|
|
|
Intenet Explorer Hack
Showing all messages in thread #1113130809
Windows 2000 Annoyances Discussion Forum
The following are all of the messages in this thread (7 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
|
Intenet Explorer Hack
Sunday, April 10, 2005 at 4:00 am
Posted by Abu Bakar
(2 messages posted)
I am running IE 6.0.2800.11061C on Windows2000. Each time, I start IE, it opens a
bar (Blue) at the bottom offering different options. I am aware that it is some kind
of hack to my IE. I have used Spybot Search and Destroy, Adaware (Both with latest
updates), and I use Avast Anti-Virus software but still unable to get rid of this
annoying pop-up bar. Does anyone out there have encountered this problem and have
any solutions? Please help?
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Sunday, April 10, 2005 at 4:39 am
Posted by MrCharlie
(4071 messages posted)
Lets see what's on the system.
Can you please post a HiJackThis scan of your system. Download HJT into its own
folder, double click on the HJT.exe, scan and save log, note or word pad will open
and the log will be saved. Copy and paste that log into your reply. Please make sure
you check the "preserve spacing button" on the bottom of the posting page.
Download HJT.exe
MrC
On Sunday, April 10, 2005 at 4:00 am, Abu Bakar wrote:
>I am running IE 6.0.2800.11061C on Windows2000. Each time, I start IE, it opens
a
>bar (Blue) at the bottom offering different options. I am aware that it is some
kind
>of hack to my IE. I have used Spybot Search and Destroy, Adaware (Both with latest
>updates), and I use Avast Anti-Virus software but still unable to get rid of this
>annoying pop-up bar. Does anyone out there have encountered this problem and have
>any solutions? Please help?
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Sunday, April 10, 2005 at 7:54 am
Posted by DEX
(11745 messages posted)
Abu
Once you have the log file you may want to use this web site to help you analyze
it.
-------------------------
http://hijackthis.de/index.php?langselect=english
-----------------------------------------------
Once you copy the file in or use the log file.
Read the analyze web page from top to bottom
( it will give you list of items and advise/suggest what to do with them)
Look at all the RED taged items and also the ones
that are taged as Maybe Nasty... ( ! )
DON'T remove them if you are NOT sure about them..
CHECK on them 1st..
The analyze page will not know what you are running on your machine or
to say need to have running ,so take care b/4 you remove them..
READ,READ,READ and then act..
It will make a backup file just in case you need to put one of the items back in
look on the desktop when you are done..(.for the backup folder)
This one of the best little tools on the net and it's FREE
---------------------------------
Good Luck
τΏτ DEX
----------------------
download HiJack This ver.1.98.2
Use this program with care it will take out many items.
For the Advance computer user.
download from:
http://www.majorgeeks.com/download3155.html
Also read the one below
http://www.help2go.com/article153.html
Or download from:
http://tools.radiosplace.com/HijackThis.exe
ver.1.91
----------------------
On Sunday, April 10, 2005 at 4:00 am, Abu Bakar wrote:
>I am running IE 6.0.2800.11061C on Windows2000. Each time, I start IE, it opens
a
>bar (Blue) at the bottom offering different options. I am aware that it is some
kind
>of hack to my IE. I have used Spybot Search and Destroy, Adaware (Both with latest
>updates), and I use Avast Anti-Virus software but still unable to get rid of this
>annoying pop-up bar. Does anyone out there have encountered this problem and have
>any solutions? Please help?
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Monday, April 11, 2005 at 9:47 am
Posted by werner
(7042 messages posted)
Dex,just checked out this Site.Its pretty useful in my opinion.Kind of gives you
a Leg up on fighting Malware. :) W.
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Monday, May 2, 2005 at 5:55 am
Posted by Abu Bakar
(2 messages posted)
The log is as under:
Logfile of HijackThis v1.99.1
Scan saved at 10:52:53 PM, on 02/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
C:\WINNT\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dfsnpksrvbpocsnwotdi.com/_Dnsn7B06fTpOcrVunPsp4iQo96361rESB9DlaitUStPBWYhtuXm9hLulf9rlMRF.html
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467}
- C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics
12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110804
serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe
15 16 17
O4 - HKCU\..\Run: [Showknob] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCLIV~1\gram blah.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows
Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/292e63ea6075c3671d05/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01)
-
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager
Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC9F286-50EE-46B2-A84F-122A725757BD}: NameServer
= 203.2.75.132 198.142.0.51
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
/service (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
- C:\Program Files\Sygate\SPF\smc.exe
On Sunday, April 10, 2005 at 4:39 am, MrCharlie wrote:
>
>
>Lets see what's on the system.
>
> Can you please post a HiJackThis scan of your system. Download HJT into its own
>folder, double click on the HJT.exe, scan and save log, note or word pad will open
>and the log will be saved. Copy and paste that log into your reply. Please make
sure
>you check the "preserve spacing button" on the bottom of the posting page.
>Download HJT.exe
>
>MrC
>
>
>
>
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Monday, May 2, 2005 at 7:12 am
Posted by DEX
(11745 messages posted)
running process. (Athan.exe)
Athan - an application that calculates and reminds the five daily Islamic prayer
times for anywhere in the world. This is a unknown process
running process. (SystemTray.exe)
Added as a result of the BIGFOOT VIRUS! Note - this is not the valid SystemTray (SysTray.exe)
This is a nasty process! You should fix it and try to delete it manually
Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852]
- Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %
Must be fixed!
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
This entry is possibly nasty. Should be fixed.
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
This entry is possibly nasty. Should be fixed.
On Monday, May 2, 2005 at 5:55 am, Abu Bakar wrote:
>The log is as under:
>Logfile of HijackThis v1.99.1
>Scan saved at 10:52:53 PM, on 02/05/2005
>Platform: Windows 2000 SP4 (WinNT 5.00.2195)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
>Running processes:
>C:\WINNT\System32\smss.exe
>C:\WINNT\system32\winlogon.exe
>C:\WINNT\system32\services.exe
>C:\WINNT\system32\lsass.exe
>C:\Program Files\Sygate\SPF\smc.exe
>C:\WINNT\system32\svchost.exe
>C:\WINNT\system32\spoolsv.exe
>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
>C:\Program Files\Alwil Software\Avast4\ashServ.exe
>C:\WINNT\System32\cisvc.exe
>C:\WINNT\system32\crypserv.exe
>C:\WINNT\System32\svchost.exe
>C:\WINNT\system32\regsvc.exe
>C:\WINNT\system32\MSTask.exe
>C:\WINNT\system32\stisvc.exe
>C:\WINNT\System32\WBEM\WinMgmt.exe
>C:\WINNT\system32\svchost.exe
>C:\WINNT\System32\svchost.exe
>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
>C:\WINNT\Explorer.EXE
>C:\WINNT\SOUNDMAN.EXE
>C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
>C:\Program Files\Ahead\InCD\InCD.exe
>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
>C:\Program Files\Athan\Athan.exe
>C:\Program Files\ICQLite\ICQLite.exe
>C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
>C:\WINNT\system32\wuauclt.exe
>c:\progra~1\intern~1\iexplore.exe
>C:\Program Files\Internet Explorer\iexplore.exe
>C:\WINNT\System32\cidaemon.exe
>C:\Program Files\Internet Explorer\IEXPLORE.EXE
>C:\Program Files\Internet Explorer\IEXPLORE.EXE
>C:\PROGRA~1\DAP\DAP.EXE
>C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe
>C:\Program Files\Microsoft Office\Office\EXCEL.EXE
>
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dfsnpksrvbpocsnwotdi.com/_Dnsn7B06fTpOcrVunPsp4iQo96361rESB9DlaitUStPBWYhtuXm9hLulf9rlMRF.html
>O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
>O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
>Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467}
>- C:\WINNT\System32\msdxm.ocx
>O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
>Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
>O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
>O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
>O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
>O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
> -osboot
>O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
>O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics
>12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110804
>serial=DR12WTX-9999998-YSP lang=EN
>O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
>O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
>O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
>O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
>O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
>O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe
> 15 16 17
>O4 - HKCU\..\Run: [Showknob] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCLIV~1\gram blah.exe
>O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows
>Registry Repair Pro\RegistryRepairPro.exe 4
>O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
>7.0\Reader\reader_sl.exe
>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
>O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
>O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
>O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
>- C:\WINNT\System32\msjava.dll
>O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
>Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
>- C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
>O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
>O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
>C:\Program Files\ICQLite\ICQLite.exe
>O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
>O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/292e63ea6075c3671d05/netzip/RdxIE601.cab
>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
>- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab
>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
>O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01)
>-
>O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
>O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager
>Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
>O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
>O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC9F286-50EE-46B2-A84F-122A725757BD}:
NameServer
>= 203.2.75.132 198.142.0.51
>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program
>Files\Alwil Software\Avast4\aswUpdSv.exe
>O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
>O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
>/service (file missing)
>O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
>/service (file missing)
>O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
>Corp. - C:\WINNT\System32\dmadmin.exe
>O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
>- C:\Program Files\Sygate\SPF\smc.exe
>
>
>
>
>
[Reply or follow-up to this message]
|
re: Intenet Explorer Hack
Monday, May 2, 2005 at 4:49 pm
Posted by MrCharlie
(4071 messages posted)
Abu, you have a LOP infection.
It can along with MessengerPlus3.
The best way to deal with it is run their uninstaller and/or look in your add/remove
programs.
Look at the link below.
http://www.lop.com/help.html
Reboot and then post a fresh HJT log and we'll clean up the rest of it.
MrC
[Reply or follow-up to this message]
| |
Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
| |
Return to the Windows 2000 Discussion Forum
|
|
|
|
