• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
mr.circles

somebody help me!!

14 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 5:13:39 PM, on 13/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Tweak-XP\blads.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Games\Angel\Angel.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Virus Protection\HiJackThis!\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#10213

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#10213

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Rishi\Application Data\winit\winit.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Rishi\Application Data\winit\ipap.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Rishi\Application Data\winit\mfchz.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

O4 - HKCU\..\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [utopia Angel] C:\Games\Angel\Angel.exe

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {31E4237F-DBCE-11D0-B716-008048B9855A} (SatTracker2.SatTracker) - http://www.coolstf.com/sattracker/sattracker.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB1BD080-B1CF-418E-8FD5-3352073BF8CF}: NameServer = 203.49.70.92 139.134.2.190

Share this post


Link to post
Share on other sites

Download dllfix from here to your desktop, double click it and extract the contents your desktop.

 

Run "start.bat" and it will show you a screen that gives you multiple options. Run Option 1 for report, which when run will show an "Info" screen.

After the search is complete, a file should pop up with the name "Output.txt." Copy and paste back to this thread please

Share this post


Link to post
Share on other sites

--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Sun 13/06/2004

05:24 PM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (9C38:5CC8) - FS:NTFS clusters:4k

Total: 120 031 477 760 [112G] - Free: 98 480 185 344 [92G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.1.2600.0 C:\WINDOWS\system32\notepad.exe

5.1.2600.0 C:\WINDOWS\notepad.exe

*Media Player version :

8.0.0.4487 C:\Program Files\Windows Media Player\wmplayer.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

 

 

Scanning for main Hijacker:

 

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}]

@="."

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}]

@="ShowSearch module"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD9BC004-8331-4457-B830-4759FF704C22}]

@=""

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/xml]

"CLSID"="{807553E5-5146-11D5-A672-00B0D022E945}"

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

Share this post


Link to post
Share on other sites

Download this zip.

 

http://tools.zerosrealm.com/pv.zip

Please unzip it to the desktop. It will not work if you run it from inside the zip.

 

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

 

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

 

 

Notepad will open with a log in it. Please copy and paste the log into this post.

Share this post


Link to post
Share on other sites

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 1000000 1015808 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Explorer

ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL

kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL

msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL

ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API

RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Procedure Call Runtime

GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL

USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL

SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library

SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll

ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft OLE for Windows

OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library

SHDOCVW.dll 769c0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object and Control Library

UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library

comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library

comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library

appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library

CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42

COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI

CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent

themeui.dll 559e0000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Theme API

Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface

MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL

USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv

msutb.dll 5fc10000 196608 C:\WINDOWS\System32\msutb.dll 5.1.2600.1106 (xpsp1.020828-1920) MSUTB Server DLL

MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF Server DLL

netapi32.dll 71c20000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL

SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL

ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell extensions for sharing

ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)

SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API

urlmon.dll 760f0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32 Extensions for Win32

NETSHELL.dll 75cf0000 1642496 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Network Connections Shell

credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Credential Manager User Interface

WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT

iphlpapi.dll 76d60000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API

LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs

CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32

MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs

IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper

msi.dll 1570000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer

rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider

WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32

mslbui.dll 605d0000 32768 C:\WINDOWS\System32\mslbui.dll 5.1.2600.1106 (xpsp1.020828-1920) LangageBar Add In

lgscroll.dll 10200000 86016 C:\Program Files\Logitech\SetPoint\lgscroll.dll

WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library

webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Web Site Monitor

stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray shell service object

BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL

POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs

WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL

wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper

rarext.dll 1fa0000 176128 C:\Program Files\WinRAR\rarext.dll

SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5

RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API

rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager

TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows Telephony API Client DLL

rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) Print UI DLL

WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver

ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL

adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL

WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL

CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL

shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library

drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager

NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes

NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL

actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library

HookDll.dll 10400000 61440 C:\Program Files\Logitech\SetPoint\HookDll.dll

comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL

browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library

MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Logon GINA DLL

ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager

odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources

DUSER.dll 6c1b0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine

msohev.dll 32560000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5207 Microsoft Office 2003 component

shmedia.dll 5cad0000 139264 C:\WINDOWS\System32\shmedia.dll 6.00.2600.0000 (xpclient.010817-1148) Media File Property Extractor Shell Extension

MSVFW32.dll 73bd0000 131072 C:\WINDOWS\System32\MSVFW32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Video for Windows DLL

AVIFIL32.dll 73b50000 86016 C:\WINDOWS\System32\AVIFIL32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft AVI File support library

msdmo.dll 3e70000 28672 C:\WINDOWS\System32\msdmo.dll

mfchz.dll 10000000 77824 C:\Documents and Settings\Rishi\Application Data\winit\mfchz.dll 1, 0, 0, 15 SearchHook Module

WMVCore.DLL 8530000 2084864 C:\WINDOWS\System32\WMVCore.DLL 9.00.00.2980 built by: lab03_dev(bld4act) Windows Media Playback/Authoring DLL

WMASF.DLL 7260000 233472 C:\WINDOWS\System32\WMASF.DLL 9.00.00.2980 built by: lab03_dev(bld4act) Windows Media ASF DLL

asfsipc.dll 70eb0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object

MSISIP.DLL 605f0000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider

wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host

MCPS.DLL 36c20000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5207 Media Catalog Proxy/Stub

Share this post


Link to post
Share on other sites

I have an idea...If JW doesn't mind.. :)

 

Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

In the upper window select explorer.exe

In the lower window find and rightclick mshp.dll

Select Unload DLL and click OK on the prompts that follow.

 

Close all windows except HijackThis and fix the lines below.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#10213

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#10213

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#10213

 

 

Reboot and scan with AdAware.

Edited by irelynnmisses

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 6:01:13 PM, on 13/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Tweak-XP\blads.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Games\Angel\Angel.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Virus Protection\HiJackThis!\HijackThis.exe

C:\Program Files\mIRC\mirc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Rishi\Application Data\winit\winit.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Rishi\Application Data\winit\ipap.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Rishi\Application Data\winit\mfchz.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

O4 - HKCU\..\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [utopia Angel] C:\Games\Angel\Angel.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {31E4237F-DBCE-11D0-B716-008048B9855A} (SatTracker2.SatTracker) - http://www.coolstf.com/sattracker/sattracker.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB1BD080-B1CF-418E-8FD5-3352073BF8CF}: NameServer = 203.49.70.92 139.134.2.190

Share this post


Link to post
Share on other sites

While Jw comes up with other ideas.. cause' he is awesome like that :D

 

You can work on this.. :)

 

Click HERE to download TheKillbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Make sure the 'Create backup before deleting file' box is checked. In the 'Paste Full Path of File to Delete' box, copy and paste this entry:

 

C:\WINDOWS\image.dll

 

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". In the window that opens up, click on the File menu and choose "Add File". The C:\WINDOWS\image.dll listing should show up in the window.

Share this post


Link to post
Share on other sites

Check these in hijackthis,THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Rishi\Application Data\winit\winit.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Rishi\Application Data\winit\ipap.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Rishi\Application Data\winit\mfchz.dll

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\javacg32.dll,Install

 

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-

C:\Documents and Settings\Rishi\Application Data\winit\ipap.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Rishi\Application Data\winit\mfchz.dll

C:\WINDOWS\javacg32.dll

 

Then Reboot and post a fresh log for me to check. Run CSW with ALL OTHER WINDOWS CLOSED

Run Ad-Aware as directed above

reboot and post new log

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 7:13:00 PM, on 13/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Tweak-XP\blads.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\ctfmon.exe

C:\Games\Angel\Angel.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Virus Protection\HiJackThis!\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [utopia Angel] C:\Games\Angel\Angel.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {31E4237F-DBCE-11D0-B716-008048B9855A} (SatTracker2.SatTracker) - http://www.coolstf.com/sattracker/sattracker.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB1BD080-B1CF-418E-8FD5-3352073BF8CF}: NameServer = 203.49.70.92 139.134.2.190

Share this post


Link to post
Share on other sites

Check these in hijackthis,THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

Then Reboot and post a fresh log for me to check.

 

If AFTER reboot you still get the missing file error run HJT>Config(button)>Misc Tool(button)>check both boxes for include empty section and minor secton(full)>Hit generate Startlist Log

Post back here

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 7:31:44 PM, on 13/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Tweak-XP\blads.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\ctfmon.exe

C:\Games\Angel\Angel.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Virus Protection\HiJackThis!\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [utopia Angel] C:\Games\Angel\Angel.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {31E4237F-DBCE-11D0-B716-008048B9855A} (SatTracker2.SatTracker) - http://www.coolstf.com/sattracker/sattracker.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB1BD080-B1CF-418E-8FD5-3352073BF8CF}: NameServer = 203.49.70.92 139.134.2.190

Share this post


Link to post
Share on other sites

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

 

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

 

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

 

More info and download is available at link in my signature

 

And also see TonyKlein's good advice in

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0