Jump to content


Photo

BHO DLL - atlgd.dll


  • Please log in to reply
1 reply to this topic

#1 Prancor

Prancor

    Member

  • New Member
  • Pip
  • 1 posts

Posted 10 July 2004 - 12:49 AM

Hi,

This is my HijackThis log, I followed the instructions on how to get rid of the hijacking of my browser. I have a BHO log item that was not on the Browser Hijackings section list so I'm not sure if I should delete it or leave it alone. Please let me know if it is one of the ones I should removeThanks for the help in advance.
Cheers,
Prancor

Logfile of HijackThis v1.98.0
Scan saved at 1:50:09 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\apiar.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mfckw.exe
C:\WINDOWS\System32\hxbsur.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Chijoke Mgbokwere\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pavcw.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://pavcw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://pavcw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pavcw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pavcw.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://pavcw.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - C:\WINDOWS\atlgd.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mfckw.exe] C:\WINDOWS\mfckw.exe
O4 - HKLM\..\Run: [tnokvvuud] C:\WINDOWS\System32\hxbsur.exe
O4 - HKLM\..\RunOnce: [ieua.exe] C:\WINDOWS\system32\ieua.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [apphd.exe] C:\WINDOWS\apphd.exe
O4 - HKLM\..\RunOnce: [d3ag32.exe] C:\WINDOWS\system32\d3ag32.exe
O4 - HKLM\..\RunOnce: [netnp32.exe] C:\WINDOWS\system32\netnp32.exe
O4 - HKLM\..\RunOnce: [javakr32.exe] C:\WINDOWS\javakr32.exe
O4 - HKLM\..\RunOnce: [javalh32.exe] C:\WINDOWS\system32\javalh32.exe
O4 - HKLM\..\RunOnce: [msbr32.exe] C:\WINDOWS\system32\msbr32.exe
O4 - HKLM\..\RunOnce: [mfckn32.exe] C:\WINDOWS\system32\mfckn32.exe
O4 - HKLM\..\RunOnce: [ntyi.exe] C:\WINDOWS\system32\ntyi.exe
O4 - HKLM\..\RunOnce: [d3di32.exe] C:\WINDOWS\system32\d3di32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF5017E-C91A-413C-ADD8-BFC3641A74AD}: NameServer = 151.164.1.8 151.164.30.105

#2 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 10 July 2004 - 12:33 PM

Download About:Buster from Here

http://www.downloads...AboutBuster.zip

Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Post the report and a new Hijack this log here.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button