Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojans, Spyware and Popups (Shellscrap)


  • Please log in to reply
6 replies to this topic

#1 Law14

Law14

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 08 June 2006 - 02:22 PM

Ok, I've done all I can on this and now it's time for the pros. I've removed tons of carp** from here, but have a problem with the last bit. Thank you very much for your help. I believe it's a Shellscrap issue, but can't seem to fix it myself.


Logfile of HijackThis v1.99.1
Scan saved at 1:17:01 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TalktoDino\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\s288lclu1fq8.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thank you again. You guys are amazing!

~Laurence

Edited by Law14, 08 June 2006 - 03:07 PM.

    Advertisements

Register to Remove


#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2006 - 05:44 PM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task .
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button , your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button .
  • You will receive a Done Scanning message, click OK .
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK .
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
http://www.ascentive...ib/MSWINSCK.OCX
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 Law14

Law14

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 08 June 2006 - 06:18 PM

You freakin rawk. Thank you so much. No pop ups anymore!!!!!!

Here's my L2Me log...


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/8/2006 4:52:05 PM

Infected! C:\WINDOWS\system32\s288lclu1fq8.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015528.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015540.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015561.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015565.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015577.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015581.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015591.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015638.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015648.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015711.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015726.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015730.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015770.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015772.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015888.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015893.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015924.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015971.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015984.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015988.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015995.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016017.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016021.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016048.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016053.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016061.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016066.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016073.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016074.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016079.dll
Infected! C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016083.dll
Infected! C:\WINDOWS\system32\dnutil.dll
Infected! C:\WINDOWS\system32\e8jm0i11e8.dll
Infected! C:\WINDOWS\system32\kodsl.dll
Infected! C:\WINDOWS\system32\kvdukx.dll
Infected! C:\WINDOWS\system32\pFnmap.dll
Infected! C:\WINDOWS\system32\s288lclu1fq8.dll
Infected! C:\WINDOWS\system32\wfiscmgr.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\s288lclu1fq8.dll
C:\WINDOWS\system32\s288lclu1fq8.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015528.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015528.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015540.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015540.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015561.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015561.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015565.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015565.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015577.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015577.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015581.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015591.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP254\A0015591.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015638.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015648.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015648.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015711.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015711.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015726.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015726.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015730.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP255\A0015730.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015770.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015770.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015772.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015772.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015888.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015888.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015893.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015893.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015924.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP256\A0015924.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015971.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015971.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015984.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015984.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015988.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015988.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015995.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0015995.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016017.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016021.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP257\A0016021.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016048.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016048.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016053.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016053.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016061.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016066.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016066.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016073.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016073.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016074.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016074.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016079.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016079.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016083.dll
C:\System Volume Information\_restore{DCE2DC31-8FBB-445F-A9EC-354D1801E59B}\RP258\A0016083.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnutil.dll
C:\WINDOWS\system32\dnutil.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e8jm0i11e8.dll
C:\WINDOWS\system32\e8jm0i11e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kodsl.dll
C:\WINDOWS\system32\kodsl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kvdukx.dll
C:\WINDOWS\system32\kvdukx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pFnmap.dll
C:\WINDOWS\system32\pFnmap.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s288lclu1fq8.dll
C:\WINDOWS\system32\s288lclu1fq8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wfiscmgr.dll
C:\WINDOWS\system32\wfiscmgr.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{224CADA4-A287-43AD-9D41-F78123C766F4}"
HKCR\Clsid\{224CADA4-A287-43AD-9D41-F78123C766F4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CAC2C2E5-1F39-4BE2-85EF-844A692209FC}"
HKCR\Clsid\{CAC2C2E5-1F39-4BE2-85EF-844A692209FC}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


Here's my HJT Log....


Logfile of HijackThis v1.99.1
Scan saved at 5:13:11 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TalktoDino\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Anything else I need to do?

#4 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2006 - 06:32 PM

Just a little "tidying up". :thumbup:

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

Then click "Fix checked" and close Hijack This!.

Reboot and "copy/paste" a new HijackThis! log file into this thread.

Your Java needs updated:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll

The latest version out is jre1.5.0_07

After updating you must remove previous versions via "Add/Remove Programs".

:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#5 Law14

Law14

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 08 June 2006 - 06:44 PM

Ok, here's my new HJT after the "cleanup". I will get the new java too. Thanks again!!!!!!!!!!

Laurence

Logfile of HijackThis v1.99.1
Scan saved at 5:38:04 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\TalktoDino\Desktop\Maintenance\hijackthis\HijackThis.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by Law14, 08 June 2006 - 06:45 PM.


#6 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2006 - 06:55 PM

Looks great!!! :thumbup:

Thank you for using the forum.

M68 :)

Post Infection Items To Ponder
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#7 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2006 - 10:00 PM

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link

(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users