If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#76
|
|||
|
|||
programs stop reponding
Hi Kim,
Thanks for the feedback. This: O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) appears to be malware according to this page: http://www.pestpatrol.com/PestInfo/w..._installer.asp follow the instructions in this page for its removal. But before, export the registry using Start run regedit File Export and create a restore point. You might also want to post your Hijack This log he http://www.cybertechhelp.com/forums/ for more opinions. That one is the main suspect. After you have done this, let's see if you can get to Yahoo Games. Good luck On Mon, 12 Apr 2004 12:46:05 -0700, Kim M. wrote: I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
Ads |
#77
|
|||
|
|||
programs stop reponding
I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim |
#78
|
|||
|
|||
programs stop reponding
Kim,
On Sun, 11 Apr 2004 22:06:04 -0700, Kim M. wrote: Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur? Thanks Kim M. You can download Hijack This from he http://www.mjc1.com/files/merijn/hijackthis.exe Go he http://mjc1.com/mirror/hjt/ For instructions on how to use it; you have to post the log it makes so experts tell you what is good and what is malware. What you will do is a scan of your system and post the results of the scan so experts can tell you which parts are malware and safe to delete. Good luck |
#79
|
|||
|
|||
programs stop reponding
Kim,
On Sun, 11 Apr 2004 22:06:04 -0700, Kim M. wrote: Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur? Thanks Kim M. You can download Hijack This from he http://www.mjc1.com/files/merijn/hijackthis.exe Go he http://mjc1.com/mirror/hjt/ For instructions on how to use it; you have to post the log it makes so experts tell you what is good and what is malware. What you will do is a scan of your system and post the results of the scan so experts can tell you which parts are malware and safe to delete. Good luck |
#80
|
|||
|
|||
programs stop reponding
I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
#81
|
|||
|
|||
programs stop reponding
Kim,
On Sun, 11 Apr 2004 22:06:04 -0700, Kim M. wrote: Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur? Thanks Kim M. You can download Hijack This from he http://www.mjc1.com/files/merijn/hijackthis.exe Go he http://mjc1.com/mirror/hjt/ For instructions on how to use it; you have to post the log it makes so experts tell you what is good and what is malware. What you will do is a scan of your system and post the results of the scan so experts can tell you which parts are malware and safe to delete. Good luck |
#82
|
|||
|
|||
programs stop reponding
Hi Kim,
Thanks for the feedback. This: O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) appears to be malware according to this page: http://www.pestpatrol.com/PestInfo/w..._installer.asp follow the instructions in this page for its removal. But before, export the registry using Start run regedit File Export and create a restore point. You might also want to post your Hijack This log he http://www.cybertechhelp.com/forums/ for more opinions. That one is the main suspect. After you have done this, let's see if you can get to Yahoo Games. Good luck On Mon, 12 Apr 2004 12:46:05 -0700, Kim M. wrote: I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
#83
|
|||
|
|||
programs stop reponding
I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
#84
|
|||
|
|||
programs stop reponding
Hi Kim,
Thanks for the feedback. This: O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) appears to be malware according to this page: http://www.pestpatrol.com/PestInfo/w..._installer.asp follow the instructions in this page for its removal. But before, export the registry using Start run regedit File Export and create a restore point. You might also want to post your Hijack This log he http://www.cybertechhelp.com/forums/ for more opinions. That one is the main suspect. After you have done this, let's see if you can get to Yahoo Games. Good luck On Mon, 12 Apr 2004 12:46:05 -0700, Kim M. wrote: I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
#85
|
|||
|
|||
programs stop reponding
Kim,
On Sun, 11 Apr 2004 22:06:04 -0700, Kim M. wrote: Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur? Thanks Kim M. You can download Hijack This from he http://www.mjc1.com/files/merijn/hijackthis.exe Go he http://mjc1.com/mirror/hjt/ For instructions on how to use it; you have to post the log it makes so experts tell you what is good and what is malware. What you will do is a scan of your system and post the results of the scan so experts can tell you which parts are malware and safe to delete. Good luck |
#86
|
|||
|
|||
programs stop reponding
I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim |
#87
|
|||
|
|||
programs stop reponding
Hi Kim,
On Mon, 12 Apr 2004 17:56:02 -0700, Kim M. wrote: I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed.. .is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found . If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim You don't have to buy the software. Especially when you can use ad-aware and spybot which are free to do your routine scans for malware. To get rid of this specific malware, you can do it yourself, manually, if you follow the instructions of this page: http://www.pestpatrol.com/PestInfo/w..._installer.asp You only have to delete some registry keys: HKEY_CLASSES_ROOT\clsid\{1d6711c8-7154-40bb-8380-3dea45b69cbf} HKEY_CLASSES_ROOT\webp2pinstaller.installer HKEY_CLASSES_ROOT\webp2pinstaller.installer.1 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1d6711c8-7154-40bb-8380-3dea45b69cbf} Make a copy of it before you start (Start Run regedit File Export) and create a restore point for added safety. Good luck |
#88
|
|||
|
|||
programs stop reponding
I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...
is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim |
#89
|
|||
|
|||
programs stop reponding
Kim,
On Sun, 11 Apr 2004 22:06:04 -0700, Kim M. wrote: Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? R ight after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur? Thanks Kim M. You can download Hijack This from he http://www.mjc1.com/files/merijn/hijackthis.exe Go he http://mjc1.com/mirror/hjt/ For instructions on how to use it; you have to post the log it makes so experts tell you what is good and what is malware. What you will do is a scan of your system and post the results of the scan so experts can tell you which parts are malware and safe to delete. Good luck |
#90
|
|||
|
|||
programs stop reponding
I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games s
till won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.). Thank you, Kim M. P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!! Logfile of HijackThis v1.97.7 Scan saved at 3:37:09 PM, on 4/12/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\toshiba\ivp\ISM\pinger.exe C:\PROGRA~1\EzButton\CP888M1.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe c:\Temp\Rar$EX12.032\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
Thread Tools | |
Display Modes | |
|
|