Virus Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
Hello. I was on the computer the other day and my Norton said my computer was infected. A message about something with BLOODHOUND came up and then my screen turned blue and it said i had the trojan-spy.smitfraud.c. I restarted my computer and a block came up and told me that deleting the virus had been unsucessful and asked what i wanted to do. I clicked Quarantine but it did not do anything. Now, I can't use internet explorer at all and my norton anti-virus will not run either. It keep saying the integrator could not be located and also that a winnet file can't be found. Please Help! (n)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,217
Hi and welcome to TSG,

You can download HijackThis to a floppy and install it on the infected machine.

Please do this. Click here to download HijackThis.

Close all open windows and open HijackThis. Click “Scan”. When the scan is finished, the scan button will change to “Save Log”. Click on “Save Log” and then save it to Notepad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
Once that is downloaded it asked me if I wanted to UnZip the files. Do I have to? I really do not know anything about computers. Somebody came and tried to fix the compuer today. The virus is supposedly gone but the Norton will not update for us. Also when we are online a message keeps popping up in the corner saying scanning messages. We are not sending any e-mail though. Also, hotmail will not open up and we can't change our homepage back to what it originally was. There must still be a bad virus or something. Do u still want the log?
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
I don't know what to do after I download the HiJackThis file. The box comes up and asks me if I want to Unzip them and what folder to do it in. Or if I want to run Winzip. I'm not sure what to do with it??
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
Okay I can get to that part and I scanned and I have the log but I'm not sure how to save it into Notepad. It will not let me. Plus everytime I scan Norton says repair successful. How do I save it into notepad?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,217
When the scan is finished, the scan button will change to “Save Log”. Click on “Save Log” and then Notepad will automaticaly open up. Save it there. Then click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
It is not letting me save it in notepad. Everytime i try to save it anywhere a Norton message comes up saying that the Repair was successful on the file C:programs HiJackThis. Notepad does not automatically open up when I click save log. I have no idea what to do.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,217
You could save it in Word if you can copy and paste it. If you have to, disconnect from the Internet and disable Norton so you can produce a log. Then reenable Norton before reconnecting and posting the log.
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
Sorry about the wait. As soon as I disabled Norton it worked in Notepad. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:38:35 PM, on 7/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\SVCNT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzkgl.dll/sp.html#17449
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzkgl.dll/sp.html#17449
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontera.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {B2537123-0620-D04F-51F4-07FA14844773} - C:\WINDOWS\SYSTEM\MSOT32.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\HIGH SPEED DIAL-UP\HSDIAL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\HIGH SPEED DIAL-UP\HSDIAL.EXE/250
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {217234FC-041F-4F27-84AB-8329440C4DED} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1ca.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f7202f894fff06/netzip/RdxIE601.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\abirvalg32.dll
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,217
First copy the contents of the quote box to Notepad. Go to File - Save As and name it Fix.reg (save as type: “all files” )
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

You will need to download the following tools and have them ready to run. Do not run any of them until instructed to do so:


Click here to download smitRem.zip.
  • Save the file to your desktop.
  • Unzip smitRem.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


Go here to download CCleaner.
  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the "Options" button.
  • Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.


Click here to download Killbox and save it to your desktop.

Click here: http://cwshredder.net/bin/CWSInstall.exe to download CWSinstall.exe to the desktop.

Click: http://www.majorgeeks.com/AboutBuster_d4289.html to download AboutBuster created by Rubber Ducky.

Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit" because I don't want you to run it yet. Just get the updates so it is ready to run later in safe mode.



Go here and download Ad-Aware SE.
  • Install the program and launch it.
  • First in the main window look in the bottom right corner and click on Check for updates now
  • Click Connect and download the latest reference files.
  • Do not run Adaware yet. Just download the updates and have it ready to run later in safe mode.


Click here for info on how to boot to safe mode if you don't already know how.


Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


Restart your computer into safe mode now. Perform the following steps in safe mode:

Now set your computer to show all hidden files like so:


Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select show all files.
Click OK.


Double click on the fix.reg file you saved at the beginning to enter into the registry. Answer yes when asked to have its contents added to the registry.


RunHijack This again and put a check by these. Close ALL windows except HijackThis and click Fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzkgl.dll/sp.html#17449

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzkgl.dll/sp.html#17449

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {B2537123-0620-D04F-51F4-07FA14844773} - C:\WINDOWS\SYSTEM\MSOT32.DLL (file missing)

O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f...ip/RdxIE601.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe

O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\abirvalg32.dll



Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.


C:\WINDOWS\gzkgl.dll

C:\WINDOWS\SYSTEM\MSOT32.DLL

C:\WINDOWS\system32\svcnt.exe home

C:\WINDOWS\SYSTEM\abirvalg32.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


Next run Aboutbuster. Double click Aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.

Run CWShredder. Just click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do its thing.


Now launch Adaware:
  • From main window click Start then under Select a scan Mode tick Perform full system scan.
  • Next deselect Search for negligible risk entries.
  • Now to scan just click the Next button.
  • When the scan is finished mark everything for removal and get rid of it.
  • Right-click the window and choose select all from the drop down menu and click Next


Start CCleaner and click Run Cleaner


Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Go to Control Panel > Display. Click on the "Web" tab. Under "View my Active desktop as a web page" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button.
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.

Restart back into Windows normally now.


Download the Hoster from: http://www.funkytoad.com/download/hoster.zip. nZip the file and press "Restore Original Hosts" and press "OK". Exit Program.


Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself. Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
Hello, I was able to install all of the programs except AboutBuster and SmitRem.zip. After it comes in the Lotus program comes up and says it does support the file and it is invalid. Is there some other way I can install these two programs so it does not open in Lotus?
 

jennylynn

Thread Starter
Joined
Jul 15, 2005
Messages
23
I have the new HiJackThis log and the Active Scan results now. There is still a few problems though. When we try to go to sites like Hotmail and Sears it says we can't because the cookies are disabled. Both cookie settings are put on accept and when you try to change them at all they don't. Also, connecting to the internet is very very slow. Is there anything I ca do about these things?

Incident Status Location

Adware:adware/cws.008k No disinfected C:\WINDOWS\SYSTEM\appfy32.dll
Spyware:spyware/bridge No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.inf
Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fastvideoplayer.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Adware:adware/keenvalue No disinfected C:\PROGRAM FILES\PerfectNav
Adware:adware/gator No disinfected C:\WINDOWS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM\P2P Networking
Adware:adware/dluxde No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DLUXDE
Adware:adware/dealhelper No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WINDH
Spyware:spyware/bargainbuddy No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISEXENG
Spyware:spyware/dluca No disinfected HKEY_CURRENT_USER\SOFTWARE\PROGRAM INFO
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/navhelper No disinfected HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}
Spyware:spyware/altnet No disinfected HKEY_CLASSES_ROOT\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM\P2P Networking\MARSHAL2.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM\P2P Networking\P2P Networking.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM\P2P Networking v124.cpl
Spyware:Spyware/Smitfraud No disinfected C:\WINDOWS\SYSTEM32\svcnt.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:Trj/Stealer.B Disinfected C:\WINDOWS\spdhook.dll
Adware:Adware/ToolbarIns No disinfected C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
Adware:Adware/SaveNow No disinfected C:\Program Files\MyEmoticons\uninstall.exe
Virus:Trj/Downloader.DLH Disinfected C:\!Submit\abirvalg32.dll Logfile of HijackThis v1.99.1
Scan saved at 10:59:17 AM, on 7/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontera.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontera.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\HIGH SPEED DIAL-UP\HSDIAL.EXE/227
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\HIGH SPEED DIAL-UP\HSDIAL.EXE/250
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {217234FC-041F-4F27-84AB-8329440C4DED} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1ca.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top