problem - possibly a trojan/virus

Computing.Net > Forums > Security and Virus > problem - possibly a trojan/virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

problem - possibly a trojan/virus

Name: fr3357yl3r
Date: January 20, 2004 at 07:32:07 Pacific
OS: Win2k - SP3
CPU/Ram: AMD TB 900 MHZ/512 MB Ram

Comment:

hi folks!
i got a problem and i hope any of you has an helpful advice.
recently i experienced strange things going on with my pc (bluescreens, auto-shutdown, crashes etc) which i am not quite used to since i am using Win2k (+SP 3) and that is actually quite stable. so i decided to get a new firewall and antivirus program. i decided to go with norton antivirus 2004 and norton personal firewall 2004. but everytime i want to open either one of those programs it closes automatically after ~10 sec. so i believe my pc is infected by a virus or trojan or whatever.
the following is the log i created with hijackthis. please someone analyze it for viruses/trojans etc.
thanks in advance!
greetings,
fr3357yl3r
LOG:
Logfile of HijackThis v1.97.7
Scan saved at 15:18:23, on 20.01.2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\Programme\Karna\Razer\razertra.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\WINNT\System32\rundll32.exe
C:\Programme\DU Meter\DUMeter.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MOStat.exe
C:\WINNT\System32\MsiExec.exe
C:\Programme\Internet Explorer\IEXPLORE.exe
C:\Programme\Internet Explorer\IEXPLORE.exe
E:\STUFF_E\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.008i.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardplace.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.008i.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wflu.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.008i.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
R3 - URLSearchHook: ViewSource Class - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\winshow\winshow.dll
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Programme\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Programme\CommonName\Toolbar\CNBarIE.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {5D4368E5-4F58-4D33-9530-C61E987C99B1} - C:\WINNT\system32\mo030414s.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\winshow\winshow.dll
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\winlink\winlink.dll
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Programme\CommonName\Toolbar\BabeIE.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\GO!ZILLA\GoIEHlp.dll
O2 - BHO: (no name) - {F767E754-921D-4183-B8FC-627DC8962CA9} - C:\WINNT\system32\gkylu.dll
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Programme\CommonName\Toolbar\CNBarIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razertra] C:\Programme\Karna\Razer\razertra.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Programme\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NewsUpd] C:\Programme\Creative\News\NewsUpd.exe /q
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "D:\Programme\GoZilla\Go.exe" /FIXRAS
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [b3dUpdate] C:\WINNT\BDE\Update\Zupdate.exe -silent -p "C:\WINNT\BDE\Update" -s setup.cab
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Configuration Loader] SERVICE5.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [Configuration Loader] SERVICE5.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [GameSpot] C:\Programme\Kontiki\bin\kontiki.exe -s GameSpot -q
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINNT\System32\cmd.exe" /c "C:\DOKUME~1\ADMINI~1\LOKALE~2\Temp\isDel.bat"
O4 - Startup: SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: Add A Page Note - C:\Programme\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Programme\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Email This Link - C:\Programme\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Programme\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search using CommonName - C:\Programme\CommonName\Toolbar\navigate.htm
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://216.65.38.226/Download_Plugin.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://g-cam.g-zone.at/activex/AxisCamControl.ocx
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{62A2793E-B5EB-4654-B1F8-F103F1093AD3}: NameServer = 195.34.133.10,195.34.133.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (HKLM)

Sponsored Link

Ads by Google

Response Number 1

Name: mark2a
Date: January 20, 2004 at 08:33:18 Pacific

Reply:

Hi fr3357yl3r,
first of all you have a cooweb infection, go to http://www.merijn.org/files/CWShredder.exe and download coolwebshredder, run it ensuring you hit FIX rather than only scanning.
Reboot,
I would suggest uninstalling New.net via add/remove programs, rebooting when instructed.
Also try to uninstall Commonname via add/remove programs, rebooting when instructed.
Then run Hijackthis allowing it to fix the following by putting a tick in the box next to them and hitting the 'Fix Checked' button, after closing all explorer and browser windows.
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Programme\CommonName\Toolbar\CNBarIE.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\winshow\winshow.dll
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\winlink\winlink.dll
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Programme\CommonName\Toolbar\BabeIE.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\GO!ZILLA\GoIEHlp.dll
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Programme\CommonName\Toolbar\CNBarIE.dll
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [Configuration Loader] SERVICE5.exe
O4 - HKLM\..\RunServices: [Configuration Loader] SERVICE5.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://216.65.38.226/Download_Plugin.exe

reboot into safe mode, find and delete the following files/folders
C:\Programme\Gemeinsame Dateien\ CMEII <---folder
C:\PROGRA~1\ Save <---- folder
SERVICE5.exe <-----file
C:\Programme\Gemeinsame Dateien\ GMT <-----folder
C:\Programme\ CommonName <------ folder
Then run Hijackthis once more and post a fresh log.

Response Number 2

Name: fr3357yl3r
Date: January 20, 2004 at 09:27:32 Pacific

Reply:

Hi mark2a!
Thanks for your detailed answer!
I did all of the above except for some part since i scanned (and deleted some) files with Adaware. the system seems to run more smooth now. im gonna try to install the firewall again now. hopefully it works this time. however here is the new/fresh
hijackthis-log:
Logfile of HijackThis v1.97.7
Scan saved at 18:15:27, on 20.01.2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.exe
C:\Programme\Karna\Razer\razertra.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Creative\News\NewsUpd.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programme\DU Meter\DUMeter.exe
C:\WINNT\System32\internat.exe
C:\Programme\SpamPal\spampal.exe
C:\WINNT\System32\MOStat.exe
C:\WINNT\System32\wuauclt.exe
E:\STUFF_E\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardplace.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Programme\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {5D4368E5-4F58-4D33-9530-C61E987C99B1} - C:\WINNT\system32\mo030414s.dll
O2 - BHO: (no name) - {F767E754-921D-4183-B8FC-627DC8962CA9} - C:\WINNT\system32\gkylu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razertra] C:\Programme\Karna\Razer\razertra.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Programme\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NewsUpd] C:\Programme\Creative\News\NewsUpd.exe /q
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "D:\Programme\GoZilla\Go.exe" /FIXRAS
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [b3dUpdate] C:\WINNT\BDE\Update\Zupdate.exe -silent -p "C:\WINNT\BDE\Update" -s setup.cab
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQ.exe -minimize
O4 - Startup: SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://g-cam.g-zone.at/activex/AxisCamControl.ocx
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{62A2793E-B5EB-4654-B1F8-F103F1093AD3}: NameServer = 195.34.133.10,195.34.133.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F20492F-AE9E-4C9F-B726-45D8FA22BC06}: NameServer = 195.34.131.180,195.34.133.11
greetings,
fr3357yl3r

Response Number 3

Name: mark2a
Date: January 20, 2004 at 09:42:29 Pacific

Reply:

You might want to consider getting rid of BDE spyware.
Check out this link
http://www.wilderssecurity.com/B3DKiller.html for a remover, see this page http://news.com.com/2100-1023-873181.html for why.
Also check the info on internat.exe http://www.sysinfo.org/startuplist.php?filter=internat.exe&count=&type=
to make sure you have the right one

Response Number 4

Name: fr3357yl3r
Date: January 20, 2004 at 12:20:00 Pacific

Reply:

hi!
me again ...
alright everything's workin fine yet. i hope it stays like that. thanks for your help and btw thanks for the new links. i checked the internat.exe file seems to be the right one. unfortunately cant download the BDE remover at the moment. supposed to be down. ill try it later.
thank you again!
greetings,
fr3357yl3r

Response Number 5

Name: nawab081
Date: January 23, 2004 at 11:46:25 Pacific

Reply:

Hi all....i have this weird problem on XP....i am trying to uninstall CNet Download Manager from my Change/Remove programs...CNet's alias is also Kontiki Manager....When i got to uninstall it freezes.....i open my processes and sometimes there is one rundll32.exe taking up 98 to 100% of my CPU other times there are two exact duplicates of rundll32.exe both taking up 50% each.....i have tried tio to do many things....i have deleted the files from hard disk....removed the keys for this kontiki program from my registry......please help someone....
thanks in advance
nawab

global cam ARTISAN 1023 microsoft quickbasic download SUN shutdown nmbd/nmbd_namequery.c:(101) auto shutdown linux running /sbin/loader esent 101 svchost mobsync.exe svchost crash	svchost virus bde administrator virus closes antivirus http problem win2k auto shutdown win2k auto shutdown 861050-0010 sp3 winlogon cc virus net group add
See More

Removing shares and accou...

CWShredder update - again...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: problem - possibly a trojan/virus

i got a trojan virus....HELP!!!!

Summary

www.computing.net/answers/security/i-got-a-trojan-virushelp/1006.html

i think i have a trojan virus

Summary

www.computing.net/answers/security/i-think-i-have-a-trojan-virus/19215.html

Can't remove a trojan virus

Summary

www.computing.net/answers/security/cant-remove-a-trojan-virus/21556.html

From the Geek Dictionary
bio - BIO or bio break is used, typically by gamers, in order to let other people...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
workstations get updated with AD

Computer set-up problem etc. help

Accessing domain users profile troubleshoot

mouse vertical movement

laptop won't turn on

All Awaiting Reply

Tom's News
Norwegians Mistake Missile for Alien Spacecraft

Yahoo! Chief: God Bless Tiger Woods

Woman Sues Burger King for Textual Harrassment

Modern Warfare 2 Censored in Japan, Germany

LucasArts Making 'Star Wars Legends' Game?

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE