« previous next »
Pages: [1]

Author Topic: coolsearch.leftovers  (Read 1734 times)

Offline theteaboy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
coolsearch.leftovers
« on: April 04, 2005, 03:56:46 PM »
hi please could you help ive run spybot s and d and its says ive got coolwebsearch - I delete it but the pesky thing keeps comming back.

here is my hjt log.


ogfile of HijackThis v1.99.1
Scan saved at 21:59:09, on 04/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PASSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\FIREWALL\PAVFIRES.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVPROT9.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\APVXDWIN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\SRVLOAD.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = you&u=members.php]http://www.greasypalm.co.uk/auto.php?n=who...u&u=members.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavsched.exe"
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavprot9.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\WINDOWS\TEMP\SFXF151.TMP\msxml3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
Logged

Offline theteaboy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
coolsearch.leftovers
« Reply #1 on: April 05, 2005, 02:42:40 PM »
please help me!
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
coolsearch.leftovers
« Reply #2 on: April 05, 2005, 03:01:27 PM »
Sorry for the delay TeaBoy

Can you please
download Startdreck.zip startdreck.zip

UNZIP to a folder. DoubleClick: 'StartDreck.exe'

Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post this log

Copy and Paste the contents of that log back here

Could you also
Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log

Along with a fresh Hijackthis log
« Last Edit: April 05, 2005, 03:18:18 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline theteaboy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
coolsearch.leftovers
« Reply #3 on: April 05, 2005, 04:18:20 PM »
hi this is my log file for dll compare.  I cant get the logfile for startdeck as it asks what program i would like to open it with.

*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />"
________________________________________________

736 items found:  736 files, 0 directories.
Total of file sizes:  151,427,574 bytes    144.41 M

--------------------End log---------------------
this is my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 22:20:30, on 05/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVSCHED.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PASSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\FIREWALL\PAVFIRES.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVPROT9.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\APVXDWIN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\SRVLOAD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\STARTDRECK\STARTDRECK.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = you&u=members.php]http://www.greasypalm.co.uk/auto.php?n=who...u&u=members.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavsched.exe"
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavprot9.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\WINDOWS\TEMP\SFXF151.TMP\msxml3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
coolsearch.leftovers
« Reply #4 on: April 05, 2005, 05:19:20 PM »
You need an unzipping utility to UNZIP the file first
Do you have winzip installed?
I see this in your log
C:\WINDOWS\TEMP\STARTDRECK\STARTDRECK.EXE

Please try and redownload Startdreck and choose Save to disk rather than Open

If you don't have an unzipping utility, you can get the evalution version from HERE
Don't worry about the 21 day notice

Or if you prefer not to use an evalution version
You can get a free version of IZArc from this link
http://www.tucows.com/preview/335168.html
This is what I prefer, you choose
You only need one or the other
« Last Edit: April 05, 2005, 05:48:02 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline theteaboy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
coolsearch.leftovers
« Reply #5 on: April 06, 2005, 12:40:07 PM »
think I sorted it - here is the log of startdreck.

StartDreck (build 2.1.7 public stable) - 2005-04-06 @ 18:41:13 (GMT +01:00)
Platform: Windows ME (Win 4.90.3000 )
Internet Explorer: 5.50.4134.0100
Logged in as default at OEMCOMPUTER

»Registry
 »Run Keys
  »Current User
   »Run
    *STManager="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   »RunOnce
  »Default User
   »Run
    *STManager="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   »RunOnce
  »Local Machine
   »Run
    *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
    *TaskMonitor=C:\WINDOWS\taskmon.exe
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *POINTER=point32.exe
    *Microsoft IntelliType Pro="C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    *Dosbat=
    *Devlog=
    *ScanFile=
    *SpeedTouch USB Diagnostics="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    *LoadQM=loadqm.exe
    *C-Media Mixer=Mixer.exe /startup
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    *SCANINICIO="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
    *APVXDWIN="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
    *Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    **StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
    *PavProc="C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
    *PANDASCHEDULER="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavsched.exe"
    *PANDA ANTISPAM SERVER SERVICE="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
    *PAVFNSVR="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
    *PSIMSVC="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PSIMSVC.exe"
    *PAVFIRES=C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    *Pavprot9="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavprot9.exe"
    *Panda Preventium+ Service="C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE"
    *TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
   »RunServicesOnce
    **d=rundll32 C:\WINDOWS\FSSYSUTD.LOG,DllGetClassObject
   »RunOnceEx
   »RunServicesOnceEx
 »File Associations (CR)
  +.bat
   *batfile="%1" %*
  +.com
   *comfile="%1" %*
  +.disabled
   *SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
  +.exe
   *exefile="%1" %*
  +.hta
   *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
  +.htm
   *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
  +.html
   *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
  +.js
   *JSFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.jse
   *JSEFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.pif
   *piffile="%1" %*
  +.reg
   *regfile=regedit.exe "%1"
  +.scr
   *scrfile="%1" /S
  +.txt
   *txtfile=C:\WINDOWS\NOTEPAD.EXE %1
  +.vbs
   *VBSFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.vbe
   *VBEFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.wsh
   *WSHFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.wsf
   *WSFFile=C:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSCRIP.EXE "%1" %*
  +.lnk
   `lnkfile= [key or value does not exist]
 »Browser Helper Objects (LM)
  *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
   `InprocServer32=c:\program files\google\googletoolbar2.dll
  *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
  *{53707962-6F74-2D53-2644-206D7942484F}
   `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
»Files
 »Autostart Folders
  »Current User
   *C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk
  »Default User
   *C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk
  »Local Machine
 »INI-Files
  »WIN.INI\[windows]
   *LOAD=
   *RUN=
  »SYSTEM.INI\[boot]
   *SHELL=Explorer.exe
 »Text Files
  *C:\WINDOWS\msdos.sys
  *C:\msdos.sys
  *C:\config.sys
  *C:\autoexec.bat
  *C:\WINDOWS\SYSTEM\autoexec.nt
  *C:\WINDOWS\wininit.bak
  *C:\WINDOWS\winstart.bat
  *C:\WINDOWS\dosstart.bat
  *C:\WINDOWS\command\cmdinit.bat
»System/Drivers
 »Running Processes
  +FFCFACE3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFFE983=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFE0263=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE47CB=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFEE8C3=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVSCHED.EXE
  +FFFEF5CB=C:\WINDOWS\RUNDLL32.EXE
  +FFFECBEF=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PASSRV.EXE
  +FFFED5FF=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVFNSVR.EXE
  +FFFD226F=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PSIMSVC.EXE
  +FFFD39AB=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\FIREWALL\PAVFIRES.EXE
  +FFFD5C3F=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVPROT9.EXE
  +FFFDB2FF=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE
  +FFFD8CB3=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
  +FFFA2D1F=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
  +FFFBD4B7=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFAE0E7=C:\WINDOWS\SYSTEM\PSTORES.EXE
  +FFFE0BDB=C:\WINDOWS\EXPLORER.EXE
  +FFF7D653=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF608AF=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFF6B753=C:\WINDOWS\TASKMON.EXE
  +FFF681B7=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFF553EF=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
  +FFF5BD7B=C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
  +FFF5E53B=C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
  +FFF5CE73=C:\WINDOWS\LOADQM.EXE
  +FFF6CE6B=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
  +FFF3B2D3=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\APVXDWIN.EXE
  +FFF2A0D3=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
  +FFF244A7=C:\WINDOWS\RUNDLL32.EXE
  +FFF2C9EF=C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
  +FFF16B6F=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  +FFCF34DF=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFF4275F=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\SRVLOAD.EXE
  +FB6FFFD7=C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
  +FB6C3F0B=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\WEBPROXY.EXE
  +FB6C511F=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
  +FB6CC033=C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
  +FB6F0F1F=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFF24D7B=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
  +FB6A341B=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
  +FB6A8FA7=C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
  +FB69569B=C:\WINDOWS\DESKTOP\NEW FOLDER\STARTDRECK.EXE
 »NT Services
»Application specific
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
coolsearch.leftovers
« Reply #6 on: April 06, 2005, 10:07:16 PM »
==Download and Unzip to your desktop SpSeHjFix109.zip
from this link, ensure you download the correct version for your operating system

=====Download and Install this small program
to help clean your temp folders,cookies, recylebin
Windows Cleanup
Install for now, don't run a scan yet

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE

In safe mode
Find and delete these files or folders if found
c:\ied_s7.cab <-file
c:\x.cab <-file

Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\WINDOWS\TEMP\SFXF151.TMP\msxml3.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't restart the computer or log off yet

==Double click to run SpSeHjFix109.exe>>ensure you unzipped this
Click the Start Disinfection
Let it scan>>It should Reboot your computer
Allow to restart back to Normal mode

Back in Windows>>Run another scan with Hijackthis and post the log
Also post the log from SpSeHjFix109.exe

Could you also run Startdreck again and post a fresh log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline theteaboy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
coolsearch.leftovers
« Reply #7 on: April 08, 2005, 02:01:56 PM »
hi here is my h j t log file

Logfile of HijackThis v1.99.1
Scan saved at 19:59:22, on 08/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVSCHED.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PASSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVPROT9.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\APVXDWIN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\SRVLOAD.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = you&u=members.php]http://www.greasypalm.co.uk/auto.php?n=who...u&u=members.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavsched.exe"
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavprot9.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab

and also my stratdreck log

StartDreck (build 2.1.7 public stable) - 2005-04-08 @ 20:03:00 (GMT +01:00)
Platform: Windows ME (Win 4.90.3000 )
Internet Explorer: 5.50.4134.0100
Logged in as default at OEMCOMPUTER

»Registry
 »Run Keys
  »Current User
   »Run
    *STManager="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   »RunOnce
  »Default User
   »Run
    *STManager="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   »RunOnce
  »Local Machine
   »Run
    *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
    *TaskMonitor=C:\WINDOWS\taskmon.exe
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *POINTER=point32.exe
    *Microsoft IntelliType Pro="C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    *Dosbat=
    *Devlog=
    *ScanFile=
    *SpeedTouch USB Diagnostics="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    *C-Media Mixer=Mixer.exe /startup
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    *SCANINICIO="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
    *APVXDWIN="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
    *Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
   »RunOnce
   »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    **StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
    *PavProc="C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
    *PANDASCHEDULER="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavsched.exe"
    *PANDA ANTISPAM SERVER SERVICE="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
    *PAVFNSVR="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
    *PSIMSVC="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PSIMSVC.exe"
    *PAVFIRES=C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    *Pavprot9="C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavprot9.exe"
    *Panda Preventium+ Service="C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE"
    *TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
   »RunServicesOnce
    **you=rundll32 C:\WINDOWS\FSSYSUTD.LOG,DllGetClassObject
   »RunOnceEx
   »RunServicesOnceEx
 »Browser Helper Objects (LM)
  *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
   `InprocServer32=c:\program files\google\googletoolbar2.dll
  *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
  *{53707962-6F74-2D53-2644-206D7942484F}
   `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
»Files
»System/Drivers
 »Running Processes
  +FFCFAA4F=C:\WINDOWS\SYSTEM\KERNEL32.DLL
  +FFFFEF2F=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  +FFFE04CF=C:\WINDOWS\SYSTEM\MPREXE.EXE
  +FFFE4B87=C:\WINDOWS\SYSTEM\MSTASK.EXE
  +FFFEBE17=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVSCHED.EXE
  +FFFE8D6B=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PASSRV.EXE
  +FFFEEB0F=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVFNSVR.EXE
  +FFFEF377=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PSIMSVC.EXE
  +FFFEC907=C:\WINDOWS\RUNDLL32.EXE
  +FFFD42CF=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PAVPROT9.EXE
  +FFFDA59F=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\PREVSRV.EXE
  +FFFDE9CF=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
  +FFFA6DD3=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
  +FFFD04EF=C:\WINDOWS\SYSTEM\mmtask.tsk
  +FFFE3733=C:\WINDOWS\EXPLORER.EXE
  +FFF8C3E3=C:\WINDOWS\TASKMON.EXE
  +FFF73ECF=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  +FFF7B7AF=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
  +FFF7E74B=C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
  +FFF7F7D3=C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
  +FFF68ED7=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
  +FFF423FB=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\APVXDWIN.EXE
  +FFF40DB7=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
  +FFF492F3=C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
  +FFF3B4B3=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  +FFF3CB4F=C:\WINDOWS\SYSTEM\WMIEXE.EXE
  +FFF319BF=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\SRVLOAD.EXE
  +FFCF5ED3=C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
  +FFCF7C83=C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2005 INTERNET SECURITY\WEBPROXY.EXE
  +FFF0776B=C:\WINDOWS\SYSTEM\DDHELP.EXE
  +FFF48D13=C:\WINDOWS\SYSTEM\RNAAPP.EXE
  +FFF4B47B=C:\WINDOWS\SYSTEM\TAPISRV.EXE
  +FFF19D7F=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
  +F8CB7B7F=C:\WINDOWS\DESKTOP\NEW FOLDER\STARTDRECK.EXE
»Application specific


I dont know if its any relevence but ive got no sound - all things are conected etc?! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
coolsearch.leftovers
« Reply #8 on: April 08, 2005, 03:30:36 PM »
That didn't rid you of the hidden file, we'll have to try another method

When did the loss of sound happen?
If it was before you tried these fixes, you may have to reinstall your Sound card drivers

If it just happened from the fixes we just tried
Try restoring your computer back to a time before we tried the fix
with System Restore

Post back a fresh Hijackthis log and a startdreck log
« Last Edit: April 08, 2005, 08:28:13 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »