1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system32.exe

Discussion in 'Virus & Other Malware Removal' started by emmerrrr, Apr 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    Hey guys, i bought a new computer about 2 weeks ago, but somethings wrong and i can't find it. It's Windows XP, and when i startup i get the message: System32.exe can't be found on your system, maybe you renamed or replaced the file, search the file and :try again. Also my MSN doesn't work and my Yahoo and even my p2pprograms. So i already reinstalled my internetconnection i use ADSL. But still don't work, i already read some topics on the site, and i've downloaded Hijack, this is the SaveLog i recieve:

    Logfile of HijackThis v1.97.7
    Scan saved at 16:44:15, on 13-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Srng\Srng.exe
    C:\Program Files\SuperBar\sbhc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\ClockSync\Sync.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Altnet\Download Manager\adm.exe
    c:\windows\temp\adware\fsg_4104.exe
    C:\PROGRA~1\Save\Save.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\DOCUME~1\Emmer\LOCALS~1\Temp\gd2DF.tmp
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\mirc\mirc.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: SuperBar - {12432975-31CC-4EF2-8C64-BB00B1E2C7A5} - C:\Program Files\SuperBar\SuperBar.Dll
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [SPANT] C:\WINDOWS\SPANT.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
    O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66


    Guys i really hope you can help me, if you need more information to help me
    please say it ;)
    Greetzzzzzz Frank (Holland)
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    You have a heap of crap in there......Your P2P programs are causing all this.


    Download AdAware 6 181 from here: http://www.lavasoftusa.com/
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    Then......

    Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    Then.........

    Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

    Then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)

    Now re-boot...

    Then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

    Run an online antivirus check from at least one and preferably 2 of the following sites....
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/

    Re-boot again.

    Then post a new HijackThis log to check what is left.


    And when this is all clean...
    Consider installing the following:

    SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

    IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm

    ;)
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi emmerrrr

    Welcome to TSG! :)

    I highly recommend you get rid of Kazaa. It is full of spyware and the source of many problems. A lot of the problems you have now are from the garbage that comes bundled with Kazaa and is installed on your PC without your knowledge.

    Go here and get KazaaBegone and run it to get rid of Kazaa.


    Go here and download Adaware 6 Build 181

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.


    Then go here and download Spybot Search & Destroy.

    Install the program and launch it.

    Before scanning press Online and Search for Updates .

    Put a check mark at and install all updates.

    Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

    Restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  4. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    These are the results of online virusscan with symantecsite:

    15224 files scanned, 101 file(s) infected on your disk drives.

    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000584.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000585.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000586.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000587.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000588.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000589.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000590.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000591.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000592.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000593.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000594.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000595.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000596.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000597.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000598.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000599.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000600.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000601.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000602.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000603.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000604.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000605.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000606.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000607.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000608.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000609.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000610.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000611.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000612.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000613.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000614.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000615.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000616.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000617.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000618.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000619.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000620.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000621.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000622.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000623.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000624.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000625.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000626.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000627.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000628.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000629.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000630.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000631.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000632.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000633.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000634.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000635.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000636.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000637.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000638.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000639.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000640.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000641.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000642.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000643.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000644.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000645.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000646.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000647.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000648.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000649.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000650.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000651.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000652.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000653.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000654.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000655.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000656.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000657.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000658.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000659.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000660.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000661.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000662.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000663.exe is infected with Backdoor.Sdbot.F
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000664.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000665.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000666.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000667.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000668.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000669.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000670.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000671.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000672.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000673.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000674.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000675.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000676.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000677.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000678.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000679.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000680.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000681.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000682.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000683.exe is infected with W32.Kwbot.F.Worm
    C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000684.exe is infected with W32.Kwbot.F.Worm


    but seems a little strange to me ..., and SpyBots can't download updates says: Can't recieve udate date. (translated from dutch :)) i'm going to try another online virusscan now already thank you for so far ;-)
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    All those files are in System Restore. To get rid of those you'll have to turn off System Restore to purge all restore points.

    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    When you are sure you are clean turn it back on and create a restore point.

    Now post another Hijack This log please so we can make sure you are clean before you turn System Restore back on.
     
  6. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    Logfile of HijackThis v1.97.7
    Scan saved at 20:40:02, on 13-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\apps\ABoard\AOSD.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

    so that's what left, do i have to remove that all again ?
     
  7. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    Hey guys goodevening,

    I runned KazaaBegone now, and it says everything about kazaa is gone this is my SaveLog right now:

    Logfile of HijackThis v1.97.7
    Scan saved at 18:36:47, on 14-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\apps\ABoard\AOSD.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Winamp\winamp.exe
    C:\mirc\mirc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

    Msn is still not working :(
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hijack This again and put a check by these. Close all windows except Hijack This and "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)

    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


    Restart to safe mode and delete:

    The c:\program files\altnet folder
    The C:\apps\ClickMe folder
    The C:\WINDOWS\System32\P2P Networking folder

    How to start your computer in safe mode
     
  9. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    Allright everything you said, i've done, and it helped couse i don't recieve message from system32 any longer, but msn still not working how is that possible ? It's not because my account, it's becouse my computer i'm almost sure of that. Hey guys, i really wanna donate, i wanna give 10 euro now, and if my msn works again i wanna give another 10 euro, but how i do that?? Couse i don't have any creditcard or something .... :(.
    Well here is my Hijack This SaveLog:

    Logfile of HijackThis v1.97.7
    Scan saved at 15:27:07, on 15-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

    so i hope you can help me further, if you can't no problem already thanx now !!!! this is really great site :) :) :)
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    What MSN isn't working? MSN Messeger? MSN internet access or what?

    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s


    Restart to safe mode and delete:

    The c:\program files\altnet folder
    The C:\WINDOWS\System32\P2P Networking folder
     
  11. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    Logfile of HijackThis v1.97.7
    Scan saved at 19:14:02, on 15-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\mirc\mirc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

    Allright this is what left now, well it's MSN Messenger what's not working, and yahoo didn't work either but i removed yahoo now. And my bank who saves my money have a page on the internet too, you can order your moneytransfers and everything online, but i can't open the site on this computer, but on my old computer it's no problem. I really don't understand.
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    What happens when you try to acess MSN Messenger and that site? Do you get an error message? If so what is the exact error message?

    The log is clean now.
     
  13. emmerrrr

    emmerrrr Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    7
    well when i try to connect with msn messenger with my accectly username and password i recieve this message:Login to .Net Messenger Service is failed, maybe because a problem with your internet connection. Try again later. 0x81000370
    And when i try to login on the website of MSN, the loginpage won't load, it's just empty.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219965

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice