| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 42723 | 2004-02-20 10:46:00 | IE Home Page | jh47pcw2 (5291) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 216868 | 2004-02-27 11:45:00 | You will need to get hijack from here Computer cops (computercops.biz) Net-Intergration is down due to a DDoS attack, along with a few other anti spyware site's. There's also a few other good tool's to be had at the site. Al. |
AL... (5272) | ||
| 216869 | 2004-02-28 06:33:00 | Thanks Al Yeah I had tried and failed so I was going to try again "later" Cheers John |
jh47pcw2 (5291) | ||
| 216870 | 2004-02-28 06:50:00 | Hi Al The log fromhijack this Few I can see that should go Logfile of HijackThis v1.97.7 Scan saved at 19:28:32, on 29/02/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\UTILITIES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RSRCMTR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\HOTKEY32.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE C:\PROGRAM FILES\UTILITIES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\UTILITIES\TURBOZIP EXPRESS\TURBOZIPX.EXE C:\TEMP\TOOLSDOWNLOADS\VIR-ETC\HIJKTHS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R3 - URLSearchHook: {0000031A-0000-0000-C000-000000000046} - - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ASUSKey] HOTKEY32.EXE O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [EAPCISetup] C:\AUDIOPCI\sbsetup.exe O4 - HKLM\..\Run: [Vet Start Up] C:\PROGRA~1\INOCUL~1\VET98.EXE /PROGRESSIVE O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\INOCUL~1\VETTRAY.EXE O4 - HKLM\..\Run: [SYSWB6] SYSWB6 O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\UTILIT~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [win32us] c:\windows\system\win32us.exe /noconnect O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ASUSTVSwitch] V3400TVP.EXE O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\UTILIT~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [SmartStatus] RunDLL32 C:\WINDOWS\FastFolders.dll,SmartStatus O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe O4 - HKCU\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Real.com (HKLM) O9 - Extra button: Net2Phone (HKLM) O9 - Extra 'Tools' menuitem: Net2Phone (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wrl: C:\Program Files\Netscape\Navigator\Program\PLUGINS\npl3d32.d ll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - fdl.msn.com O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - 209.48.69.51 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - toolbar.google.com O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - simcity.ea.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - www.pcpitstop.com O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - webpdp.gator.com O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - download.microsoft.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - 64.156.31.77 O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - www.fmn-media.com |
jh47pcw2 (5291) | ||
| 216871 | 2004-02-28 11:19:00 | Hi again Close all windows and have hijack fix these: All the "R" entries O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL (file missing) O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [win32us] c:\windows\system\win32us.exe /noconnect O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - 209.48.69.51 O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - webpdp.gator.com O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - 64.156.31.77 O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - www.fmn-media.com tificate.ocx Advise you to fix this too. It's a resource hog. Fixing it wont stop you useing Microsoft Office. O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Reboot to safe mode (hit F8 lot's at startup) find and delete these if still there C:\WINDOWS\secure.html <<file c:\windows\system\win32us.exe <<file C:\WINDOWS\dl.exe <<file C:\WINDOWS\dlm.exe<<file You may have to enable show all files to do this. Is this what I think it is? O4 - HKCU\..\Run: [SmartStatus] RunDLL32 C:\WINDOWS\FastFolders.dll,SmartStatus But I would like to know for sure so it can be added to list's to help other's. If you dont know what it is can you find "FastFolders.dll" zip a copy then fix the entry. I'll send an address for you to post it to. Reboot and see if you still have the problem. Let us know how you get on. Al. |
AL... (5272) | ||
| 216872 | 2004-02-28 21:00:00 | > Is this what I think it is? > O4 - HKCU\..\Run: [SmartStatus] RunDLL32 > C:\WINDOWS\FastFolders.dll,SmartStatus Well what do you think it is? Mike. |
Mike (15) | ||
| 216873 | 2004-02-28 22:27:00 | Well that was interesting ... I just googled C:\WINDOWS\FastFolders.dll,SmartStatus which gave one hit. Following that link gave me a message that my browser was not a Win32 browser and my Firefox popped up a download prompt of a windows executable called download_plugin.exe (156KB) as a webpage loaded called Crack Locator. That exe that tried to download automatically is not related to the Fast Folder program which the Crack Locator had information on. DON'T try this google search yourself using IE and unless your browser is fully secure against unrequested downloading of programs/exe's That unrequested download_plugin.exe appears to be Lop.com - infamous scum of the internet. Anyway, FastFolders appears to be a program that helps out finding files and folders. It is not freeware but has a demo available. More info on this program: www.desksoft.com |
Jen C (20) | ||
| 216874 | 2004-02-28 22:50:00 | Seems that both AVG and Vet Antivirus may be running. One or the other recommended but not both. By the time they stop fighting with each other, its too late. |
godfather (25) | ||
| 216875 | 2004-02-29 01:32:00 | I wouldnt worry about AVG. It play's well with other's. If it was any other two AV's then you'ed be spot on godfather. | AL... (5272) | ||
| 216876 | 2004-02-29 01:50:00 | > I wouldnt worry about AVG. It play's well with > other's. If it was any other two AV's then you'ed be > spot on godfather. AVG might play well with the other AV, but does the other AV play well with AVG? It's not worth the risk. Mike. |
Mike (15) | ||
| 216877 | 2004-02-29 10:34:00 | Thanks everyone Done the clean up Al. Didn't kinow waht vet was 'til I looked at the log. Since it is (apparently)in an inoculan folder I guess it is left over from when I used that as my virus s/w. But they decided to charge heaps and so I went to AVG. I guess I should kill the entries as they are no longer used. I don't think enough of inoculan is left to be a problem. Fastfolders was (is) a utility I got ages ago to try to get more data on folders than explorer gives you. But I wound up with TreeSize which works well. I use the free version of AVG which has no file scan is you use the net. Was thinking I might pay for the smarter version. But have you folk any suggestions? In addition, it seems you may need multiple tools to stay reasonably safe. eg dl.exe and dlm.exe. I guess theses are nasties. I assume they are associated with the Hannig.b trojan as I've had that a couple of times lately and AVG left them behind. Or is hannig.b just being opportune? Thanks again John |
jh47pcw2 (5291) | ||
| 1 2 | |||||