Java: BYTEVER.A + .A-1, Troj: STILEN.A

Discussion in 'adware, spyware & hijack cleaning' started by jimmj43, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. jimmj43

    jimmj43 Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    9
    I've got some pests that are eating up my memory and who knows what else!

    I think it's really :cool: that you guys are willing to help out those of us who are \strike{computer dumbasses} technically challenged ! :oops:

    Thank you! :)

    This is a Belarc Advisor audit of my system:




    --------------------------------------------------------------------------------

    The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple PCs in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your PC by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.

    --------------------------------------------------------------------------------


    About Belarc

    PC Management Products

    Your Privacy



    In page Links:

    Installed Hotfixes

    Software Licenses

    Software Versions



    Computer Profile Summary
    Computer Name: Na-lfcwddk1htv9 (in WORKGROUP)
    Profile Date: Wednesday, June 16, 2004 10:26:52 PM
    Advisor Version: 6.1
    Windows Logon: na


    Click here for Belarc's PC Management products, for large and small companies.

    Operating System System Model
    Windows 2000 Professional Service Pack 4 (build 2195) Intel Corporation Whitney System CR Board Revision A0
    Processor a Main Circuit Board b
    567 megahertz Intel Celeron
    32 kilobyte primary memory cache
    128 kilobyte secondary memory cache Board: Intel Corporation Whitney System CR Platform
    BIOS: Phoenix Technologies LTD 6.00 08/29/2001
    Drives Memory Modules c,d
    6.49 Gigabytes Usable Hard Drive Capacity
    3.06 Gigabytes Hard Drive Free Space

    ATAPI COMBO48XMAX [CD-ROM drive]
    3.5" format removeable media [Floppy drive]

    QUANTUM BIGFOOT_CY6480A [Hard drive] (6.50 GB) -- drive 0, s/n 166764921676, rev A03.0800, SMART Status: Healthy 128 Megabytes Installed Memory

    Slot 'M1' has 128 MB
    Slot 'M2' is Empty
    Local Drive Volumes

    c: (on drive 0) 6.49 GB 3.06 GB free

    Network Drives


    Users Printers
    local user accounts last logon
    na 6/16/2004 5:34:50 PM (admin)
    local system accounts
    admin1 never (admin)
    Administrator 5/17/2004 9:19:58 PM (admin)
    Guest never


    Marks a disabled account; Marks a locked account CAPTURE FAX BVRP on NUL:
    HP DeskJet 722C on LPT1:
    Lexmark X1100 Series on USB001

    Controllers Display
    Standard floppy disk controller
    Intel(r) 82801AA Bus Master IDE Controller
    Primary IDE Channel [Controller]
    Secondary IDE Channel [Controller] Intel Corporation 810 Graphics Controller Hub [Display adapter]
    GATEWAY EV700 [Monitor] (16.1"vis, October 1997)
    Bus Adapters Multimedia
    Intel(r) 82801AA USB Universal Host Controller AC'97 Driver for Intel(r) 82801AA Controller
    MPU-401 Compatible MIDI Device
    Standard Game Port
    Communications Other Devices
    ADMtek AN983 10/100Mbps Fast Ethernet Adapter
    Network Card MAC Address: 00:00:E8:12:BC:CD
    Network IP Address: 64.254.216.134 / 24 Dual-Mode DSC(2770)
    Lexmark X1100 Series
    Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Microsoft PS/2 Port Mouse (IntelliPoint)
    Generic USB Hub
    Generic USB Hub
    USB Printing Support
    USB Root Hub
    Virus Protection
    No AntiVirus details available
    Installed Microsoft Hotfixes [Back to Top]
    DataAccess
    Q329414-25 on 3/20/2004 (details...)
    Q832483 on 3/20/2004 (details...)
    Internet Explorer
    Q330994 (details...)
    Q832894 (details...)
    SP1 (SP1)
    Windows 2000
    SP2
    KB833330 on 3/20/2004 (details...)
    SP4
    Q327194[SP] on 3/20/2004 (details...)
    SP5
    KB329115 on 3/20/2004 (details...)
    KB820888 on 3/20/2004 (details...)
    KB822831 on 3/20/2004 (details...)
    KB823182 on 3/20/2004 (details...)
    Windows 2000
    SP5 (continued)
    KB823559 on 3/20/2004 (details...)
    KB824105 on 3/20/2004 (details...)
    KB824141 on 3/20/2004 (details...)
    KB824146 on 3/20/2004 (details...)
    KB825119 on 3/20/2004 (details...)
    KB826232 on 3/20/2004 (details...)
    KB828028 on 3/20/2004 (details...)
    KB828035 on 3/20/2004 (details...)
    KB828749 on 3/20/2004 (details...)
    KB829558 on 3/20/2004 (details...)
    Q818043 on 3/20/2004 (details...)
    Windows Media Player
    WM819639 (details...)
    SP0
    Q828026 on 3/20/2004 (details...) Reinstall!



    Click here to see all available Microsoft security hotfixes for this computer.

    Marks a HotFix that verifies correctly
    Marks a HotFix that fails verification
    (note that failing hotfixes need to be reinstalled)
    Unmarked HotFixes lack the data to allow verification

    Software Licenses [Back to Top]

    Microsoft - IntelliPoint 11111-111-1111111-11111
    Microsoft - Internet Explorer 55736-355-7993545-04348 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
    Microsoft - MediaPlayer 69808-520-8044282-04673
    Microsoft - WebFldrs 12345-111-1111111-18200
    Microsoft - Windows 2000 Professional 51873-270-7738296-09607 (Key: HB9CF-JTKJF-722HV-VPBRF-9VKVM)

    Software Versions [Back to Top]
    ABBYY (BIT Software) - FineReader Version 5.0.0.482 (private) *
    Adobe Acrobat Version 4.05 *
    Agnitum - Outpost Firewall Version 1.0 *
    Ahead Software AG Karlsbad Germany Phone: +49-7248-911-800 Fax: +49-7248-911-888 e-mail: info@nero.com - LANGUAGE_English2 Version 5, 5, 10, 45 *
    Ahead Software AG - InCD Version 4, 0, 1, 18 *
    Ahead Software AG - InfoTool Application Version 1, 0, 3, 3 *
    Ahead Software AG - Nero CD Speed Application Version 1, 0, 2, 1 *
    Ahead Software Gmbh NeroCheck Version 1, 0, 0, 2 *
    ahead software gmbh, karlsbad - Cover Designer Version 2, 2, 1, 11 *
    AHEAD Software incdsrv Version 4, 0, 1, 18 *
    ArcSoft Inc. - Multimedia Email Version 3.0.0.29 *
    ArcSoft Inc. - PhotoPrinter 2000Pro Version 3, 0, 100, 5 *
    ArcSoft PhotoStudio Version 4, 1, 0, 0 *
    ArcSoft PhotoStudio Version 4,3,0,24 *
    AvatarSoft - Back2zip Version 1.0.0.0 *
    AvatarSoft - JustZIPit Version 1.0.0.0 *
    Belarc, Inc. - BelManage Client Version 6.1 *
    BVRP Software - FaxTools Version 1.00 *
    Caere Corporation - OmniPage Pro Version 9.0 *
    CANON INC. - ScanGear Toolbox CS Application Version 2.2.0 *
    Cinematronics - 3D Pinball Version 5.00.2134.1 *
    crwl.exe *
    CyberLink Corp. - CLDMA Version 1, 0, 0, 2502 *
    CyberLink Corp. - PowerDVD Version 5.00.0711 *
    d3ux.exe *
    Decoder Configuration Utility *
    DivX Player *
    dvdplay Application Version 1, 0, 0, 1 *
    Eastman Software, Inc., A Kodak Business - Imaging for Windows® Version 5.00.2138.1 *
    Erik Deppe - DriveSpeed Version 1, 6, 1, 0 *
    Gabest - Media Player Classic Version 6, 4, 8, 2 *
    GRISOFT s.r.o - AVG6 Version 6.0.1.696 *
    GRISOFT s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 *
    GRISOFT(c) SOFTWARE - AVG Anti-Virus System Version 6, 0, 0, 0 *
    GRISOFT, s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 *
    Inkjet Printer Version 1.0.0.0 *
    Inno Setup *
    Java Web Start *
    javaw.exe *
    Lavasoft Ad-aware Plus Version 6.0.0.0 *
    Lexmark International Inc. - AIO exe Version 2.0.2.2 *
    Lexmark International, Inc. - Button Manager Executable Version 0.1.1.1 *
    Lexmark International, Inc. - MarkVision for Windows (32 bit) Version 8.29 * Lexmark Photo Editor Version 0.1.1.1 *
    Logitech QuickCam Version 5.2.0.2099 *
    mfckt.exe *
    Microsoft (r) Windows Script Host Version 5.6.0.6626 *
    Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
    Microsoft Corporation - Messenger Version 6.1 *
    Microsoft Corporation - Windows Installer - Unicode Version 2.0.2600.1183 *
    Microsoft Corporation - Windows Journal Viewer Version 1.5.2315.3 *
    Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
    Microsoft Data Access Components Version 3.525.1022.0 *
    Microsoft Pointing Device Software Version 3.10.0393 *
    Microsoft PowerPoint Viewer for Windows Version 8.0 *
    Microsoft Windows Media Player Version 6.4.09.1125 *
    Microsoft® NetShow Version 2.0.0.912 *
    Mozilla - Firefox Personal *
    Mozilla.org - Thunderbird Version 1.7: 2004050210 *
    NEATO - MediaFACE Version 3, 0, 0, 0 *
    Network Security Service *
    PCCam *
    PepiMK Software - Spybot - Search & Destroy Version 1, 3, 0, 12 *
    PhotoBase 2.0 *
    Remove the DivX Bundle *
    Remove the DivX Codec *
    Remove the DivX Player *
    Safer Networking Limited - SpyBot-S&D Version 1, 3, 0, 12 *
    Script Defender *
    Shoot The Messenger, by Steve Gibson Version 1.0 *
    Shortcut to hjsplit.exe Version 1.0.0.0 *
    Shortcut to sdefendi.exe *
    Soeperman Enterprises Ltd. - HijackThis Version 1.97.0007 *
    SpywareBlaster AutoUpdate Version 3.01 *
    SpywareBlaster Version 3.01 *
    Stop StartupMonitor *
    SunJavaUpdateSched *
    Symantec Corporation - LiveUpdate Version 1.62.17.0 *
    Symantec Corporation - Norton Utilities for Windows Version 14.00.0.28 *
    Symantec Corporation - Norton Utilities Version 14.00.0.28 *
    UpdateIPR.exe *
    USB DSC Version 1, 7, 2, 8 *
    Viewer.exe *
    Virtos GmbH - WaveEdit DLL Version 1, 0, 5, 0 *
    wmplayer.exe *
    Yahoo! Messenger Version 5, 6, 0, 1358 *

    --------------------------------------------------------------------------------

    * Click to see where software is installed.
    a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
    b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
    c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
    d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
    e. This may be the manufacturer's factory installed product key rather than yours.
    Copyright 2000-4, Belarc, Inc. All rights reserved.
    Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.

    --------------------------------------------------------------------------------




    Logfile of HijackThis v1.97.7
    Scan saved at 10:12:23 PM, on 6/16/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINNT\StartupMonitor.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINNT\system32\d3ux.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\ieua.exe
    C:\WINNT\netmk.exe
    C:\Documents and Settings\na\My Documents\Flix\HijackThis.exe

    O2 - BHO: (no name) - {3E68846A-B6CA-BDA8-E434-82EC1BEE2FC5} - C:\WINNT\system32\netlw32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [crwl.exe] C:\WINNT\system32\crwl.exe
    O4 - HKLM\..\Run: [mfckt.exe] C:\WINNT\system32\mfckt.exe
    O4 - HKLM\..\Run: [d3ux.exe] C:\WINNT\system32\d3ux.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17c72f8587c4d72b0e23/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.3549768519
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

    O2 - BHO: (no name) - {3E68846A-B6CA-BDA8-E434-82EC1BEE2FC5} - C:\WINNT\system32\netlw32.dll

    O4 - HKLM\..\Run: [crwl.exe] C:\WINNT\system32\crwl.exe
    O4 - HKLM\..\Run: [mfckt.exe] C:\WINNT\system32\mfckt.exe
    O4 - HKLM\..\Run: [d3ux.exe] C:\WINNT\system32\d3ux.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17c72f8...ip/RdxIE601.cab

    Reboot and delete

    files
    C:\WINNT\system32\crwl.exe
    C:\WINNT\system32\mfckt.exe
    C:\WINNT\system32\d3ux.exe

    These may be hidden files. See HERE for how to show hidden files.

    Please post a followup Hijack this log, and say if your problems persist.
     
Thread Status:
Not open for further replies.