« previous next »
Pages: [1]

Author Topic: CoolWWWSearch.Leftovers & EffectiveBandToolbar  (Read 882 times)

chels82

  • Guest
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« on: April 02, 2005, 06:56:24 PM »
I can't use my IE at all, it's very frustrating.  I've tried Spybot and of course, that didn't get rid of it.

Logfile of HijackThis v1.99.1
Scan saved at 3:17:11 PM, on 4/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
D:\AMERICA ONLINE 9.0\DOWNLOAD\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\AMERICA ONLINE 9.0\WEmail RemovedEXE
D:\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O2 - BHO: (no name) - {75D16F01-9EB1-11D9-AB5E-4445A30A93E7} - C:\WINDOWS\SYSTEM\PJDI.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} - http://fdl.msn.com/public/oc/setupbbs.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL
O18 - Filter: text/plain - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL

I apologize for not reading the rules before, I hope you will still be willing to help me.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« Reply #1 on: April 02, 2005, 07:07:40 PM »
Thank you for Registering
I'm just stepping out the door for a few hours

But could you in the meantime

Download Startdreck.zip
Unzip it to it's own folder
[attachment=105:attachment]

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post this log

Also
Download DLLCompare

Start the Program and click the Run Locate.com
Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button and post it back here

Also post a fresh Hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

chels82

  • Guest
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« Reply #2 on: April 02, 2005, 07:40:55 PM »
StartDreck results

StartDreck (build 2.1.7 public stable) - 2005-04-02 @ 16:28:25 (GMT -08:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as Chelsea at DELL INSPIRON

»Registry
 »Run Keys
  »Current User
   »Run
    *MoneyAgent="c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Default User
   »Run
    *MoneyAgent="c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Local Machine
   »Run
    *SystemTray=SysTray.Exe
    *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *LoadQM=loadqm.exe
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *AOLDialer=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    *AOL Spyware Protection="D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
    *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    +OptionalComponents
     +MSFS
      *Installed=1
     +MAPI
      *Installed=1
      *NoChange=1
     +MAPI
      *Installed=1
      *NoChange=1
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *AolAcsDaemon1="C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
   »RunServicesOnce
   »RunOnceEx
   »RunServicesOnceEx
 »Browser Helper Objects (LM)
  *WER8274.WER8274.1/{CF021F40-3E14-23A5-CBA2-717765728274}
   `InprocServer32=C:\WINDOWS\SYSTEM\WER8274.DLL
  *{75D16F01-9EB1-11D9-AB5E-4445A30A93E7}
   `InprocServer32=C:\WINDOWS\SYSTEM\PJDI.DLL
  *{53707962-6F74-2D53-2644-206D7942484F}
   `InprocServer32=D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
»Files
»System/Drivers
 »Running Processes
  +FFEFC2DF=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFF95BB=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFF820B=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE78C3=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFE106B=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFE1CD7=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
  +FFFEC893=C:\WINDOWS\EXPLORER.EXE
  +FFFD229F=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFFD9B57=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
  +FFFD898F=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
  +FFFC6F73=C:\WINDOWS\TASKMON.EXE
  +FFFC48A3=C:\WINDOWS\LOADQM.EXE
  +FFFC39C7=C:\WINDOWS\SYSTEM\QTTASK.EXE
  +FFFC29A3=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
  +FFFC284B=D:\AMERICA ONLINE 9.0\DOWNLOAD\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
  +FFFCE52B=D:\PROGRAM FILES\AIM\AIM.EXE
  +FFFB24E7=D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
  +FFFB7577=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFFA0DB7=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFF8A53F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF8BE57=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFF82DB3=C:\WINDOWS\RUNDLL32.EXE
  +FFF83093=D:\AMERICA ONLINE 9.0\WEmail RemovedEXE
  +FFF62747=D:\AMERICA ONLINE 9.0\SHELLMON.EXE
  +FFF673DB=C:\WINDOWS\SYSTEM\SPOOL32.EXE
  +FFF4887F=C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
  +FFF32783=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
  +FFF37D63=D:\PROGRAM FILES\STARTD\STARTDRECK.EXE
»Application specific


*    DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />"
________________________________________________

863 items found:  863 files, 0 directories.
Total of file sizes:  141,430,308 bytes    134.88 M

--------------------End log---------------------


Logfile of HijackThis v1.99.1
Scan saved at 4:40:30 PM, on 4/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
D:\AMERICA ONLINE 9.0\DOWNLOAD\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\AMERICA ONLINE 9.0\WEmail RemovedEXE
D:\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
D:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O2 - BHO: (no name) - {75D16F01-9EB1-11D9-AB5E-4445A30A93E7} - C:\WINDOWS\SYSTEM\PJDI.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} - http://fdl.msn.com/public/oc/setupbbs.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL
O18 - Filter: text/plain - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« Reply #3 on: April 02, 2005, 10:34:53 PM »
===Download and Install this small program
to help clean your temp folders,cookies,recylebin
Windows Cleanup
Install for now, don't run a scan yet

===Download CWShredder.exe from my signature below and save it too desktop

===Download and Save Remove.zip and UNZIP the contents too desktop so you now have Remove.reg on the desktop
[attachment=107:attachment]

===Download the Pocket Killbox
UNZIP it to a folder of your choice

Save these instructions to a Notepad file on your desktop
Disconnect from the Internet (Close down all browser windows) and all unnecessary programs running in the background

Run Pocket KillBox>>Now you have Killbox and this notepad file open
click on Tools --> Select Delete Temp Files. Click OK.

In the Full Path of File to Delete box, copy and paste the entire line directly below in bold

C:\WINDOWS\SYSTEM\WER8274.DLL

Select the radio button to
 Delete on Reboot

Click The Red circle and a white X
When prompted to Delete on Reboot, click YES
If prompted to Reboot Now, Click NO

Do the same for this file
C:\WINDOWS\SYSTEM\PJDI.DLL

and this one
C:\WINDOWS\TEMP\SE.DLL

But this time allow the computer to Reboot
or reboot anyways

Back in Windows, stay disconnected from the Internet

Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DON'T log off or restart yet

Instead,

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O2 - BHO: (no name) - {75D16F01-9EB1-11D9-AB5E-4445A30A93E7} - C:\WINDOWS\SYSTEM\PJDI.DLL
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O13 - WWW. Prefix: http://

O18 - Filter: text/html - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL
O18 - Filter: text/plain - {75D16F00-9EB1-11D9-AB5E-4445CC46367C} - C:\WINDOWS\SYSTEM\PJDI.DLL

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on Remove.reg and allow to merge to the registry

Open just CWShredder, click only the FIX button, let it fix what it finds

Restart your computer and post back a fresh Hijackthis log
and a new Startdreck log
« Last Edit: April 09, 2005, 02:43:05 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

chels82

  • Guest
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« Reply #4 on: April 02, 2005, 11:26:08 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:18:35 PM, on 4/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
D:\AMERICA ONLINE 9.0\DOWNLOAD\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\CWB3DSND.EXE
D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=c:\DELL\WINBATCH.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {8F0F5093-0A70-11D0-BCA9-00C04FD85AA6} - http://fdl.msn.com/public/oc/setupbbs.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab




StartDreck (build 2.1.7 public stable) - 2005-04-02 @ 20:19:19 (GMT -08:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as Chelsea at DELL INSPIRON

»Registry
 »Run Keys
  »Current User
   »Run
    *MoneyAgent="c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Default User
   »Run
    *MoneyAgent="c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    *AIM=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
   »RunOnce
  »Local Machine
   »Run
    *SystemTray=SysTray.Exe
    *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /q
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *AOLDialer=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    *AOL Spyware Protection="D:\AMERIC~1.0\DOWNLOAD\AOLSPY~1\AOLSP Scheduler.exe"
    +OptionalComponents
     +MSFS
      *Installed=1
     +MAPI
      *Installed=1
      *NoChange=1
     +MAPI
      *Installed=1
      *NoChange=1
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *AolAcsDaemon1="C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
   »RunServicesOnce
   »RunOnceEx
   »RunServicesOnceEx
 »File Associations (CR)
  +.bat
   *batfile="%1" %*
  +.com
   *comfile="%1" %*
  +.disabled
   *SpybotSD.DisabledFile="D:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
  +.exe
   *exefile="%1" %*
  +.hta
   *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
  +.htm
   *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
  +.html
   *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
  +.js
   *JSFile=c:\windows\WScript.exe "%1" %*
  +.jse
   *JSEFile=c:\windows\WScript.exe "%1" %*
  +.pif
   *piffile="%1" %*
  +.reg
   *regfile=regedit.exe "%1"
  +.scr
   *scrfile="%1" /S
  +.txt
   *txtfile=c:\windows\NOTEPAD.EXE %1
  +.vbs
   *VBSFile=c:\windows\WScript.exe "%1" %*
  +.vbe
   *VBEFile=c:\windows\WScript.exe "%1" %*
  +.wsh
   *WSHFile=c:\windows\WScript.exe "%1" %*
  +.wsf
   *WSFFile=c:\windows\WScript.exe "%1" %*
  +.lnk
   `lnkfile= [key or value does not exist]
 »Browser Helper Objects (LM)
  *{53707962-6F74-2D53-2644-206D7942484F}
   `InprocServer32=D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
»Files
 »Autostart Folders
  »Current User
   *C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\America Online 9.0 Tray Icon.lnk
  »Default User
   *C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\Crystal 3D Audio Control.lnk
   *C:\WINDOWS\Start Menu\Programs\StartUp\America Online 9.0 Tray Icon.lnk
  »Local Machine
 »INI-Files
  »WIN.INI\[windows]
   *LOAD=
   *RUN=c:\DELL\WINBATCH.EXE
  »SYSTEM.INI\[boot]
   *SHELL=Explorer.exe
 »Text Files
  *C:\WINDOWS\msdos.sys
  *C:\msdos.sys
  *C:\config.sys
  *C:\autoexec.bat
  *C:\WINDOWS\SYSTEM\autoexec.nt
  *C:\WINDOWS\wininit.bak
  *C:\WINDOWS\dosstart.bat
»System/Drivers
 »Running Processes
  +FFEFEE5F=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFFB93B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFFAE8B=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE5443=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFE3CEB=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFE37AB=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
  +FFFEE32B=C:\WINDOWS\EXPLORER.EXE
  +FFFDE507=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFFD0E6B=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
  +FFFDA8A7=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
  +FFFC4A3B=C:\WINDOWS\TASKMON.EXE
  +FFFC6E6F=C:\WINDOWS\SYSTEM\QTTASK.EXE
  +FFFC1A2F=C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
  +FFFC008F=D:\AMERICA ONLINE 9.0\DOWNLOAD\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
  +FFFCDC13=D:\PROGRAM FILES\AIM\AIM.EXE
  +FFFC8233=C:\WINDOWS\CWB3DSND.EXE
  +FFFB593F=D:\AMERICA ONLINE 9.0\AOLTRAY.EXE
  +FFFBFE0B=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFFBE4FB=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFF98377=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF88D63=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFFB5677=D:\PROGRAM FILES\STARTD\STARTDRECK.EXE
 »NT Services
»Application specific
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
CoolWWWSearch.Leftovers & EffectiveBandToolbar
« Reply #5 on: April 02, 2005, 11:37:39 PM »
That's looking better
How is everythiing???

Ensure you clean out your Temp Internet files
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection

Your way behind on Windows Updates, you should visit Windows Update
Install ALL Latest Critical updates and service packs
Restart when prompted
Revisit Windows Updates until you have all Critical updates installed
Don't install the Recommended updates unless they are something you prefer
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »