Jump to content


Photo

Need help


  • Please log in to reply
8 replies to this topic

#1 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 04:43 AM

this is my first ever post so i hope it's in the right place
the problem is tha after i read the FAQ and installed those programs (ad-aware spy sweeper ets.) they detect and remove the problem but the next time i run internet explorer ( or even windows explorer o_O ) there it is again.So i downloaded hijackthis and here is the log:





Logfile of HijackThis v1.97.7
Scan saved at 15:38:12, on 24.6.2004 г.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FastSoft\FastChat\FastChat.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warez.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = warez.ru;www.warez.ru;www.data.bg;free.data.bg;data.bg;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1826F7E0-6A24-4008-8D8D-6BCEC6306B41} - C:\WINDOWS\System32\jjca.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: FastChat.lnk = C:\Program Files\FastSoft\FastChat\FastChat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab



thank you in advance.

#2 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 28 June 2004 - 02:36 PM

It's been almost a week since i posted and no reply yet... :wtf:
Something happened last night and i can no longer block the pop ups with Ad-watch.

NOW IT'S REALLY GETTING ON MY NERVES!!!

I think i am infected by CoolWebSearch(about blank) just like most of the people here. I've followed the instructions given to people with the same complaints as mine but they didn't work for me.

Can somebody help me please.

#3 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 June 2004 - 03:16 AM

CWShredder fixes CWS.Searchx only temporary, probably because it can't delete that pesky hidden hidden file well neither can i so pls help...



btw BUMP :whistle:

#4 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 02 July 2004 - 05:38 PM

BUMP

#5 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 04 July 2004 - 05:38 PM

BUMP

#6 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 05 July 2004 - 01:39 AM

BUMP

#7 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 05 July 2004 - 04:01 PM

BUMP

#8 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 10 July 2004 - 06:29 AM

BUMP

#9 Dan_SR

Dan_SR

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 10 July 2004 - 09:18 PM

BUMP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button