Jump to content


Photo

html:96676


  • Please log in to reply
1 reply to this topic

#1 morrijo

morrijo

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 June 2004 - 06:49 AM

I've tried everything...even Spybot no longer sees a problem. Please help!

Logfile of HijackThis v1.97.7
Scan saved at 7:46:43 AM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\systa.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atlkb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Joseph\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftyab.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftyab.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftyab.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftyab.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ftyab.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ftyab.dll/sp.html#96676
O2 - BHO: (no name) - {0375DB0B-A138-898A-8565-1BE75E94375A} - C:\WINDOWS\system32\winyn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [atlkb.exe] C:\WINDOWS\system32\atlkb.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [d3fv.exe] C:\WINDOWS\d3fv.exe
O4 - HKLM\..\RunOnce: [ipwk.exe] C:\WINDOWS\ipwk.exe
O4 - HKLM\..\RunOnce: [mfcls.exe] C:\WINDOWS\system32\mfcls.exe
O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe
O4 - HKLM\..\RunOnce: [atllg.exe] C:\WINDOWS\atllg.exe
O4 - HKLM\..\RunOnce: [winvu.exe] C:\WINDOWS\system32\winvu.exe
O4 - HKLM\..\RunOnce: [addal.exe] C:\WINDOWS\addal.exe
O4 - HKLM\..\RunOnce: [appwd32.exe] C:\WINDOWS\system32\appwd32.exe
O4 - HKLM\..\RunOnce: [netuh.exe] C:\WINDOWS\system32\netuh.exe
O4 - HKLM\..\RunOnce: [syskj32.exe] C:\WINDOWS\system32\syskj32.exe
O4 - HKLM\..\RunOnce: [crju.exe] C:\WINDOWS\crju.exe
O4 - HKLM\..\RunOnce: [addec.exe] C:\WINDOWS\addec.exe
O4 - HKLM\..\RunOnce: [criy.exe] C:\WINDOWS\criy.exe
O4 - HKLM\..\RunOnce: [netlm.exe] C:\WINDOWS\system32\netlm.exe
O4 - HKLM\..\RunOnce: [mfcjx32.exe] C:\WINDOWS\mfcjx32.exe
O4 - HKLM\..\RunOnce: [atltp.exe] C:\WINDOWS\atltp.exe
O4 - HKLM\..\RunOnce: [apipi32.exe] C:\WINDOWS\system32\apipi32.exe
O4 - HKLM\..\RunOnce: [sdklo.exe] C:\WINDOWS\sdklo.exe
O4 - HKLM\..\RunOnce: [apiqe32.exe] C:\WINDOWS\system32\apiqe32.exe
O4 - HKLM\..\RunOnce: [systa.exe] C:\WINDOWS\systa.exe
O4 - HKLM\..\RunOnce: [apiaa.exe] C:\WINDOWS\system32\apiaa.exe
O4 - HKLM\..\RunOnce: [mfcpu32.exe] C:\WINDOWS\mfcpu32.exe
O4 - HKLM\..\RunOnce: [atlyy.exe] C:\WINDOWS\system32\atlyy.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\msai32.exe
O4 - HKLM\..\RunOnce: [msti.exe] C:\WINDOWS\system32\msti.exe
O4 - HKLM\..\RunOnce: [winvc.exe] C:\WINDOWS\winvc.exe
O4 - HKLM\..\RunOnce: [apimn32.exe] C:\WINDOWS\system32\apimn32.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe
O4 - HKLM\..\RunOnce: [appyv32.exe] C:\WINDOWS\appyv32.exe
O4 - HKLM\..\RunOnce: [mspp.exe] C:\WINDOWS\mspp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 30 June 2004 - 01:33 PM

Hello morrijo,

Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button:

O2 - BHO: (no name) - {0375DB0B-A138-898A-8565-1BE75E94375A} - C:\WINDOWS\system32\winyn32.dll
O4 - HKLM\..\Run: [atlkb.exe] C:\WINDOWS\system32\atlkb.exe
O4 - HKLM\..\RunOnce: [d3fv.exe] C:\WINDOWS\d3fv.exe
O4 - HKLM\..\RunOnce: [ipwk.exe] C:\WINDOWS\ipwk.exe
O4 - HKLM\..\RunOnce: [mfcls.exe] C:\WINDOWS\system32\mfcls.exe
O4 - HKLM\..\RunOnce: [winzg.exe] C:\WINDOWS\system32\winzg.exe
O4 - HKLM\..\RunOnce: [atllg.exe] C:\WINDOWS\atllg.exe
O4 - HKLM\..\RunOnce: [winvu.exe] C:\WINDOWS\system32\winvu.exe
O4 - HKLM\..\RunOnce: [addal.exe] C:\WINDOWS\addal.exe
O4 - HKLM\..\RunOnce: [appwd32.exe] C:\WINDOWS\system32\appwd32.exe
O4 - HKLM\..\RunOnce: [netuh.exe] C:\WINDOWS\system32\netuh.exe
O4 - HKLM\..\RunOnce: [syskj32.exe] C:\WINDOWS\system32\syskj32.exe
O4 - HKLM\..\RunOnce: [crju.exe] C:\WINDOWS\crju.exe
O4 - HKLM\..\RunOnce: [addec.exe] C:\WINDOWS\addec.exe
O4 - HKLM\..\RunOnce: [criy.exe] C:\WINDOWS\criy.exe
O4 - HKLM\..\RunOnce: [netlm.exe] C:\WINDOWS\system32\netlm.exe
O4 - HKLM\..\RunOnce: [mfcjx32.exe] C:\WINDOWS\mfcjx32.exe
O4 - HKLM\..\RunOnce: [atltp.exe] C:\WINDOWS\atltp.exe
O4 - HKLM\..\RunOnce: [apipi32.exe] C:\WINDOWS\system32\apipi32.exe
O4 - HKLM\..\RunOnce: [sdklo.exe] C:\WINDOWS\sdklo.exe
O4 - HKLM\..\RunOnce: [apiqe32.exe] C:\WINDOWS\system32\apiqe32.exe
O4 - HKLM\..\RunOnce: [systa.exe] C:\WINDOWS\systa.exe
O4 - HKLM\..\RunOnce: [apiaa.exe] C:\WINDOWS\system32\apiaa.exe
O4 - HKLM\..\RunOnce: [mfcpu32.exe] C:\WINDOWS\mfcpu32.exe
O4 - HKLM\..\RunOnce: [atlyy.exe] C:\WINDOWS\system32\atlyy.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\msai32.exe
O4 - HKLM\..\RunOnce: [msti.exe] C:\WINDOWS\system32\msti.exe
O4 - HKLM\..\RunOnce: [winvc.exe] C:\WINDOWS\winvc.exe
O4 - HKLM\..\RunOnce: [apimn32.exe] C:\WINDOWS\system32\apimn32.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe
O4 - HKLM\..\RunOnce: [appyv32.exe] C:\WINDOWS\appyv32.exe
O4 - HKLM\..\RunOnce: [mspp.exe] C:\WINDOWS\mspp.exe


Download About:Buster from either of the following locations.

http://www.atribune....AboutBuster.zip
http://tools.zerosre...AboutBuster.zip

Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!! Run AboutBuster.exe, click OK, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log. Reboot, and post a new HijackThis log along with the two reports from About:Buster.

Good Luck :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button