ADW Ruledor.c\loader.exe virus

Computing.Net > Forums > Windows 95/98 > ADW Ruledor.c\loader.exe virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

ADW Ruledor.c\loader.exe virus

Name: hippychick91
Date: November 30, 2003 at 17:15:23 Pacific
OS: windows xp professional
CPU/Ram: pentium

Comment:

can anyone help me . I've removed this virus once but its back. I have run hijack results below..many thanks
Logfile of HijackThis v1.97.7
Scan saved at 01:13:47, on 01/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ystck32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Borehill Family\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.8.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64A - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B7 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B76 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-5 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-56 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6- - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005004 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050048 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BD - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDB - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\ystck32.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\Comets~1\DM\bin\DMServer.exe /onreboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.exe"
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.2221064815
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw11fd.law11.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST2222.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{396CB74B-4DFD-4F9D-91F8-183A28EED50C}: NameServer = 192.168.8.1

Sponsored Link

Ads by Google

Response Number 1

Name: elric
Date: November 30, 2003 at 17:24:45 Pacific

Reply:

G'day,
You might have more luck by posting this on the Virus and Security forum.
regards,
Elric

Response Number 2

Name: hippychick91
Date: December 1, 2003 at 01:15:40 Pacific

Reply:

Ok thanks, new here so it was my mistake. I've taken your advice.

Response Number 3

Name: Tom41
Date: December 1, 2003 at 01:18:18 Pacific

Reply:

Run HijackThis again and place a check in the box next to the following items. Doublecheck so as to be sure not to miss one.
Next, close all browser Windows, and have HT 'fix checked'.
You Must restart your computer when you're done.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.8.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64A - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B7 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B76 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-5 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-56 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6- - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005004 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050048 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BD - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDB - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\ystck32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST2222.cab
After restarting delete the following:
C:\WINDOWS\ystck32.exe
C:\Program Files\Common files\updater folder.
C:\Program Files\Common Files\CMEII folder.
C:\Program Files\Common Files\GMT folder.

Response Number 4

Name: hippychick91
Date: December 1, 2003 at 01:27:43 Pacific

Reply:

Thanks for that, I'll give it a go and let you know, fingers crossed

Response Number 5

Name: hippychick91
Date: December 1, 2003 at 02:58:10 Pacific

Reply:

BIG THANKYOU TOM! Sorted..I hope xx

c program files yahoo messenger ypager exe iexplore.exe virus iexplore.exe virus removal	services.exe virus a.exe b.exe c.exe loader.exe virus
See More

Response Number 6

Name: kimludeke
Date: December 14, 2003 at 06:19:55 Pacific

Reply:

I have the ADW RULEDOR.C virus as well as WORM APLPHX.E
(this is the first time I've used hijackthis)

Logfile of HijackThis v1.97.7
Scan saved at 9:13:19 AM, on 12/14/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\CLEARSEARCH\LOADER.exe
C:\WINDOWS\AV.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\NETZERO\ZCAST.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\PROGRAM FILES\NETZERO\CHKRAS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\ENZIP\ENZIP.exe
C:\WINDOWS\TEMP\_ENZIP.TEMP\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ad1.zendmedia.com/ad-spy_hdc.php?id=start7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=rh25536&key=740231ce11a3a61a645209ea6a35a7a6&ts=3f419088&A=0&B=1059289200000&C=1059289200000&D=0&I=6.0B4&L=&M=981100800000&N=&O=A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\IM6UM.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - User Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/239958891b53f18dfa23/netzip/RdxIE601.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.imbum.com/Imbum.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_99/QDow.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

ANY HELP SINCERELY APPRECIATED!!!!!!

Sponsored Link

Ads by Google

Microsoft Photo Editor

swap file registry or oth...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 95/98 Forum Home

Sponsored links

Ads by Google

Results for: ADW Ruledor.c\loader.exe virus

adw ruledor.c

Summary

www.computing.net/answers/windows-95/adw-ruledorc/155138.html

adw ruledor.c peper trojan

Summary

www.computing.net/answers/windows-95/adw-ruledorc-peper-trojan/152841.html

missing loader.exe and cwshredder

Summary

www.computing.net/answers/windows-95/missing-loaderexe-and-cwshredder-/151110.html

From the Geek Dictionary
clock speed - The number of cycles per second in an electronic cicuit (particulary proces...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
unable to open jpg files which are recovered

PSPad don't open last document

help please

SM Bus Controller

Cannot Open Pagemaker Files

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE