News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
May 18, 2013, 21:06:24
linktree cexx.org - Support Forums  >  Spyware-Related Stuff  >  Report New Spyware Here
linktree Topic: Problems with syssfitb
Pages: [1]   Go Down
« previous next »
  Print  
Topic: Problems with syssfitb  (Read 2229 times)
0 Members and 1 Guest are viewing this topic.
« on: December 27, 2003, 09:17:40 »
jeppers Offline
Newbie

 *

Karma: 0
Posts: 3
I have got a new program in my tasklist : syssfitb.
Ad aware 6.0 doesn't find it. And i have ran hijackthis.
The result is here:

Logfile of HijackThis v1.97.7
Scan saved at 18:11:42, on 27.12.2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\AUDIOINF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAMFILER\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMFILER\FELLESFILER\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMFILER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMFILER\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\PROGRAMFILER\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSSFITB.EXE
C:\MINE DOKUMENTER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra Telenor Internett
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.oslo.kommune.no:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 100.*;*.oslo.kommune.no;oslo.kommune.no;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.online.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=c:\windows\system\audioinf.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMFILER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\SYSTEM\SYSSFITB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [cpqek] C:\Programfiler\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Programfiler\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programfiler\Fellesfiler\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Audioinf] c:\windows\system\audioinf.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAMFILER\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [DR_S] %ProgramFiles%\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ClockSync] C:\Programfiler\ClockSync\Sync.exe
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O4 - Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: DnB Betaling - https://dnb.no/nettbank/bf.cab
O16 - DPF: DnB Online - http://www16.dnb.no/aksjehandel/online.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/client/iftwclix.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: WalletLoginApplet - https://dnb.no/applets/logon/WalletLogin.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/no/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://active.macromedia.com/flash/cabs/swflash.cab
O16 - DPF: DnB_Betaling - https://dnb.no/nettbank/bf.cab
O16 - DPF: DnB-Betaling - http://www16.dnb.no/nettbank/bf.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.3788888889
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab

Can anyone tell me what i should do with this

Jeppers
Logged
« Reply #1 on: December 27, 2003, 09:27:57 »
Unzy
Guest
Hi there,

I see some other probs as well, can you first plese do an online scan here :

http://www.bitdefender.com/scan/licence.php

and / or here :

http://housecall.antivirus.com/housecall/start_corp.asp

And tell us if they come up with anything

Thanks!

Cheers,
Logged
« Reply #2 on: December 27, 2003, 11:00:28 »
jeppers Offline
Newbie

 *

Karma: 0
Posts: 3
hi,
i have done the online scan as you told me and here was a lot:

C:\Recycled\Dc8.exe=>(PECompact 1.68-1.84) infected: Trojan.Downloader.Dluca.K
C:\Recycled\Dc8.exe deleted
C:\WINDOWS\Temporary Internet Files\Content.IE5\CIVKERGQ\nem214[1] infected: Trojan.Downloader.Dyfuca.J
C:\WINDOWS\Temporary Internet Files\Content.IE5\CIVKERGQ\nem214[1] deleted
C:\WINDOWS\Temporary Internet Files\Content.IE5\GVHFSAMR\optimize[1].exe infected: Trojan.Downloader.Dyfuca.J
C:\WINDOWS\Temporary Internet Files\Content.IE5\GVHFSAMR\optimize[1].exe deleted
C:\WINDOWS\TEMP\delwbi.tmp=>(PECompact 1.68-1.84) infected: Trojan.Downloader.Dluca.K
C:\WINDOWS\TEMP\delwbi.tmp deleted

My antivirusprogram or ad aware haven't found it. But i am still running syssftib

jeppers
Logged
« Reply #3 on: December 27, 2003, 11:05:07 »
Unzy
Guest
Ah ok, thanx jeppers

Can you repost another hijackthis log?

also send that SYSsfitb file to me please, it's no doubt a baddie, but I wanna have a closer look, maybe identifying it.

C:\WINDOWS\SYSsfitb.exe <- this file

Mail here  Thanks!

Cheers,
Logged
« Reply #4 on: December 27, 2003, 12:47:56 »
Unzy
Guest
Thanks for the file,

It's a homepage and IE search hijacker, changes the default search settings to searchforit.com.

Please post another log, I wnna see if some entries are already gone after the scan, so we can clean you out.

Thanks

Cheers,
Logged
« Reply #5 on: December 27, 2003, 13:12:02 »
Anonymous
Guest
hi there,
here is a new log:

Logfile of HijackThis v1.97.7
Scan saved at 22:07:02, on 27.12.2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\AUDIOINF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAMFILER\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMFILER\FELLESFILER\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMFILER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMFILER\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\PROGRAMFILER\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSSFITB.EXE
C:\MINE DOKUMENTER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra Telenor Internett
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.oslo.kommune.no:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 100.*;*.oslo.kommune.no;oslo.kommune.no;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.online.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=c:\windows\system\audioinf.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMFILER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\SYSTEM\SYSSFITB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [cpqek] C:\Programfiler\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Programfiler\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programfiler\Fellesfiler\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Audioinf] c:\windows\system\audioinf.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAMFILER\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [DR_S] %ProgramFiles%\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ClockSync] C:\Programfiler\ClockSync\Sync.exe
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O4 - Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: DnB Betaling - https://dnb.no/nettbank/bf.cab
O16 - DPF: DnB Online - http://www16.dnb.no/aksjehandel/online.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/client/iftwclix.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: WalletLoginApplet - https://dnb.no/applets/logon/WalletLogin.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/no/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://active.macromedia.com/flash/cabs/swflash.cab
O16 - DPF: DnB_Betaling - https://dnb.no/nettbank/bf.cab
O16 - DPF: DnB-Betaling - http://www16.dnb.no/nettbank/bf.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.3788888889
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

jeppers
Logged
« Reply #6 on: December 27, 2003, 15:12:29 »
Unzy
Guest
Thanks,

Have only HijackThis running and fix the following :

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=c:\windows\system\audioinf.exe

O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL

O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\SYSTEM\SYSSFITB.DLL

O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect   <- dialer
O4 - HKLM\..\RunServices: [Audioinf]
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab

Next make sure you have set hidden files / folders to show : C:\PROGRAMFILER\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [DR_S] %ProgramFiles%\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ClockSync] C:\Programfiler\ClockSync\Sync.exe
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
security.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=]here's how

Next reboot the PC , preferably in Safe Mode and remove :

c:\windows\system\audioinf.exe <- this file
C:\PROGRAMFILER\SYSTEM SOAP PRO\ <- this folder
%ProgramFiles%\DR_S\DR_S.exe <- this file
C:\Programfiler\ClockSync\ <- this folder
C:\WINDOWS\SYSsfitb.exe <- this file

Hope this helps,

Keep us posted

Cheers,
Logged
 
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.355 seconds with 20 queries.