Trojan.Adclicker - MSOutlook Not Responding

MsJessicaDz

Problem: MSOutlook Not Responding
*********************************
Symantec Scan Quarantined
Date: 10/20/06
Filename: 'crdmrogh.dll.bad'
Virus Name: Trojan.Adclicker
Original Location: C:\VundoFix Backups\
Status: Infected
*********************************
Logfile of HijackThis v1.99.1
Scan saved at 11:27:30 AM, on 10/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\PDFCreatorMessages.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\PELMICED.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\HJT\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = \SOFTWARE\Microsoft\Internet Explorer\Search
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} (pwrUpl2 Class) - https://hks.thruinc.net/Components/PowerUpload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160425962531
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINNT\system32\PDFCreatorMessages.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe

skywalker45

Hi MsJessicaDz! I see you're back. The Symantec scan revealed a quarantined file in the VundoFix backups, all of which you can safely delete. Now tell me more about the problem you're having with Outlook. Is it just not working? Which version of Outlook is it?

MsJessicaDz

Good morning Sir - Yeah, I saw that too - but that's the only resent thing that had happen. MSOutlook 2000 - opens up fine - hit Send/Receive and it goes to Not Responding. Was worried this was virus related since this is exactly what was happening to it last time. And once we solved the virus and did clean-up stuff it went back to working fine....

Okaaayyyyy, I just checked it AGAIN... and it let the messages thru??? So, bla.... Not sure why it's doing that and kinda think it will go back to not working... Honestly don't think it's an Outlook problem, like too many emails or something like that. Well now I'm just babbling. Anything thoughts?

Thanks - Jessica

skywalker45

If the Outlook inbox exceeds, I believe 2GB, then Outlook will crash, but when I say crash I mean really crash hard! I've seen it happen here at work. That's a problem that has been addressed in newer versions. However that's not the case here. Do you leave Outlook open all the time? There is the one possibility that there could be more than one instance of outlook.exe running at any given time. The next time this happens I want you to do this:

Run Hijack This:

Click on the

open misc tools section button.
When the screen opens click open process manager


The process manager will open. In the upper right corner of the screen is a clipboard. Click that button then paste the process manager log back here for me to check.

MsJessicaDz

Good Morning

MSOutlook opened up fine and seems to still be working. Sorry, feel like I wasted your time. Thanks for all you do. Keeps your mind going, hu.... :type:

Have a good day.
Jessica

skywalker45

No time wasted. I'll leave this post open for awhile in case you need to come back.

MsJessicaDz

Jello - It's me AGAIN, hope you had a good Thanksgiving and are expecting a great Christmas. Thanks for leaving this post open, you just knew I'd be back right.

Well here's the deal: last Friday Symantec quarantined 6 files, Virus Name - downloader (ckibh.exe;counter21[1].php.) Thinking that since they were caught and quarantined all was okay. BUT my MSOutlook has not been working since. Is doing as described before, opens up fine but when trying to Send/Recieve goes to Not Responding.

skywalker45

Hi. It's good to hear back from you but I'm sorry you're still having this problem. Give me some time to do some research and I'll get back with you. I've been away for a while because I moved and just got my internet back. I'll be back with you soon.