about: blank web hijacker

Discussion in 'adware, spyware & hijack cleaning' started by hey71966, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. hey71966

    hey71966 Registered Member

    Joined:
    Jun 15, 2004
    Posts:
    3
    Hi all,

    Help I've been hijacked. New to all this but very frustrated. Is there anyone out there who can help me. Thanks in advance. Here is a copy of my HJT log. Alex

    Logfile of HijackThis v1.97.7
    Scan saved at 8:36:04 AM, on 6/15/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xupiter.com/toolbar2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E28B5580-BE46-11D8-B763-98EA265E217A} - C:\WINDOWS\SYSTEM\DPKMMH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: RealGuide (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
     
    hey71966, Jun 15, 2004
    #1
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Download: "StartDreck", from here:
    http://members.blackbox.net/hp_links/21/nikolaus.rameis/download/startdreck.htm

    Unzip to its own folder and start the program,

    Press 'Config'
    Press 'Unmark All'

    Check the following boxes only:
    Registry -> Run Keys
    System/drivers> Running processes
    Press 'Ok'

    Press 'Save' and select hte location to save the log file
    (default is the same folder as the application)

    Post the log in this thread.

    Regards
     
    subratam, Jun 16, 2004
    #2
  3. hey71966

    hey71966 Registered Member

    Joined:
    Jun 15, 2004
    Posts:
    3
    Hey Subratum

    Sorry about posting this question in a couple of threads. New to all this and just learning about how to get help but I really appreciate what you guys are doing. Thanks again. Here is the information you requested, I hopethis will help me clean my system. Talk to you soon, hey71966

    StartDreck (build 2.1.5 public BETA) - 2004-06-16 @ 07:19:08
    Platform: Windows 98 SE (Win 4.10.2222 A)

    »Registry
    »Run Keys
    »Current User
    »Run
    *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    »RunOnce
    »Default User
    »Run
    *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *OEMCleanup=C:\WINDOWS\OPTIONS\OEMRESET.EXE
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *TCASUTIEXE=TCAUDIAG.EXE -off
    *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    *nwiz=nwiz.exe /install
    *POINTER=point32.exe
    *VortexTray=C:\WINDOWS\au30setp.exe 3
    *TkBellExe=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    *StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
    *Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *Iomega Startup Options=C:\Program Files\Iomega\Common\ImgStart.exe
    *Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    *SpyHunter=C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    *Symantec Core LC=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    *Installed=1
    *NoChange=1
    *Installed=1
    *Installed=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    *SchedulingAgent=mstask.exe
    *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    *FF0FEB31=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    *FFFFBCA1=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    *FFFFABD1=C:\WINDOWS\SYSTEM\MPREXE.EXE
    *FFFE27ED=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    *FFFEFBE1=C:\WINDOWS\SYSTEM\MSTASK.EXE
    *FFFEE209=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    *FFFE8659=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    *FFFE3129=C:\WINDOWS\SYSTEM\mmtask.tsk
    *FFFC3C61=C:\WINDOWS\EXPLORER.EXE
    *FFFC86D5=C:\WINDOWS\TASKMON.EXE
    *FFFCA0F9=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    *FF03474D=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    *FF038409=C:\WINDOWS\SYSTEM\DDHELP.EXE
    *FF03BDB1=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    *FF03A309=C:\WINDOWS\SYSTEM\STIMON.EXE
    *FF03BB11=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    *FF03B805=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    *FFFC8639=C:\WINDOWS\SYSTEM\QTTASK.EXE
    *FF02CA9D=C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
    *FF02EA81=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    *FF03E485=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    *FF0361E5=C:\WINDOWS\RUNDLL32.EXE
    *FF028909=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    *FF011815=C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
    *FF01710D=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    *FF076119=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    *FF065615=C:\WINDOWS\SYSTEM\INTERNAT.EXE
    *FF055C31=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
    »Application specific
     
    hey71966, Jun 16, 2004
    #3
  4. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Now fix the following entries in HijackThis,

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {E28B5580-BE46-11D8-B763-98EA265E217A} - C:\WINDOWS\SYSTEM\DPKMMH.DLL

    Reboot in SAFE MODE and Show Hidden Files/Folders and delete if found,

    c:\windows\TEMP\sp.html
    C:\WINDOWS\SYSTEM\DPKMMH.DLL

    Uninstall SpyHunter from add/remove programs

    Reboot in normal mode and post a fresh hijackthis and startdeck log again.

    Regards
     
    subratam, Jun 16, 2004
    #4
  5. hey71966

    hey71966 Registered Member

    Joined:
    Jun 15, 2004
    Posts:
    3
    Subratum,

    Thanks again for your help. I really appreciate it!!!! Here is both my HJT log and startdeck log. I did everything you suggested except of uninstalling Spyhunter which I could not find on my computer. By the way, it there any way to donate to this site, I think it's so great what you guys do. Thanks a million, hey71966

    Logfile of HijackThis v1.97.7
    Scan saved at 9:42:30 PM, on 6/16/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xupiter.com/toolbar2
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: RealGuide (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    StartDreck (build 2.1.5 public BETA) - 2004-06-16 @ 21:45:26
    Platform: Windows 98 SE (Win 4.10.2222 A)

    »Registry
    »Run Keys
    »Current User
    »Run
    *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    »RunOnce
    »Default User
    »Run
    *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *OEMCleanup=C:\WINDOWS\OPTIONS\OEMRESET.EXE
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *TCASUTIEXE=TCAUDIAG.EXE -off
    *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    *nwiz=nwiz.exe /install
    *POINTER=point32.exe
    *VortexTray=C:\WINDOWS\au30setp.exe 3
    *TkBellExe=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    *StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
    *Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *Iomega Startup Options=C:\Program Files\Iomega\Common\ImgStart.exe
    *Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    *SpyHunter=C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    *Symantec Core LC=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    *Installed=1
    *NoChange=1
    *Installed=1
    *Installed=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    *SchedulingAgent=mstask.exe
    *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    *FF0FED05=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    *FFFFBA95=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    *FFFFADE5=C:\WINDOWS\SYSTEM\MPREXE.EXE
    *FFFE21D9=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    *FFFE4A4D=C:\WINDOWS\SYSTEM\MSTASK.EXE
    *FFFE9279=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    *FFFE81C5=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    *FFFD814D=C:\WINDOWS\SYSTEM\mmtask.tsk
    *FFFC3CC1=C:\WINDOWS\EXPLORER.EXE
    *FFFC8F89=C:\WINDOWS\TASKMON.EXE
    *FFFCA9CD=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    *FF037845=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    *FF0388E9=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    *FFFC9029=C:\WINDOWS\SYSTEM\DDHELP.EXE
    *FF03AE51=C:\WINDOWS\SYSTEM\STIMON.EXE
    *FF027AE5=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    *FF026D81=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    *FF033E95=C:\WINDOWS\SYSTEM\QTTASK.EXE
    *FF036DF9=C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
    *FF03D6C1=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    *FF027C15=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    *FF03B619=C:\WINDOWS\RUNDLL32.EXE
    *FF032C11=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    *FF015985=C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
    *FF0180B9=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    *FF079C01=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    *FF07B759=C:\WINDOWS\SYSTEM\INTERNAT.EXE
    *FF06B2FD=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
    »Application specific
     
    hey71966, Jun 17, 2004
    #5
  6. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Download Spybot S & D and Ad-Aware. Check for updates. Run complete scan by Spybot first and then reboot and run ad-aware complete scan . Finally reboot and post a fresh hijack this log. :).
    Do state if you are still having any more problems.

    Regards
     
    subratam, Jun 18, 2004
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...