.dll

From: Holly (anonymous_at_discussions.microsoft.com)
Date: 05/10/04


Date: Sun, 9 May 2004 17:36:55 -0700

Logfile of HijackThis v1.97.7
Scan saved at 8:48:56 AM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\twomediadebug\acidroad.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkCalRem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary
Internet Files\Content.IE5\O16F0XQ3\HijackThis[1].exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = res://C:\PROGRA~1
\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,CustomizeSearch = res://C:\PROGRA~1
\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: Xw
O1 - Hosts: WWW.LOOK2ME0.COM E972-22F0-422A-B5D0-
6296FF9199BE}&MSKIP=1&RND=23307
O1 - Hosts: Xw
O1 - Hosts: Xw
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-
FD60B590A87D} - C:\PROGRA~1\COMMON~1
\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-
29EA915965EC} - (no file)
O3 - Toolbar: LICENSE1 - {90043B92-D4A9-4EDE-C1CE-
6790AA4D81B9} - C:\PROGRA~1\OPTION~1\Grey Anti.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32
\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program
Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program
Files\Support.com\bin\tgcmd.exe" /server /startmonitor /de
af
O4 - HKLM\..\Run: [SSRunScript] "C:\Program
Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:
\Program
Files\Support.com\Charter\vbs\verifyconnection.vbs" /args
//b startupdelay
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program
Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [camp heck] C:\PROGRA~1
\twomediadebug\acidroad.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1
\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkCalRem.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED}
(Support.com Installer) -
http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}
(TDServer Control) -
http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06}
(ChainCast VMR Client Proxy) -
http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.inf
o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A}
(Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.c
ab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.inf
o.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}
(DASWebDownload Class) -
http://das.microsoft.com/activate/cab/x86/i486/NTANSI/reta
il/DASAct.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D}
(DoomCln Object) -
http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7}
(CTAdjust Class) -
http://download.microsoft.com/download/7/E/6/7E6A8567-
DFE4-4624-87C3-163549BE2704/clearadj.cab

Sadie is this what you need?(I hope)-Holly
>-----Original Message-----
>Have you set your system to "display all hidden files
and
>folders" and to unhide protected operating system files?
>
>Go to control panel,click on "Tools",click "folder
>options".Click on the view tab.Scroll down to "show
>hidden files and folders",click on the tiny circle in
>order that a green dot appears.
>remove the tick/check from "hide protected operating
>sytem files".click O.K. when presented with the warning
>box.
>Remove the tick from "hide extensions for known file
>types".
>
>Try moveonboot again/or try deleting in safe mode.
>
>I have to say,Holly,you are making this extremely
>complicated for yourself.this could have been sorted
much
>more efficiently by posting a hijack log on
>http://cexx.org
>
>as it is,we're only getting afragment of a bigger
>picture..
>
>Sadie
>>-----Original Message-----
>>I did what you said about downloaing moveonboot but
when
>>it asks me to put in a file, I put in the
>>c:\winnt\system32\6j04svc.dll this is the one non of
the
>>spyware can remove. Moveonboot told me this was a
>>nonexistant file or anyway it would not take it! Gosh
>>what now-Holly
>>>-----Original Message-----
>>>Holly,
>>>You can try GiPO MoveOnBoot:
>>>
>>>http://www.gibinsoft.net/
>>>
>>>Scroll down the page til you get to the "free old
>>>Version".Install it.Mark any files you want to
>>delete,and
>>>moveonboot will get rid of them on reboot.
>>>
>>>I WISH you'd posted a HijackThis! log on
http://cexx.org
>>>
>>>Just keep calm,anyhow.Make sure your important files
>are
>>>backed up in the event of a re-install.Don't worry too
>>>much about programmes,as they can be easilly
>>>redownloaded/installed afresh.I'm referring to
personal
>>>files.This is a precautionary measure-don't fret.
>>>
>>>Just keep to one thread,Holly,because,otherwise things
>>>become terribly confusing.We're trying to help,but
>>you're
>>>posting all over the show,making it difficult to keep
>>>track of events.Don't worry!You've been forced into a
>>>steep learning curve,that's all.When all this is
>>>sorted,your confidence will have increased tenfold.
>>>
>>>Sadie
>>>
>>>
>>>>-----Original Message-----
>>>>DOES ANYONE KNOW HOW TO GET RID OF MALWARE .DLL BUGS
>>>THAT
>>>>KEEP CHANGING? i hAVE TRIED MOST ALL THE REMOVE WARE
>>>>HIJACKTHIS,CWSHEDDER,AD-AWARE NORTON BLASTER
ZONEALARM
>>>>ETC. BUTMY COMPUTER CUT OFF FROM INTERNET ABOUT EVERY
>>20-
>>>>30MIN. NOW.-HOLLY I AM FADING FADING FAD....
>>>>.
>>>>
>>>.
>>>
>>.
>>
>.
>



Relevant Pages

  • Re: Cannot open search page
    ... Internet Explorer v6.00 SP1 ... O9 - Extra button: Messenger (HKLM) ... download HijackThis from Spywareinfo download page ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: can`t use I.E 6...HELLLLLP
    ... Internet Explorer v6.00 SP1 ... Internet Explorer provided by Cintek.com ... > Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Unable to start Internet Explorer or Windows Explorer
    ... As you can not download these programs from the Internet, if your PC has CD read capabilities, go to another computer with CD-ROM burning capabilities. ... Copy the HOLD folder to the hdard drive of the infected machine, then install the programs in the HOLD folder and run them. ... CastleCops HiJackThis Forum ... will pop up saying "Internet Explorer has encountered a problem and must ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: IE6 Has Excessive Errors
    ... > My internet explorer will bring up the "error reporting ... Download and install, then you *MUST* update the programs prior to running ... HOLD, download the programs to that folder, then burn that folder to a CD. ... HiJackThis: - Free ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: email problems
    ... > email i get an internet explorer popup saying "internet explorer has ... Download and install, then you *MUST* update the programs prior to running ... HiJackThis: - Free ... Replies are posted only to the newsgroup for the benefit or other readers. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)