 |  |  |  |  |  |  |  |
Re: Hijack log-WMP Internal application error ha occured
 |
This has been happening for a few months now and i have not been able to figure out the solution. Whenever i open up Windows Media Player, a message comes up saying " A internal application error has occured". I have tried to download WMP v.10 and the same thing happens when i open it up. What could be the problem?
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
__________________
MySignature
Dealing with Unwanted Spyware and Parasites
Logfile of HijackThis v1.99.0
Scan saved at 4:01:35 PM, on 12/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://search200.com/passthrough/ind...l?http://ABOUT
:BLANK
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Documents and
Settings\Tim Lee\Application
Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7:
user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5
Csearchplugins%5CSBWeb_01.src"); (C:\Documents and
Settings\Tim Lee\Application
Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) -
{014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO -
{0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program
Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn -
{3F0DE170-80FB-DABB-7A54-88D4A3D16C58} -
C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object -
{447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program
files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class -
{5B71E02D-4B7C-4266-8CA3-2135AF26104E} -
C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze -
{C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} -
C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe
/logon
O4 - HKLM\..\Run: [NeroCheck]
C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program
Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P
Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold]
C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WAST] C:\WINNT\WAST
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common
Files\Java\breg.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe
NORMAL
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program
Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared
Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program
Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... -
res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web
P2P Installer) -
O18 - Filter: text/html -
{CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program
files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVSync Manager - Network Associates, Inc.
- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software -
Eastman Kodak Company -
C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown -
C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates,
Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program
Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file
missing)
O23 - Service: ScsiAccess - Unknown -
C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices,
Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
__________________
MySignature
Dealing with Unwanted Spyware and Parasites
Logfile of HijackThis v1.99.0
Scan saved at 4:01:35 PM, on 12/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://search200.com/passthrough/ind...l?http://ABOUT
:BLANK
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Documents and
Settings\Tim Lee\Application
Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7:
user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5
Csearchplugins%5CSBWeb_01.src"); (C:\Documents and
Settings\Tim Lee\Application
Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) -
{014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO -
{0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program
Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn -
{3F0DE170-80FB-DABB-7A54-88D4A3D16C58} -
C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object -
{447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program
files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class -
{5B71E02D-4B7C-4266-8CA3-2135AF26104E} -
C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze -
{C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} -
C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe
/logon
O4 - HKLM\..\Run: [NeroCheck]
C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program
Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P
Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold]
C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WAST] C:\WINNT\WAST
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common
Files\Java\breg.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe
NORMAL
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program
Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared
Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program
Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... -
res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web
P2P Installer) -
O18 - Filter: text/html -
{CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program
files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVSync Manager - Network Associates, Inc.
- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software -
Eastman Kodak Company -
C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown -
C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates,
Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program
Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file
missing)
O23 - Service: ScsiAccess - Unknown -
C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices,
Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
•
•
Join Date: Aug 2003
Posts: 9,430
Reputation: 
Solved Threads: 476
Hi! To start with I would like you to do this
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.
Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT
First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot
Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.
Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware
Then post a new HJT log as a reply to this topic.
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.
Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT
First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot
Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.
Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware
Then post a new HJT log as a reply to this topic.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Aug 2003
Posts: 9,430
Reputation:
Solved Threads: 476
just want add that the next time you post a new log just copy and paste it from note pad to here in a quick reply just below this post
Linux boot cd http://www.knopper.net/knoppix/index-en.html
ok - I did everything you requested.
Following are the infected files that were not removed by the virus software and the hijack log file. Housecall would not open in Netscape, so I used AVG and Stinger.
C:\WINNT\system32\dbentry.exe:\explorer.sys Virus found IRC/BackDoor.Flood Infected, Embedded object
C:\WINNT\system32\dbentry.exe:\frntok.exe Trojan horse HideWindow Infected, Embedded object
C:\WINNT\system32\dbentry.exe:\lxmstart.exe Virus identified Worm/Tzet.A Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-4c5d21ff.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-4c5d21ff.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\winmodem.exe Trojan horse Startpage.10.AH Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\rundll32.exe Trojan horse Startpage.9.BB Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\count1.jar-5e1a93af-7a256ca2.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\Bubble.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\freemovies.jar-677d2343-28b46ff1.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv133.jar-7cfa3db3-3d980ff3.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv133.jar-7cfa3db3-3d980ff3.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\count1.jar-200a5225-79d5ffa4.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\winmodem.exe Trojan horse Startpage.10.AH Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\rundll32.exe Trojan horse Startpage.9.BB Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv342.jar-63d61450-1f4333b2.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv342.jar-63d61450-1f4333b2.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
Logfile of HijackThis v1.99.0
Scan saved at 4:35:46 PM, on 12/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/ind...//foxnews.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class - {5B71E02D-4B7C-4266-8CA3-2135AF26104E} - C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Following are the infected files that were not removed by the virus software and the hijack log file. Housecall would not open in Netscape, so I used AVG and Stinger.
C:\WINNT\system32\dbentry.exe:\explorer.sys Virus found IRC/BackDoor.Flood Infected, Embedded object
C:\WINNT\system32\dbentry.exe:\frntok.exe Trojan horse HideWindow Infected, Embedded object
C:\WINNT\system32\dbentry.exe:\lxmstart.exe Virus identified Worm/Tzet.A Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-4c5d21ff.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-4c5d21ff.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-4586aac9.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\clsld.jar-455f8b8a-5dd26592.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\winmodem.exe Trojan horse Startpage.10.AH Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-487b52a0-7e5a2f0d.zip:\rundll32.exe Trojan horse Startpage.9.BB Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-221510f7-5c85b9b6.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-6a3ab14e-6c288c9f.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\count1.jar-5e1a93af-7a256ca2.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\Bubble.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-2136efd4.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\freemovies.jar-677d2343-28b46ff1.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv133.jar-7cfa3db3-3d980ff3.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv133.jar-7cfa3db3-3d980ff3.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-5aefffee-72e70e79.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\count1.jar-200a5225-79d5ffa4.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-34ea5eb2-51e39463.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-d350ec1-4745c3b1.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\winmodem.exe Trojan horse Startpage.10.AH Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\archive.jar-4235d44a-208246dd.zip:\rundll32.exe Trojan horse Startpage.9.BB Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv342.jar-63d61450-1f4333b2.zip:\Counter.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\loaderadv342.jar-63d61450-1f4333b2.zip:\Parser.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-2dd0698-28708d24.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\GetAccess.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Tim Lee\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1375e84b.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
Logfile of HijackThis v1.99.0
Scan saved at 4:35:46 PM, on 12/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/ind...//foxnews.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class - {5B71E02D-4B7C-4266-8CA3-2135AF26104E} - C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
•
•
Join Date: Aug 2003
Posts: 9,430
Reputation:
Solved Threads: 476
My suggestion to you is this ,Go to control panel / add and remove programs and uninstall messenger plus 2 ,[it came with spyware ,you can reinstall it but when you do dont install the supporeted software ],then download trojanHunter 30 day trial
and scan with it also run spybot and ad-aware again making sure you check to to fix all it finds in RED.
,,,,,,,,,,,,,,,,,,,,,,,,,
online trojan /virus scan also
Please run these free online Virus scan
Be sure to Check off Auto Fix on this site
http://housecall.trendmicro.com/hous...start_corp.asp
please run this one also to be sure .
http://www.pandasoftware.com/actives..._principal.htm
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Also a trip to windows updates is needed for critical updates
WINDOWS UPDATES
and scan with it also run spybot and ad-aware again making sure you check to to fix all it finds in RED.
,,,,,,,,,,,,,,,,,,,,,,,,,
online trojan /virus scan also
Please run these free online Virus scan
Be sure to Check off Auto Fix on this site
http://housecall.trendmicro.com/hous...start_corp.asp
please run this one also to be sure .
http://www.pandasoftware.com/actives..._principal.htm
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Also a trip to windows updates is needed for critical updates
WINDOWS UPDATES
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
•
•
Originally Posted by caperjack
My suggestion to you is this ,Go to control panel / add and remove programs and uninstall messenger plus 2 ,[it came with spyware ,you can reinstall it but when you do dont install the supporeted software ],then download trojanHunter 30 day trial
and scan with it also run spybot and ad-aware again making sure you check to to fix all it finds in RED.
,,,,,,,,,,,,,,,,,,,,,,,,,
online trojan /virus scan also
Please run these free online Virus scan
Be sure to Check off Auto Fix on this site
http://housecall.trendmicro.com/hous...start_corp.asp
please run this one also to be sure .
http://www.pandasoftware.com/actives..._principal.htm
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Also a trip to windows updates is needed for critical updates
WINDOWS UPDATES
I ran everything you suggested with the exception of the panda virus scan - it would not load. I was able to get housecall to run by using the explorer browser.
The trojan hunter removed another 11 trojans.
What should i do next ?
•
•
Join Date: Aug 2003
Posts: 9,430
Reputation:
Solved Threads: 476
•
•
•
•
Originally Posted by jus learnin
I ran everything you suggested with the exception of the panda virus scan - it would not load. I was able to get housecall to run by using the explorer browser.
The trojan hunter removed another 11 trojans.
What should i do next ?
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Here's the new hijack log.
Logfile of HijackThis v1.99.0
Scan saved at 8:52:32 AM, on 1/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/ind...://ABOUT:BLANK
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class - {5B71E02D-4B7C-4266-8CA3-2135AF26104E} - C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Logfile of HijackThis v1.99.0
Scan saved at 8:52:32 AM, on 1/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PROCRE~1\upload mode third.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\Services32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/ind...://ABOUT:BLANK
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tim Lee\Application Data\Mozilla\Profiles\default\7f1osgn1.slt\prefs.js)
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing)
O2 - BHO: TChkBHO Class - {5B71E02D-4B7C-4266-8CA3-2135AF26104E} - C:\WINNT\system32\oymikwg.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - c:\program files\clientman\run\searchrep4acf6c0b.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
•
•
Join Date: Aug 2003
Posts: 9,430
Reputation:
Solved Threads: 476
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/in...p://about:BLANK
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing
I can't find any info on these 2 ,do you lnow what Bowsan~1 is ,if no you can fix them .
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
I suggest you go to add and remove programs in the control panel and uninstall p2p networking its not needed ,and Messenger plus 2,it came with the spyware you have on you computer ,you can reinstall it later but install with out the support software ,
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
Now reboot into safe mode and delete the following files and folders if found .
C:\PROGRA~1\PROCRE~1\upload mode third.exe,,,,,delete file
C:\WINNT\ASTART,,,,delete file
C:\WINNT\Services32.exe ,,,,delete file
C:\WINNT\fash.exe,,,,delete file
to delete the above files and folder you will need to do the following.
go to
Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/in...p://about:BLANK
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - c:\program files\clientman\run\bundleaef94639.dll (file missing
I can't find any info on these 2 ,do you lnow what Bowsan~1 is ,if no you can fix them .
O2 - BHO: long meow burn - {3F0DE170-80FB-DABB-7A54-88D4A3D16C58} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O3 - Toolbar: view ooze - {C3F78CC8-F0A2-FB38-4E32-DD0295889BCB} - C:\PROGRA~1\BOWSAN~1\BitsObj.dll
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
I suggest you go to add and remove programs in the control panel and uninstall p2p networking its not needed ,and Messenger plus 2,it came with the spyware you have on you computer ,you can reinstall it later but install with out the support software ,
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Great hold] C:\PROGRA~1\PROCRE~1\upload mode third.exe
O4 - HKLM\..\Run: [ASTART] C:\WINNT\ASTART
O4 - HKCU\..\Run: [System32] C:\WINNT\Services32.exe NORMAL
O4 - HKLM\..\Run: [fash] C:\WINNT\fash.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
Now reboot into safe mode and delete the following files and folders if found .
C:\PROGRA~1\PROCRE~1\upload mode third.exe,,,,,delete file
C:\WINNT\ASTART,,,,delete file
C:\WINNT\Services32.exe ,,,,delete file
C:\WINNT\fash.exe,,,,delete file
to delete the above files and folder you will need to do the following.
go to
Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Feb 2004
Posts: 9,925
Reputation:
Solved Threads: 709
Those entries are LOP related caperjack.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- WMP Internal application error ha occured (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday