Super-Spider/Solangas/4here4

Discussion in 'adware, spyware & hijack cleaning' started by montanak9, Jun 27, 2004.

Thread Status:
Not open for further replies.
  1. montanak9

    montanak9 Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    I need some help ridding myself of these JACKERSSSSSSSSSS. I have run most of the spyware programs, can't seem to get rid of them. Any help would be appreciated! Hijack this log below:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:57:18 AM, on 6/27/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\SYSTEM\ICONSPY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
    C:\PROGRAM FILES\APOINT\APOINT.EXE
    C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
    C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
    C:\PROGRAM FILES\APOINT\APWHEEL.EXE
    C:\WINDOWS\SYSTEM\HPZTSB03.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\PROGRAM FILES\OBONGO\AOLBAR\OBONGO.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\I0ZBUL1HFY45.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] irmon.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICONSPY.EXE
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
    O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: Citibank Toolbar for AOL.lnk = C:\Program Files\Obongo\AOLBar\obongo.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .psd: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {854377B4-641D-11D4-893E-00E029570A3E} (InstallX) - http://www.obongo.com/chabi/IE-Bar/cab/InstallX.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1070927003900
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.129.224.49,216.220.0.1
     
  2. montanak9

    montanak9 Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    Should have read the posting direction first. Have run Spybot S&D, Adware, Noadware, and have spyblaster running.
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi montanak9,


    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\I0ZBUL1HFY45.DLL

    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

    O16 - DPF: {854377B4-641D-11D4-893E-00E029570A3E} (InstallX) - http://www.obongo.com/chabi/IE-Bar/cab/InstallX.cab

    Download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Then reboot into safe mode and delete:
    C:\WINDOWS\System32\sysstartup.exe
    image.dll

    if they are present

    Regards,

    Pieter
     
  4. montanak9

    montanak9 Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    Thanks Pieter! You Rock!
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
Thread Status:
Not open for further replies.