system32.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
Hey guys, i bought a new computer about 2 weeks ago, but somethings wrong and i can't find it. It's Windows XP, and when i startup i get the message: System32.exe can't be found on your system, maybe you renamed or replaced the file, search the file and :try again. Also my MSN doesn't work and my Yahoo and even my p2pprograms. So i already reinstalled my internetconnection i use ADSL. But still don't work, i already read some topics on the site, and i've downloaded Hijack, this is the SaveLog i recieve:

Logfile of HijackThis v1.97.7
Scan saved at 16:44:15, on 13-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Srng\Srng.exe
C:\Program Files\SuperBar\sbhc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\ClockSync\Sync.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Altnet\Download Manager\adm.exe
c:\windows\temp\adware\fsg_4104.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\Emmer\LOCALS~1\Temp\gd2DF.tmp
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\mirc\mirc.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SuperBar - {12432975-31CC-4EF2-8C64-BB00B1E2C7A5} - C:\Program Files\SuperBar\SuperBar.Dll
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [SPANT] C:\WINDOWS\SPANT.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66


Guys i really hope you can help me, if you need more information to help me
please say it ;)
Greetzzzzzz Frank (Holland)
 
Joined
Oct 9, 2001
Messages
9,396
You have a heap of crap in there......Your P2P programs are causing all this.


Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)

Now re-boot...

Then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

Re-boot again.

Then post a new HijackThis log to check what is left.


And when this is all clean...
Consider installing the following:

SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm

;)
 
Joined
Jul 26, 2002
Messages
46,349
Hi emmerrrr

Welcome to TSG! :)

I highly recommend you get rid of Kazaa. It is full of spyware and the source of many problems. A lot of the problems you have now are from the garbage that comes bundled with Kazaa and is installed on your PC without your knowledge.

Go here and get KazaaBegone and run it to get rid of Kazaa.


Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.


Then go here and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
$teve said:
You have a heap of crap in there......Your P2P programs are causing all this.


Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)

Now re-boot...

Then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

Re-boot again.

Then post a new HijackThis log to check what is left.


And when this is all clean...
Consider installing the following:

SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm

;)
These are the results of online virusscan with symantecsite:

15224 files scanned, 101 file(s) infected on your disk drives.

C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000584.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000585.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000586.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000587.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000588.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000589.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000590.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000591.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000592.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000593.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000594.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000595.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000596.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000597.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000598.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000599.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000600.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000601.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000602.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000603.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000604.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000605.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000606.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000607.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000608.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000609.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000610.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000611.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000612.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000613.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000614.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000615.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000616.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000617.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000618.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000619.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000620.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000621.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000622.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000623.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000624.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000625.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000626.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000627.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000628.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000629.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000630.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000631.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000632.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000633.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000634.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000635.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000636.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000637.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000638.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000639.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000640.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000641.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000642.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000643.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000644.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000645.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000646.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000647.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000648.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000649.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000650.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000651.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000652.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000653.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000654.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000655.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000656.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000657.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000658.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000659.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000660.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000661.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000662.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000663.exe is infected with Backdoor.Sdbot.F
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000664.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000665.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000666.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000667.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000668.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000669.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000670.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000671.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000672.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000673.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000674.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000675.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000676.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000677.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000678.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000679.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000680.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000681.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000682.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000683.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP3\A0000684.exe is infected with W32.Kwbot.F.Worm


but seems a little strange to me ..., and SpyBots can't download updates says: Can't recieve udate date. (translated from dutch :)) i'm going to try another online virusscan now already thank you for so far ;-)
 
Joined
Jul 26, 2002
Messages
46,349
All those files are in System Restore. To get rid of those you'll have to turn off System Restore to purge all restore points.

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

Now post another Hijack This log please so we can make sure you are clean before you turn System Restore back on.
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
Logfile of HijackThis v1.97.7
Scan saved at 20:40:02, on 13-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

so that's what left, do i have to remove that all again ?
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
Hey guys goodevening,

I runned KazaaBegone now, and it says everything about kazaa is gone this is my SaveLog right now:

Logfile of HijackThis v1.97.7
Scan saved at 18:36:47, on 14-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Winamp\winamp.exe
C:\mirc\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

Msn is still not working :(
 
Joined
Jul 26, 2002
Messages
46,349
Hijack This again and put a check by these. Close all windows except Hijack This and "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {E4345659-2EE8-45D9-873A-9A23CDF67380} - C:\WINDOWS\System32\adsldmpc.dll (file missing)

O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


Restart to safe mode and delete:

The c:\program files\altnet folder
The C:\apps\ClickMe folder
The C:\WINDOWS\System32\P2P Networking folder

How to start your computer in safe mode
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
Allright everything you said, i've done, and it helped couse i don't recieve message from system32 any longer, but msn still not working how is that possible ? It's not because my account, it's becouse my computer i'm almost sure of that. Hey guys, i really wanna donate, i wanna give 10 euro now, and if my msn works again i wanna give another 10 euro, but how i do that?? Couse i don't have any creditcard or something .... :(.
Well here is my Hijack This SaveLog:

Logfile of HijackThis v1.97.7
Scan saved at 15:27:07, on 15-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

so i hope you can help me further, if you can't no problem already thanx now !!!! this is really great site :) :) :)
 
Joined
Jul 26, 2002
Messages
46,349
What MSN isn't working? MSN Messeger? MSN internet access or what?

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s


Restart to safe mode and delete:

The c:\program files\altnet folder
The C:\WINDOWS\System32\P2P Networking folder
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
Logfile of HijackThis v1.97.7
Scan saved at 19:14:02, on 15-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\mirc\mirc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsvhoek.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBC9F5E-FCB2-4A80-BDF4-18552D8831D5}: NameServer = 195.121.1.34 195.121.1.66

Allright this is what left now, well it's MSN Messenger what's not working, and yahoo didn't work either but i removed yahoo now. And my bank who saves my money have a page on the internet too, you can order your moneytransfers and everything online, but i can't open the site on this computer, but on my old computer it's no problem. I really don't understand.
 
Joined
Jul 26, 2002
Messages
46,349
What happens when you try to acess MSN Messenger and that site? Do you get an error message? If so what is the exact error message?

The log is clean now.
 

emmerrrr

Thread Starter
Joined
Apr 13, 2004
Messages
7
well when i try to connect with msn messenger with my accectly username and password i recieve this message:Login to .Net Messenger Service is failed, maybe because a problem with your internet connection. Try again later. 0x81000370
And when i try to login on the website of MSN, the loginpage won't load, it's just empty.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top