Rundll umonitor problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by thepitts, Dec 15, 2004.

  1. thepitts

    thepitts Private E-2

    I have done everything in the note about support. I have run adaware se and spybot.

    Here are my system specs.

    --------[ AIDA32 (c) 1995-2004 Tamas Miklos ]---------------------------------------------------------------------------

    Version AIDA32 v3.93
    Author tamas.miklos@aida32.hu
    Homepage http://www.aida32.hu
    Report Type Report Wizard
    Computer MPITTS2 (mpitts)
    Generator mpitts
    Operating System Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)
    Date 2004-12-15
    Time 12:37


    --------[ Summary ]-----------------------------------------------------------------------------------------------------

    Computer:
    Operating System Microsoft Windows XP Professional
    OS Service Pack Service Pack 1
    Internet Explorer 6.0.2800.1106 (IE 6.0 SP1)
    Computer Name MPITTS2 (mpitts)
    User Name mpitts
    Logon Domain PAYMAXX

    Motherboard:
    CPU Type Intel Pentium 4A, 2400 MHz (4.5 x 533)
    Motherboard Name Dell Computer Corporation OptiPlex 160L
    Motherboard Chipset Intel Brookdale-G i845G
    System Memory 256 MB (PC2700 DDR SDRAM)
    BIOS Type Phoenix (07/31/03)
    Communication Port Communications Port (COM1)
    Communication Port ECP Printer Port (LPT1)

    Display:
    Video Adapter Intel(R) 82845G/GL/GE/PE/GV Graphics Controller (64 MB)
    3D Accelerator Intel Extreme Graphics
    Monitor Dell M780 (5322DB2LL939)

    Multimedia:
    Audio Adapter Intel 82801DB(M) ICH4(-M) - AC'97 Audio Controller [A-1]

    Storage:
    Floppy Drive Floppy disk drive
    Disk Drive WDC WD400BB-75DEA0
    Optical Drive Lite-On LTN486S 48x Max (48x CD-ROM)
    Optical Drive SAMSUNG CDRW/DVD SM-352B (DVD:16x, CD:52x/24x/52x DVD-ROM/CD-RW)

    Partitions:
    C: (NTFS) 38107 MB (23193 MB free)

    Input:
    Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Mouse HID-compliant Cordless Mouse

    Network:
    Primary IP Address 128.1.101.120
    Primary MAC Address 00-0B-DB-BB-B0-61
    Network Adapter Broadcom 440x 10/100 Integrated Controller (128.1.101.120)

    Peripherals:
    Printer \\sb-prime\OKI C9200
    Printer \\sb-prime\prt1
    Printer \\sb-prime\prt2
    Printer \\sb-prime\prt3
    Printer Acrobat Distiller
    Printer Intuit Internal Printer
    USB Device Dell Axim USB Sync
    USB Device Logitech Cordless USB Mouse


    --------[ Debug - PCI ]-------------------------------------------------------------------------------------------------

    B00 D00 F00: Intel 82845G/GL/GV Memory Controller Hub [A-1]

    Offset 00: 86 80 60 25 06 01 90 20 01 00 00 06 00 00 00 00
    Offset 10: 08 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 E4 00 00 00 00 00 00 00 00 00 00 00
    Offset 40: BC 03 00 00 41 10 04 21 84 01 00 00 1B 08 10 00
    Offset 50: 00 00 30 00 00 00 00 01 3B 34 04 00 35 34 39 36
    Offset 60: 08 08 08 08 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 02 00 00 00 00 00 00 00 05 82 11 2B 71 C1 00 20
    Offset 80: 0D 00 AF 00 AD 00 00 00 01 00 00 00 00 00 00 00
    Offset 90: 10 11 11 11 11 11 11 00 45 04 00 00 00 0A 38 00
    Offset A0: 02 00 20 00 17 02 00 1F 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 20 00 00 00 00 00 00 00 20 10 00 00
    Offset C0: 44 40 30 11 00 00 0C 14 40 03 00 00 00 00 00 00
    Offset D0: 02 28 04 0E 0B 0D 00 10 00 10 11 B3 00 00 40 00
    Offset E0: 00 00 00 00 09 00 05 11 21 00 00 00 00 00 00 00
    Offset F0: 38 0E 00 00 74 F8 00 00 40 0F 00 00 04 00 00 00

    B00 D02 F00: Intel 82845G/GL/GV Graphics Controller

    Offset 00: 86 80 62 25 07 00 90 00 01 00 00 03 00 00 00 00
    Offset 10: 08 00 00 E8 00 00 B8 FE 00 00 00 00 00 00 00 00
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 D0 00 00 00 00 00 00 00 10 01 00 00
    Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 01 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

    B00 D1D F00: Intel 82801DB(M) ICH4(-M) - USB Controller [A-1]

    Offset 00: 86 80 C2 24 05 00 80 02 01 00 03 0C 00 00 80 00
    Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 81 FF 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00
    Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 2F 00 00 03 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B00 D1D F01: Intel 82801DB(M) ICH4(-M) - USB Controller [A-1]

    Offset 00: 86 80 C4 24 05 00 80 02 01 00 03 0C 00 00 00 00
    Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 61 FF 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 13 02 00 00
    Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 2F 00 00 03 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B00 D1D F02: Intel 82801DB(M) ICH4(-M) - USB Controller [A-1]

    Offset 00: 86 80 C7 24 05 00 80 02 01 00 03 0C 00 00 00 00
    Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 41 FF 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00
    Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 2F 00 00 03 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B00 D1D F07: Intel 82801DB(M) ICH4(-M) - Enhanced USB2 Controller [A-1]

    Offset 00: 86 80 CD 24 06 01 90 02 01 20 03 0C 00 00 00 00
    Offset 10: 00 F4 B7 FE 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 17 04 00 00
    Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 01 58 C2 C9 00 00 00 00 0A 00 80 20 00 00 00 00
    Offset 60: 20 20 7F 00 00 00 00 00 01 00 00 00 00 00 00 C0
    Offset 70: 00 00 C7 0F 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 10 00 2A 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 78 BF 1F 00 88 83 00 00 60 0F 00 00 06 00 00 00

    B00 D1E F00: Intel 82801DB I/O Controller Hub 4 (ICH4) [A-1]

    Offset 00: 86 80 4E 24 07 01 80 88 81 00 04 06 00 00 01 00
    Offset 10: 00 00 00 00 00 00 00 00 00 01 01 20 F0 00 80 22
    Offset 20: 90 FE A0 FE F0 FF 00 00 00 00 00 00 00 00 00 00
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
    Offset 40: 02 28 20 00 00 01 00 00 00 00 00 00 00 00 00 00
    Offset 50: 02 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 10 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 01 00 02 00 00 00 C0 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 52 24

    B00 D1F F00: Intel 82801DB ICH4 - LPC Bridge [A-1]

    Offset 00: 86 80 C0 24 0F 01 80 02 01 00 01 06 00 00 80 00
    Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 40: 01 08 00 00 10 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 81 08 00 00 10 00 00 00
    Offset 60: 8B 83 89 8A 90 00 00 00 80 80 80 85 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: FF FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 10 02 00 00 00 00 00 00 0D 00 00 00 00 00 08 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 04 08 00 00 00 00 00 00 01 00 00 00
    Offset D0: 86 21 02 00 02 0F 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 C0 01 0C 0D 34 33 22 11 00 00 00 67 45
    Offset F0: 00 00 40 00 00 00 00 00 60 0F 02 00 00 00 81 00

    B00 D1F F01: Intel 82801DB ICH4 - IDE Controller [A-1]

    Offset 00: 86 80 CB 24 07 00 80 02 01 8A 01 01 00 00 00 00
    Offset 10: 91 ED 00 00 89 ED 00 00 99 ED 00 00 8D ED 00 00
    Offset 20: A1 FF 00 00 00 FC B7 FE 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 09 01 00 00
    Offset 40: 07 E3 03 E3 00 00 00 00 05 00 01 02 00 00 00 00
    Offset 50: 00 00 00 00 51 10 00 00 00 00 00 00 00 00 00 00
    Offset 60: 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B00 D1F F03: Intel 82801DB(M) ICH4(-M) - SMBus Controller [A-1]

    Offset 00: 86 80 C3 24 01 00 80 02 01 00 05 0C 00 00 00 00
    Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: A1 ED 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 03 02 00 00
    Offset 40: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B00 D1F F05: Intel 82801DB(M) ICH4(-M) - AC'97 Audio Controller [A-1]

    Offset 00: 86 80 C5 24 07 00 90 02 01 00 01 04 00 00 00 00
    Offset 10: 01 EE 00 00 C1 ED 00 00 00 FA B7 FE 00 F9 B7 FE
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 28 10 61 01
    Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 11 02 00 00
    Offset 40: 09 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 50: 01 00 C2 C9 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 60 0F 00 00 00 00 00 00

    B01 D09 F00: Broadcom 440x 10/100 Integrated Ethernet Controller

    Offset 00: E4 14 01 44 06 01 10 08 01 00 00 02 00 40 00 00
    Offset 10: 00 E0 9F FE 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 28 10 27 81
    Offset 30: 00 00 A0 FE 40 00 00 00 00 00 00 00 11 01 00 00
    Offset 40: 01 00 C2 FF 00 41 00 00 00 00 00 00 00 00 00 00
    Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 80: 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00
    Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset A0: 00 10 00 00 01 20 00 01 00 00 00 00 00 00 00 00
    Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


    --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------

    C000:0000 U.\...000000000000w..]..@...00IBM VGA Compatible BIOS. .[.k.y...
    C000:0040 PCIR..b%........`........[...............u.............$........
    C000:0080 ....................................d......d......d.....0d......
    C000:00C0 d......d......d......d.....0d......d.....0d......d......d......d
    C000:0100 ......d.....0d......d......d.....0$......$......d...............
    C000:0140 ...................P.....Wb..........................{...G..G
    C000:0180 ......................?..?.................d$.`..@...........G
    C000:01C0 ...W.s.W.s.X.\.\...........G...W.p.W.p.X.[.............?..W.v.W
    C000:0200 .v.X.\../..........?...?.......%..........3............o........
    C000:0240 .....$q...._..._./.....'...'......?................/.....)...)..
    C000:0280 ...X.................)...).....<g..........?...../.../......J...
    C000:02C0 ..x..?.o.?.o..?.................?.o.?.o..?.............|...?.o
    C000:0300 .?.o..?..............Y.........'..'.................(....O.
    C000:0340 .O..................;..@............>.G.........B..... ....!.>..
    C000:0380 ".a..#.S..0.S..2....4....8.a..:....<....A.S..C....E....I.a..K...
    C000:03C0 .M....P S..R ...T ...X a..Z ...\ ...............................


    ------------------------------------------------------------------------------------------------------------------------

    The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

    I will post the hijack this log when you want it.

    Thanks
     
    thepitts, Dec 15, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL the steps the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and you are still having a problem, follow steps below.

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Dec 16, 2004
    #2
  3. thepitts

    thepitts Private E-2

    Here is the Hijack this log file. Please help.
     

    Attached Files:

    thepitts, Dec 16, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to download LSP-Fix to your other computer and then get it on to your broken one.
    Download it here: http://www.majorgeeks.com/download4180.html
    Unzip it and run it. Check the Box labeled "I know what I'm doing" and then click on the calsp.dll file (in the “Keep” section) to select it.

    Then, Select the >> button to move calsp.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.

    Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
    fxqltmos.exe


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [gvnosj] C:\WINDOWS\System32\fxqltmos.exe
    O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll <--- these may be gone after using LSP-fix
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07670ea...ip/RdxIE601.cab
    O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...lim/install.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB


    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\fxqltmos.exe
    C:\WINDOWS\conscorr.exe
    C:\WINDOWS\wupdt.exe
    c:\windows\system32\calsp.dll

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Do you know what this next service is for?
    O23 - Service: Reflection Servers - WRQ, Inc. - C:\Program Files\Reflection\rninetd.exe
     
    chaslang, Dec 16, 2004
    #4
  5. thepitts

    thepitts Private E-2

    I did everything and I am still having trouble. The reflections is something I use to get into an HP system at my work. It is okay.

    Here is a new hijack this log.
     

    Attached Files:

    thepitts, Dec 17, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I assume by saying you are still have trouble you mean from these,
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch

    The fix for the O1 - Hosts: 69.20.16.183 hijack problem may have been found and the below link should be checked out.

    http://forums.techguy.org/showthrea...99&page=1&pp=15

    Let us know if the info in the above link works for you. The fix involves using Pocket KillBox and a Generic Detection Tool . Remove the files the detection tool detects using Pocket Killbox.
     
    chaslang, Dec 17, 2004
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds