - C:\WINDOWS\SYSTEM\SXPFN.DLL (file missing)
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
Logfile of HijackThis v1.99.1
Scan saved at 6:22:09 AM, on 1/13/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\POPCORN72.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
F:\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [dmjsw.exe] C:\WINDOWS\SYSTEM\dmjsw.exe
O4 - HKLM\..\Run: [cshwm.exe] cshwm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Anti-Spyware Blocker.lnk = F:\Anti-Spyware Blocker\Anti-Virus.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
O21 - SSODL: IVzghabprqChq - {07075660-ADAD-FCCA-CEF1-9AC04D19AE02} - C:\WINDOWS\SYSTEM\SXPFN.DLL (file missing)
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Definitely infected... moving from here to Security to get help easier.

The link here will get you to the new location.
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
when i am infected please suggest how i have to get remove it. Please explain in common language, I dont understand technicial words in computer.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe

Download 'SpSeHjfix'. to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder
http://www.derbilk.de/SpSeHjfix109.zip

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel>Internet Options>Programs & press Reset Web Settings, then you can set your home page to what you want on the General tab.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi smuralidhar- Since you posted that you were having trouble staying connected for very long, try this so you can get your downloads:

Is there anyone who could put the downloads you are to get onto a CD for you? Or, a flash USB drive perhaps? They fit on a floppy diskette also> . You will need a program to unzip the SpSeHJFix.zip file- something like WinZip will do, it's free, but a pretty big download. (over 8MB)

Do you have a file unzipping program installed?

I use Zip Central- it's smaller but just as good and easy to use.
It may fit on a floppy disk. (1.29MB)

http://hemsidor.torget.se/users/z/zcentral/down.html

Please use SITE 2 if you do get Zip Central as #1 does not work.

You can have someone download the files for you, on another computer if you just cannot stay online long enough.
They would only have to download the files shown in the post above for CWShredder and SPSEHJFix, and Zip Central download and burn to CD as a Data CD, take the CD to your computer and install the two downloads and Zip Central program and follow the directions in Cheesball81's post above.
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
Hi, Cheeseball18

I am posting the Fresh log created by 'SpSeHjfix' & log created by HJT log and I am also posting what kind of Security Warning i get when i when i Click on my Internet Icon on my Desktop,

log was created by 'SpSeHjfix'.

(1/15/06 7:35:18 PM) SPSeHjFix started v1.09
(1/15/06 7:35:18 PM) OS: Win98SE A (4.10.67766446)
(1/15/06 7:35:18 PM) Language: english

(1/15/06 7:36:20 PM) SPSeHjFix started v1.09
(1/15/06 7:36:20 PM) OS: Win98SE A (4.10.67766446)
(1/15/06 7:36:20 PM) Language: english
(1/15/06 7:36:21 PM) Disinfect started
(1/15/06 7:36:21 PM) Bad-Dll(IEP): (not found)
(1/15/06 7:36:21 PM) Bad-Dll(IEP) in BHO: (not found)
(1/15/06 7:36:21 PM) UBF: 4
(1/15/06 7:36:21 PM) UBB: 0
(1/15/06 7:36:21 PM) UBR: 19
(1/15/06 7:36:21 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(1/15/06 7:36:21 PM) Bad IE-pages:
(1/15/06 7:36:21 PM) Stealth-String not found:
(1/15/06 7:36:21 PM) File added to delete: c:\windows\temp\se.dll
(1/15/06 7:36:21 PM) Reboot
(1/15/06 7:37:13 PM) SPSeHjFix 2nd Step
(1/15/06 7:37:13 PM) RunServicesOnce-Key: (edited)
(1/15/06 7:37:29 PM) Cleaned


(1/16/06 10:34:42 AM) SPSeHjFix started v1.09
(1/16/06 10:34:42 AM) OS: Win98SE A (4.10.67766446)
(1/16/06 10:34:42 AM) Language: english
(1/16/06 10:34:52 AM) Disinfect started
(1/16/06 10:34:52 AM) Bad-Dll(IEP): (not found)
(1/16/06 10:34:52 AM) Bad-Dll(IEP) in BHO: (not found)
(1/16/06 10:34:52 AM) UBF: 4
(1/16/06 10:34:52 AM) UBB: 0
(1/16/06 10:34:52 AM) UBR: 18
(1/16/06 10:34:52 AM) Bad IE-pages:
(1/16/06 10:34:52 AM) Stealth-String not found:
(1/16/06 10:34:52 AM) Not infected->END

It clearly show I am # not infected #

****************************************************************.

log created by HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:46:20 AM, on 1/16/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\POPCORN72.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
F:\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY MUSIC\CWSHREDDER WHEN YOUR BROWSER IS HIJACKED USE THIS RE-INSTALL YOUR HOME PAGE..EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\WINDOWS\SYSTEM\DIAL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [dmjsw.exe] C:\WINDOWS\SYSTEM\dmjsw.exe
O4 - HKLM\..\Run: [cshwm.exe] cshwm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Anti-Spyware Blocker.lnk = F:\Anti-Spyware Blocker\Anti-Virus.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
O21 - SSODL: IVzghabprqChq - {07075660-ADAD-FCCA-CEF1-9AC04D19AE02} - C:\WINDOWS\SYSTEM\SXPFN.DLL (file missing)

*****************************************************************.
Even when I am not infected when I clcik internet Icon on my Desktop in my internet address bar I will get this kind of address “C:\WINDOWS\SYSTEM\msblank.html” and then I will get a security warning as shown below. What may be reason.

Security Warning.
Do you want to install and run “Advanced Browsing Technologies. International Charges Apply after clicking yes, otherwise pres cancel. Minors and persons under age of 18 are not allowed to continue.” Signed on an unknown date/time and distributed by:

Dialder Platform Limited.

Publisher authenticity verified by Thawte Code Signing CA.

Caution : Dialer Platform Limited asserts that this content is safe. You should only install/view this content if you trut dialer Platform Limited to make that assertion.
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
Hi, Cheeseball18

I am posting the Fresh log created by 'SpSeHjfix' & log created by HJT log and I am also posting what kind of Security Warning i get when i when i Click on my Internet Icon on my Desktop,

log was created by 'SpSeHjfix'.

(1/15/06 7:35:18 PM) SPSeHjFix started v1.09
(1/15/06 7:35:18 PM) OS: Win98SE A (4.10.67766446)
(1/15/06 7:35:18 PM) Language: english

(1/15/06 7:36:20 PM) SPSeHjFix started v1.09
(1/15/06 7:36:20 PM) OS: Win98SE A (4.10.67766446)
(1/15/06 7:36:20 PM) Language: english
(1/15/06 7:36:21 PM) Disinfect started
(1/15/06 7:36:21 PM) Bad-Dll(IEP): (not found)
(1/15/06 7:36:21 PM) Bad-Dll(IEP) in BHO: (not found)
(1/15/06 7:36:21 PM) UBF: 4
(1/15/06 7:36:21 PM) UBB: 0
(1/15/06 7:36:21 PM) UBR: 19
(1/15/06 7:36:21 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(1/15/06 7:36:21 PM) Bad IE-pages:
(1/15/06 7:36:21 PM) Stealth-String not found:
(1/15/06 7:36:21 PM) File added to delete: c:\windows\temp\se.dll
(1/15/06 7:36:21 PM) Reboot
(1/15/06 7:37:13 PM) SPSeHjFix 2nd Step
(1/15/06 7:37:13 PM) RunServicesOnce-Key: (edited)
(1/15/06 7:37:29 PM) Cleaned


(1/16/06 10:34:42 AM) SPSeHjFix started v1.09
(1/16/06 10:34:42 AM) OS: Win98SE A (4.10.67766446)
(1/16/06 10:34:42 AM) Language: english
(1/16/06 10:34:52 AM) Disinfect started
(1/16/06 10:34:52 AM) Bad-Dll(IEP): (not found)
(1/16/06 10:34:52 AM) Bad-Dll(IEP) in BHO: (not found)
(1/16/06 10:34:52 AM) UBF: 4
(1/16/06 10:34:52 AM) UBB: 0
(1/16/06 10:34:52 AM) UBR: 18
(1/16/06 10:34:52 AM) Bad IE-pages:
(1/16/06 10:34:52 AM) Stealth-String not found:
(1/16/06 10:34:52 AM) Not infected->END

It clearly show I am # not infected #

****************************************************************.

log created by HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:46:20 AM, on 1/16/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\POPCORN72.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
F:\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY MUSIC\CWSHREDDER WHEN YOUR BROWSER IS HIJACKED USE THIS RE-INSTALL YOUR HOME PAGE..EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\WINDOWS\SYSTEM\DIAL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [dmjsw.exe] C:\WINDOWS\SYSTEM\dmjsw.exe
O4 - HKLM\..\Run: [cshwm.exe] cshwm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Anti-Spyware Blocker.lnk = F:\Anti-Spyware Blocker\Anti-Virus.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
O21 - SSODL: IVzghabprqChq - {07075660-ADAD-FCCA-CEF1-9AC04D19AE02} - C:\WINDOWS\SYSTEM\SXPFN.DLL (file missing)

*****************************************************************.
Even when I am not infected when I clcik internet Icon on my Desktop in my internet address bar I will get this kind of address “C:\WINDOWS\SYSTEM\msblank.html” and then I will get a security warning as shown below. What may be reason.

Security Warning.
Do you want to install and run “Advanced Browsing Technologies. International Charges Apply after clicking yes, otherwise pres cancel. Minors and persons under age of 18 are not allowed to continue.” Signed on an unknown date/time and distributed by:

Dialder Platform Limited.

Publisher authenticity verified by Thawte Code Signing CA.

Caution : Dialer Platform Limited asserts that this content is safe. You should only install/view this content if you trut dialer Platform Limited to make that assertion.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


* Go here and download Ad-Aware SE.
  • Install the program and launch it.
  • First in the main window look in the bottom right corner and click on Check for updates now
  • Click Connect and download the latest reference files.
  • Do not run Adaware yet. Just download the updates and have it ready to run later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Now launch Ad-Aware SE:
  • From main window click Start then under Select a scan Mode tick Perform full system scan.
  • Next deselect Search for negligible risk entries.
  • Now to scan just click the Next button.
  • When the scan is finished mark everything for removal and get rid of it.
  • Right-click the window and choose select all from the drop down menu and click Next


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Web" tab. Under "View my Active desktop as a web page" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button.
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJack This log along with the results from ActiveScan.
 

smuralidhar

Thread Starter
Joined
Jan 1, 2006
Messages
63
Hi, Cheesball81,

New HiJack This log

Logfile of HijackThis v1.99.1
Scan saved at 6:42:31 PM, on 1/16/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmjsw.exe] C:\WINDOWS\SYSTEM\dmjsw.exe
O4 - HKLM\..\Run: [cshwm.exe] cshwm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunOnce: [Panda_cleaner_41898] C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 41898
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
O21 - SSODL: IVzghabprqChq - {07075660-ADAD-FCCA-CEF1-9AC04D19AE02} - C:\WINDOWS\SYSTEM\SXPFN.DLL (file missing)

***************************************************************************.
Results from ActiveScan

Incident Status Location

Virus:Trj/Downloader.EES Disinfected Operating system
Adware:Adware/WinHound Not disinfected C:\WINDOWS\SYSTEM\OLEEXT.DLL
Virus:W32/Smitfraud.D Disinfected Operating system
Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/dloader Not disinfected C:\WINDOWS\SYSTEM\msblank.html
Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM\howiper.exe
Adware:adware/sbsoft Not disinfected C:\WINDOWS\rdt.ini
Adware:adware/psguard Not disinfected Windows Registry
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\venu [email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Spyware:Cookie/217.73.66.16 Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\SYSTEM\WININET.DLL
Virus:Trj/Pakes.BO Disinfected C:\WINDOWS\SYSTEM\dmhds.exe
Virus:Trj/Pakes.BO Disinfected C:\WINDOWS\SYSTEM\dmmei.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\SYSTEM\oleext.dll
Virus:Trj/Pakes.BO Disinfected C:\WINDOWS\SYSTEM\dmrsv.exe
Virus:Trj/Downloader.FFZ Disinfected C:\WINDOWS\SYSTEM\csnon.exe
Virus:Trj/Pakes.BO Disinfected C:\WINDOWS\SYSTEM\dmffp.exe
Virus:Trj/DNSChanger.ED Disinfected C:\WINDOWS\SYSTEM\yaemu.exe
Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM\howiper.exe
Virus:Trj/Downloader.FFZ Disinfected C:\WINDOWS\SYSTEM\csktz.exe
Adware:Adware/QuickWeb Not disinfected C:\WINDOWS\SYSTEM\pppcgm.exe
Adware:Adware/Spoon Not disinfected C:\WINDOWS\SYSTEM\favset.exe
Virus:Trj/Downloader.FFZ Disinfected C:\WINDOWS\SYSTEM\cszvz.exe
Virus:Trj/Downloader.FFZ Disinfected C:\WINDOWS\SYSTEM\csfud.exe
Dialer:Dialer.FGG Not disinfected C:\WINDOWS\SYSTEM\winctrl64.exe
Virus:Trj/Pakes.BO Disinfected C:\WINDOWS\SYSTEM\dmskl.exe
Virus:Trj/Downloader.EES Disinfected C:\WINDOWS\SYSTEM\dgprpsetup.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\SYSTEM\winctrl32.exe
Dialer:Dialer.FGG Not disinfected C:\WINDOWS\SYSTEM\dial32.exe
Virus:Trj/Downloader.FFZ Disinfected C:\WINDOWS\SYSTEM\csdxc.exe
Adware:Adware/PsGuard Not disinfected C:\WINDOWS\Downloaded Program Files\on.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\gdnFR277.exe
Dialer:Dialer.BEW Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\ICDXDDR4\connect[1].htm
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\31THDSKZ\gdnFR277[1].exe
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\venu [email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Spyware:Cookie/217.73.66.16 Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\venu [email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\My Music\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\My Music\smitRem\Process.exe
Adware:Adware/MediaTickets Not disinfected C:\q523345.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top