PDA

View Full Version : DoubleClick Keeps returing/Windows Explorer keeps crashing (NOT IE)


ShortNJ
2006-09-24, 19:09
I actually have two issues

Issue 1
I am on a windows 2000 machine and certain adware keeps coming back once I remove. I had a lot of spyware and was able to get rid of the majority using Sypot, AVG and SUPER Antispyware. How do I prevent these from returning?
Note : They only seem to return once I connect to the network.

Issue2

Since I have downloaded all of these spy removal progams on certain windows explorer folders. When I select a file it will cause windows to crash.
The behaivor only occurs on some folders that have *.mp3 files in them NOT all of them so it is not really consistent.

Here are my results from Hijack this:

Any help will be greatyly appreciated:


Logfile of HijackThis v1.99.1
Scan saved at 4:31:05 PM, on 9/23/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\IBM\SQLLIB\BIN\db2icsrv.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\IBM\SQLLIB\doc\eclipse\jre\bin\javaw.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\Program Files\IBM\SQLLIB\bin\db2dasstm.exe
D:\Program Files\IBM\SQLLIB\doc\eclipse\eclipse.exe
D:\Program Files\IBM\SQLLIB\doc\eclipse\jre\bin\javaw.exe
C:\WINNT\System32\mspmspsv.exe
D:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
D:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
D:\PROGRA~1\IBM\SQLLIB\bin\db2fmp.exe
D:\Program Files\IBM\SQLLIB\BIN\db2systray.exe
C:\WINNT\loadqm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINNT\System32\SNDVOL32.EXE
C:\WINNT\System32\taskmgr.exe
C:\WINNT\System32\HPZinw12.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ureach.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = diaproxy.us.aegon.com:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.us.aegon.com,*divweb*,*.aegonu*,*tretirement*,*nbdev*,*diatest*,162.123*,paris3.pr
oduction.divinvest.com,test.divinvest.com,www.divinvest.com,*aegoned*,*aegonne*,*.ae
gonins.*,*plansthatwork*,dia.ta-retirement.com,re*.trinity-health.org;<local>
R3 - URLSearchHook: (no name) - {B92DF506-66C2-6539-EDC8-37B6AC9728C6} - C:\WINNT\System32\nnqx.dll (file missing)
R3 - URLSearchHook: (no name) - {673AA049-6BD6-3226-A0A3-6143B367F6CA} - C:\WINNT\System32\byl.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,rlftmuy.exe
O2 - BHO: (no name) - {D601D720-731D-44C7-9188-05E8F837E4F5} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [db2systray.exe DB2] D:\Program Files\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Dwiu] "C:\WINNT\System32\MBOLS~1\javaw.exe" -vt ndrv
O4 - HKCU\..\Run: [Zdmmwc] C:\WINNT\system32\??mbols\??rss.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://pnyastd01/TDBIN/Spider80.ocx
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwga.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.aegon.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.aegon.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.aegon.com
O20 - AppInit_DLLs: C:\WINNT\System32\services.dll
O20 - Winlogon Notify: App Management - C:\WINNT\system32\l44qleh51h4.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - D:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 Information Center Server (DB2ICSERVER) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2icsrv.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
LonnyRJones
2006-09-30, 12:27
Hello and welcome to the Forum.
Sorry for the delay, your post seam's to have sliped by
If your still in need of assistance and not recieving it at another forum the next step is to Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Post a new hijackthis log to
tashi
2006-10-04, 21:11
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.

For future reference:
If you have waited FOUR days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836) :)