Jump to content


Photo

Used AboutBuster and HijackThis--Now What?


  • Please log in to reply
14 replies to this topic

#1 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 04:25 PM

I've read the recent forums and ran AboutBuster 1.26 and then Hijack This.

Here are the logs:

Logfile of HijackThis v1.98.0
Scan saved at 2:21:38 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\ctfmon.exe
c:\program files\softwin\bitdefender free edition\bdmcon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\William Wallace\Local Settings\Temp\Temporary Directory 38 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\William Wallace\Local Settings\Temp\Temporary Directory 2 for AboutBuster.zip\AboutBuster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5F479661-FF4B-4034-AEFA-2308E6AB98C1} - C:\WINDOWS\System32\lnkkjp.dll
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3432FF-EA45-4253-A130-A5C6D0DAF5B8}: NameServer = 66.81.0.251 66.81.0.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3432FF-EA45-4253-A130-A5C6D0DAF5B8}: NameServer = 66.81.0.251 66.81.0.252
O18 - Filter: text/html - {3345DB53-6109-4059-AFCA-24B6D4AB9E05} - C:\WINDOWS\System32\lnkkjp.dll
O18 - Filter: text/plain - {3345DB53-6109-4059-AFCA-24B6D4AB9E05} - C:\WINDOWS\System32\lnkkjp.dll

Busterscan 07//8/04

-- Scan 1 --------
About:Buster Version 1.26
Error Removing! : C:\WINDOWS\System32\lnkkjp.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

This thing is driving me nuts! I run AdAware 10 times a day, CWShredder a few times a day, and a full virus scan a few times a day. It always comes back!

Please help. Thank you.

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 04:33 PM

Edit: About:Buster will work if you run it in safe mode. So only follow the directions below if it doesnt work. It will only work because your variant is not hidden.

About:Buster does not work on this variant.

To remove this variant.
Reboot into safe mode. Directions

Run Hijack This and tick the boxes next to these items.
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  • O2 - BHO: (no name) - {5F479661-FF4B-4034-AEFA-2308E6AB98C1} - C:\WINDOWS\System32\lnkkjp.dll
Close all windows and hit fix checked. Restart into normal mode. The main infection should be gone. Please post a new Hijack This log.

Edited by RubbeR DuckY, 08 July 2004 - 04:35 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 05:18 PM

Hi DuckY--

It looks worse!


Scan saved at 3:18:24 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Documents and Settings\William Wallace\Local Settings\Temp\Temporary Directory 39 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {DE02FF4D-FFE2-4F1F-993F-5E5CACD5B1A8} - C:\WINDOWS\System32\lnkkjp.dll
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [5@4QLK43RLHPN5] C:\WINDOWS\System32\Myb2YeGd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [mtxlegih] C:\WINDOWS\system32\mtxlegih.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3432FF-EA45-4253-A130-A5C6D0DAF5B8}: NameServer = 66.81.0.251 66.81.0.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3432FF-EA45-4253-A130-A5C6D0DAF5B8}: NameServer = 66.81.0.251 66.81.0.252
O18 - Filter: text/html - {3345DB53-6109-4059-AFCA-24B6D4AB9E05} - C:\WINDOWS\System32\lnkkjp.dll
O18 - Filter: text/plain - {3345DB53-6109-4059-AFCA-24B6D4AB9E05} - C:\WINDOWS\System32\lnkkjp.dll

#4 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 05:20 PM

Ok in safe mode Run About:Buster.
Then Ad-Aware, i believe you know how on both because i have seen you use them above.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#5 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 05:53 PM

Looks much better -- you know, I MAY have not checked the "fix" boxes on Hijack This is safe mode the first time around. But I definitely ran your program and AdAware in safe mode this time. What's next?

#6 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 05:54 PM

OOPS!

Logfile of HijackThis v1.98.0
Scan saved at 3:51:24 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Documents and Settings\William Wallace\Local Settings\Temp\Temporary Directory 40 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [5@4QLK43RLHPN5] C:\WINDOWS\System32\Myb2YeGd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [mtxlegih] C:\WINDOWS\system32\mtxlegih.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#7 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 05:54 PM

Post a new Hijack This log :)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#8 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 05:56 PM

Logfile of HijackThis v1.98.0
Scan saved at 3:51:24 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Documents and Settings\William Wallace\Local Settings\Temp\Temporary Directory 40 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [5@4QLK43RLHPN5] C:\WINDOWS\System32\Myb2YeGd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [mtxlegih] C:\WINDOWS\system32\mtxlegih.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#9 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 06:02 PM

Alot better. Please move HijackThis.exe into C:\Hjt <- create this folder. Then start Hijack this and tick the boxes next to these items.


O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [mtxlegih] C:\WINDOWS\system32\mtxlegih.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe


Close all windows and hit fix checked. Restart your computer.

Delete

C:\Program Files\ClockSync
C:\Program Files\AutoUpdate
C:\WINDOWS\system32\mtxlegih.exe

Then download Peperfix from Here. Run it from a location such as C:\P-Fix.

Then Open Hijack this again and tick the box next to this. (if present)

O4 - HKLM\..\Run: [5@4QLK43RLHPN5] C:\WINDOWS\System32\Myb2YeGd.exe

Restart your computer and post a new Hijack This log.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#10 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 06:59 PM

C:\Program Files\ClockSync: Did not find this after fixing with HT, but deleted C:\Program Files\AutoUpdate
C:\WINDOWS\system32\mtxlegih.exe

Peperfix found nothing.

O4 - HKLM\..\Run: [5@4QLK43RLHPN5] C:\WINDOWS\System32\Myb2YeGd.exe
did show up and fixed with HT.

Logfile of HijackThis v1.98.0
Scan saved at 4:54:39 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\hjt\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Hope you're still there.

#11 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 07:14 PM

Good job looks clean. Any more problems?
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#12 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 07:19 PM

This LOOKS like something I should get rid of . . . no?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

#13 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 07:30 PM

Actually, Ducky, everything seems fine . . . I just want to get rid of those two words (the name that must not be spoken) about:blank . . . is it OK to tick those two entries off HT?

In any event, you are now god-like in my book.

RUBBER DUCKY Rocks!!!

#14 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 08:08 PM

Yes it is ok to fix those two entries :)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#15 jarujammer

jarujammer

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 July 2004 - 09:10 PM

So far so good! I've rebooted a couple of times and appear to be free for the first time in over a month!

Again, thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button