1
Tech Clinic / help weird spyware problem
« on: February 28, 2006, 02:00:43 AM »
everythings okay.... i gotta reinstall ie6sp1 to run the panda but ill have the logs up pronto
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / help weird spyware problem
« on: February 28, 2006, 01:36:54 AM »
i didnt run panda yet, but im on it.... thanks a mil for the help and the pc is actin better. give me 5 more mins and ill be right back with a hijackthis and panda log
3
Tech Clinic / help weird spyware problem
« on: February 28, 2006, 01:21:38 AM »
Log of L2M9XFix v1.01a
************
Running from directory:
C:\WINDOWS\Desktop\l2m9xfix
************
Files found:
C:\WINDOWS\system\ADIMPPIF.DLL
C:\WINDOWS\system\ALID3DR3.DLL
C:\WINDOWS\system\CDDIAL32.DLL
C:\WINDOWS\system\DKCNDI.DLL
C:\WINDOWS\system\iofg95.dll
C:\WINDOWS\system\KCUSER.DLL
C:\WINDOWS\system\MMXML.DLL
C:\WINDOWS\system\WX2_32.DLL
************
Registry entries found:
[HKEY_CLASSES_ROOT\CLSID\{05D837E0-A2FE-11DA-AE8E-0010B58BC76F}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DKCNDI.DLL"
************
Killing Explorer
Done!
Killing Rundll32
Done!
Removing malicious CLSID(s)
Done!
Restarting Explorer
Done!
Deleting malicious files
Done!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 1:19:00 AM, on 2/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
O4 - Startup: settings.awc
its actually acting normal now, but i dont count my chickens 'fo they hatch
************
Running from directory:
C:\WINDOWS\Desktop\l2m9xfix
************
Files found:
C:\WINDOWS\system\ADIMPPIF.DLL
C:\WINDOWS\system\ALID3DR3.DLL
C:\WINDOWS\system\CDDIAL32.DLL
C:\WINDOWS\system\DKCNDI.DLL
C:\WINDOWS\system\iofg95.dll
C:\WINDOWS\system\KCUSER.DLL
C:\WINDOWS\system\MMXML.DLL
C:\WINDOWS\system\WX2_32.DLL
************
Registry entries found:
[HKEY_CLASSES_ROOT\CLSID\{05D837E0-A2FE-11DA-AE8E-0010B58BC76F}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DKCNDI.DLL"
************
Killing Explorer
Done!
Killing Rundll32
Done!
Removing malicious CLSID(s)
Done!
Restarting Explorer
Done!
Deleting malicious files
Done!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 1:19:00 AM, on 2/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
O4 - Startup: settings.awc
its actually acting normal now, but i dont count my chickens 'fo they hatch
4
Tech Clinic / help weird spyware problem
« on: February 28, 2006, 12:57:01 AM »
my aids infected host file
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
5
Tech Clinic / help weird spyware problem
« on: February 28, 2006, 12:38:06 AM »
i did have avg and it found nothing..... btw, the malware also makes my mouse stop moving. it doesnt do any abnormal movements, it just stops. i've check the mouse and it works fine in msdos and on another computer. it also lauches rundll32.exe alot. i dont know what the source folder for the rundll32 that is running is, so i dont know if its fake or not. spyware programs dont detect it and ive ran the sfc (system file checker) to verify it and it seems to be fine. i get popups in mozilla and ie6. ill have the panda report as soon as i can get this piece of sh** to work, without a mouse its not easy to select things using key-cuts, plus the malware takes over my browser when i try to enter urls
6
Tech Clinic / help weird spyware problem
« on: February 26, 2006, 10:19:13 PM »
Logfile of HijackThis v1.99.1
Scan saved at 10:00:45 PM, on 2/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MAGICKB\AALVOL.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] "C:\WINDOWS\scanregw.exe " /autorun
O4 - HKLM\..\Run: [TaskMonitor] "C:\WINDOWS\taskmon.exe"
O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
O4 - HKLM\..\Run: [AtiCwd32] "Aticwd32.exe"
O4 - HKLM\..\Run: [AtiKey] "Atitask.exe"
O4 - HKLM\..\Run: [MagicKB] "c:\MagicKB\AalVol.exe"
O4 - Startup: settings.awc
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
my host file changes and adds a bunch of ad urls to it..... pops up spawn up by them self. sbsd didnt find none. adaware finds them but cannot delete them because the files are in use. i cannot run adaware in safemode because my usb mouse will not work in in safemode and my pc doesnt have ps/2 ports. ive tried running
hijackthis
cwsshredder
spybot s&d
all in safe mode but they dont help
ive did the normal regedit and looking for them but there isnt any there CAN ANYBODY HELP?
Scan saved at 10:00:45 PM, on 2/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MAGICKB\AALVOL.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] "C:\WINDOWS\scanregw.exe " /autorun
O4 - HKLM\..\Run: [TaskMonitor] "C:\WINDOWS\taskmon.exe"
O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
O4 - HKLM\..\Run: [AtiCwd32] "Aticwd32.exe"
O4 - HKLM\..\Run: [AtiKey] "Atitask.exe"
O4 - HKLM\..\Run: [MagicKB] "c:\MagicKB\AalVol.exe"
O4 - Startup: settings.awc
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
my host file changes and adds a bunch of ad urls to it..... pops up spawn up by them self. sbsd didnt find none. adaware finds them but cannot delete them because the files are in use. i cannot run adaware in safemode because my usb mouse will not work in in safemode and my pc doesnt have ps/2 ports. ive tried running
hijackthis
cwsshredder
spybot s&d
all in safe mode but they dont help
ive did the normal regedit and looking for them but there isnt any there CAN ANYBODY HELP?
Pages: [1]