Re: HELP ME :((

From: BIGBOY (BIGBOY_at_discussions.microsoft.com)
Date: 12/05/04


Date: Sun, 5 Dec 2004 08:15:04 -0800


"David H. Lipman" wrote:

>>

ok I TRIED and it worked...

My hijacklog
Logfile of HijackThis v1.97.7
Scan saved at 11:49:55 PM, on 05/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\TEJECT.DRV
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\THOTSWAP.EXE
C:\TOSHIBA\MOUSE\TMOUSE.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\TPWRMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = cyberguard.pacific.net.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = sg
N1 - Netscape 4: user_pref("browser.startup.homepage",
"http://www.np.edu.sg"); (C:\Program Files\Netscape\Users\np\prefs.js)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\ZH-SG\MSNTB.DLL
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
/LOADQUIET
O4 - HKLM\..\Run: [TDspOff] TDspOff.Exe B
O4 - HKLM\..\Run: [TFunckey] TFuncKey.exe
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [THotSwap] THotSwap.Exe
O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [TPwrMgr] TPwrMgr.Exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.drv
O4 - HKLM\..\RunServices: [TDockNUndock] Teject.Drv
O4 - HKLM\..\RunServices: [TSPower] SPower.drv
O4 - HKLM\..\RunServices: [TWarmBay] TWarmBay.drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.drv
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .wav: C:\PROGRAM
FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .aam: C:\PROGRA~1\INTERN~1\PLUGINS\NP32ASW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .rm: C:\PROGRAM
FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npra32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on
the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.1108333333
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) -
http://schdnaweb.schooldna.com/schooldna/login/dnaClientIE.CAB
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

I tried going to symantec virus online scan. they said downloading ActiveX
control error but it can still scan my sys...I remeber that even though my
com has previous version of the activeX controls they alwasy were able to
download the controls...

tried scanning on Trendmicro still the same cant scan

Also found the ISTbar/powerscan on my com...

My downloaded program file which have the active X controls... I cant seem
to locate the files in there ..but when i use the Spybod i manage to see
them....

Pls help.. i lost......



Relevant Pages

  • HELP ME :(( 2
    ... My hijacklog ... they said downloading ActiveX ... download the controls... ...
    (microsoft.public.security.virus)
  • Re: Deep Throat
    ... this port by default: ... >>Norton Firewall, can you block inbound traffic and allow ... >>Your browser will be checked for installed ActiveX ... >>ActiveX controls are a kind of enhancement plugins for ...
    (microsoft.public.security.virus)
  • Re: Finally finished SBS Install, not a config question...
    ... What's the error message can you see when you visit the Windows Update ... Automatic prompting for Active X controls Disable ... Initialize and script ActiveX controls not marked as safe Disable ...
    (microsoft.public.windows.server.sbs)
  • Re: Deep Throat
    ... Norton Firewall 2004, but are so annoying that they keep ... >Port 1025 will have to be open to out bound traffic, ... >Your browser will be checked for installed ActiveX ... Invocation of secure ActiveX controls ...
    (microsoft.public.security.virus)
  • Re: Porting CDialog to ActiveX
    ... First, start with an ActiveVirus, I mean ActiveX, pattern and go from there. ... Note that putting ActiveVirus controls on Web pages is sociopathic, ... We have an app that is MFC CDialog based. ... Is there anything in the ATL project to does it so simply? ...
    (microsoft.public.vc.mfc)