 |  |  |  |  |  |  |  |
can not browse using url's only ip's work
Thread Solved
 |
thanks for your help!!
running win2k, ie6.0, and using sbc dsl.
cleaned trojan viruses using avg6.0, but now i can not browse using google.com in the address bar. if i type the ip address 216.239.39.99 it will go to the google home page. if i search for something and click on the url of one of the searched items i get page cannot be displayed. attached is my hijack log.
thanks and look forward to hearing from you.
Logfile of HijackThis v1.97.7
Scan saved at 5:57:12 AM, on 6/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNetFolder.Exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\system32\ole2nls.exe
C:\Documents and Settings\Administrator\My Documents\Kevin's\Spyware Stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
running win2k, ie6.0, and using sbc dsl.
cleaned trojan viruses using avg6.0, but now i can not browse using google.com in the address bar. if i type the ip address 216.239.39.99 it will go to the google home page. if i search for something and click on the url of one of the searched items i get page cannot be displayed. attached is my hijack log.
thanks and look forward to hearing from you.
Logfile of HijackThis v1.97.7
Scan saved at 5:57:12 AM, on 6/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNetFolder.Exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\system32\ole2nls.exe
C:\Documents and Settings\Administrator\My Documents\Kevin's\Spyware Stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
You've still got major problems. Before proceeding with HJT, download and run Ad Aware and SpyBot. Allow them to fix whatever they find and then post a fresh HJT log.
Links to the downloads are in my sig below. Also- follow the configuration instructions in the "Setting up Ad Aware and SpyBot" link before running the programs.
Links to the downloads are in my sig below. Also- follow the configuration instructions in the "Setting up Ad Aware and SpyBot" link before running the programs.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Cool- we'll be here.
And yeah- you'll definitely want to relax with some golfing before the shock of dealing with the 300+ pieces of malware that Ad Aware and SpyBot are going to find on your system...
:mrgreen:
And yeah- you'll definitely want to relax with some golfing before the shock of dealing with the 300+ pieces of malware that Ad Aware and SpyBot are going to find on your system...
:mrgreen:
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
thanks!! golf was good!!
here is the latest hijack.log after running ad aware and spybot.
Logfile of HijackThis v1.97.7
Scan saved at 9:47:06 PM, on 6/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ole2nls.exe
C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
take care!!!
here is the latest hijack.log after running ad aware and spybot.
Logfile of HijackThis v1.97.7
Scan saved at 9:47:06 PM, on 6/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ole2nls.exe
C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
take care!!!
OK- just got back from my girlfriend's kid's birthday dinner, and I'm off to bed soon. If no one picks up on this before tomorrow morning I'll get back to you then. Your log shows some obvious "nasties" in it, but it also has some suspicious looking stuff in it that I'm not sure about and just don't have the time to research tonight.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Sorry for the delay- the rest of the week just got very crazy.
Ok- you have a handful of nasty trojan/backdoor infections as well as a couple of bits of spyware.
I see that you're running both AVG and Norton; you should only use one AV program at a time. I'd highly suggest making sure your virus definitions are up to date and running a full system scan with one of those utilities. Additionally, you should probably do one of the free online virus scans:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/actives..._principal.htm
http://www.ravantivirus.com/scan/
-------------------------------------------
In HJT, check and fix the following:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON�*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3...ip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...lim/install.cab
You might also want to axe the "Viewpoint Manager" also.
Then:
Clear your cookies and browser cache, delete all Tempory Internet Files (enable the "delete ofline content" option when you do this)
Empty your trash
Reboot into safe mode
Set Windows Explorer to display all files (including hidden and system); find and delete every file referenced in the above "04" HJT entries
Find and delete the entire "wt" folder
Delete the "litmus" folder if it exists
Empty the trash and run the Anti-virus and anti-spyware programs again to see if the system comes up clean.
Ok- you have a handful of nasty trojan/backdoor infections as well as a couple of bits of spyware.
I see that you're running both AVG and Norton; you should only use one AV program at a time. I'd highly suggest making sure your virus definitions are up to date and running a full system scan with one of those utilities. Additionally, you should probably do one of the free online virus scans:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/actives..._principal.htm
http://www.ravantivirus.com/scan/
-------------------------------------------
In HJT, check and fix the following:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON�*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe
O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres
O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe
O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe
O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3...ip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...lim/install.cab
You might also want to axe the "Viewpoint Manager" also.
Then:
Clear your cookies and browser cache, delete all Tempory Internet Files (enable the "delete ofline content" option when you do this)
Empty your trash
Reboot into safe mode
Set Windows Explorer to display all files (including hidden and system); find and delete every file referenced in the above "04" HJT entries
Find and delete the entire "wt" folder
Delete the "litmus" folder if it exists
Empty the trash and run the Anti-virus and anti-spyware programs again to see if the system comes up clean.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
i did everything that you recommended. i ran avg and the system is clean. i ran spybot and i keep getting DSO Exploit after scanning. i try to fix them and run spybot again and they re-appear. is this a problem?
after this all the browser still will not let me browse using the url's.
the following is the latest hjt listing:
Logfile of HijackThis v1.97.7
Scan saved at 3:42:33 PM, on 6/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
again thanks for your help.
after this all the browser still will not let me browse using the url's.
the following is the latest hjt listing:
Logfile of HijackThis v1.97.7
Scan saved at 3:42:33 PM, on 6/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\winnt\system32\microsoft\temp\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
c:\winnt\system32\microsoft\temp\sud.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12
again thanks for your help.
Don't sweat the SpyBot DSO message- it's a known bug. You can read about it here:
http://forums.net-integration.net/in...=0&#entry81148
The presence of FireDeamon.exe and sud.exe indicate a possible trojan infection. See if the following applies to you:
http://support.microsoft.com/default...NoWebContent=1
Is it possible that you simply have a DNS problem? The conditions you desrcibe are exactly what would happen if your system couldn't contact a DNS server in the process of resolving URLs to their IP addresses.
Try this:
- Open a DOS box
- Type:
ping 64.233.167.99
and then:
ping www.google.com
If the first works, but the second doesn't (both pings should reasch Google), check the DNS server IP entries in your TCP/IP properties and make sure the IPs are present and correct.
http://forums.net-integration.net/in...=0&#entry81148
The presence of FireDeamon.exe and sud.exe indicate a possible trojan infection. See if the following applies to you:
http://support.microsoft.com/default...NoWebContent=1
Is it possible that you simply have a DNS problem? The conditions you desrcibe are exactly what would happen if your system couldn't contact a DNS server in the process of resolving URLs to their IP addresses.
Try this:
- Open a DOS box
- Type:
ping 64.233.167.99
and then:
ping www.google.com
If the first works, but the second doesn't (both pings should reasch Google), check the DNS server IP entries in your TCP/IP properties and make sure the IPs are present and correct.
Last edited by DMR; Jun 29th, 2004 at 4:56 pm.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Lost All Programs List from Start Menu
- Next Thread: hijacked
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday