Jump to content


Photo

Help Here is my log


  • Please log in to reply
5 replies to this topic

#1 Grouse

Grouse

    Member

  • New Member
  • Pip
  • 3 posts

Posted 18 June 2004 - 10:01 PM

Logfile of HijackThis v1.97.7
Scan saved at 7:50:53 PM, on 6/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Ndh39.exe
C:\WINDOWS\System32\Ndh39.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Documents and Settings\Aaron Kimpton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZElman0f] C:\Documents and Settings\Aaron Kimpton\Local Settings\Temp\ZElman0f.exe
O4 - HKLM\..\Run: [4442EYS4BDGE63] C:\WINDOWS\System32\Fnd2oK.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [yzudmium] C:\WINDOWS\System32\iikphpva.exe
O4 - HKLM\..\Run: [3F9V33h] inflbmsg.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ioq9RTNsT] cortkprp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: ATI TV (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8119.6715162037
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

#2 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 19 June 2004 - 08:21 PM

you have a Peper infection, click HERE to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.

After it has removed the baddies, you will have to delete the 14 character start-up using HJT.

#3 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 19 June 2004 - 08:23 PM

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

And after that, please do the following:

reboot computer and post a new log

#4 Grouse

Grouse

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 June 2004 - 08:37 PM

thanks will do in about 1 hour

#5 Grouse

Grouse

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 June 2004 - 09:29 PM

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-2000478354-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-16 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi

********************************************************************


Adaware


Lavasoft Ad-aware Plus Build 6.181
Logfile created on :Saturday, June 19, 2004 7:20:21 PM
Using reference-file :01R321 19.06.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R321 19.06.2004
Internal build : 253
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1251433 Bytes
Signature data size : 1231085 Bytes
Reference data size : 20284 Bytes
Signatures total : 27408
Target categories : 10
Target families : 500

Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:81 %
Total physical memory:1048036 kb
Available physical memory:847352 kb
Total page file size:1997192 kb
Available on page file:1917740 kb
Total virtual memory:2097024 kb
Available virtual memory:2054712 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Skip non executable files
Set : Skip files larger than 999999 KB
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


6-19-2004 7:20:21 PM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-20-2004 2:17:25 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:30 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:31 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 6/12/2004 11:32:17 PM
Last modified : 3/31/2003 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:31 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 6/12/2004 11:32:17 PM
Last modified : 3/31/2003 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:32 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 6/12/2004 11:32:19 PM
Last modified : 3/31/2003 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:32 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 6/12/2004 11:32:19 PM
Last modified : 3/31/2003 12:00:00 PM

#:7 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-20-2004 2:17:37 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 6/13/2004 12:07:13 AM
Last modified : 3/31/2003 12:00:00 PM

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-20-2004 2:17:39 AM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 5/12/2003 4:12:10 AM
Last accessed : 6/13/2004 12:55:24 AM
Last modified : 5/12/2003 4:12:10 AM

#:9 [spybotsd.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 6-20-2004 2:19:59 AM
BasePriority : Normal
FileSize : 3855 KB
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpyBotSD
OriginalFilename : SpyBotSD.exe
ProductName : SpyBot-S&D
Created on : 5/12/2004 8:03:00 AM
Last accessed : 6/11/2004 7:16:00 AM
Last modified : 5/12/2004 8:03:00 AM

#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 6-20-2004 2:20:11 AM
BasePriority : Normal
FileSize : 671 KB
FileVersion : 6.0.1.182
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/13/2004 7:11:38 AM
Last accessed : 6/12/2004 11:34:16 PM
Last modified : 7/13/2003 5:01:14 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : File
Data : aad.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 309 KB
Created on : 6/19/2004 9:08:00 PM
Last accessed : 6/19/2004 9:08:00 PM
Last modified : 6/18/2004 3:07:37 PM



VX2.BetterInternet Object recognized!
Type : File
Data : araamon.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 309 KB
Created on : 6/20/2004 2:17:37 AM
Last accessed : 6/20/2004 2:17:37 AM
Last modified : 6/18/2004 3:07:37 PM



VX2.BetterInternet Object recognized!
Type : File
Data : avaamon.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 309 KB
Created on : 6/19/2004 11:16:27 PM
Last accessed : 6/19/2004 11:16:27 PM
Last modified : 6/18/2004 3:07:37 PM



VX2.BetterInternet Object recognized!
Type : File
Data : awiyuv12.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 309 KB
Created on : 6/19/2004 9:18:56 PM
Last accessed : 6/19/2004 9:18:56 PM
Last modified : 6/18/2004 3:07:37 PM



VX2.BetterInternet Object recognized!
Type : File
Data : azstream.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 309 KB
Created on : 6/19/2004 9:10:16 PM
Last accessed : 6/19/2004 9:10:16 PM
Last modified : 6/18/2004 3:07:37 PM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 5


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
11 entries scanned.
New objects :0
Objects found so far: 5




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 5


7:23:34 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:03:12:922
Objects scanned :127582
Objects identified :5
Objects ignored :0
New objects :5

*****************************************************************

Hyjack this

Logfile of HijackThis v1.97.7
Scan saved at 7:25:24 PM, on 6/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Aaron Kimpton\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: ATI TV (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

#6 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 20 June 2004 - 04:06 AM

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.



Please make sure to run CWShredder in safe mode .
how to use cwshredder'
http://www.bleepingc...showtutorial=47


Then do this '
Can you download the following app & run it, making sure to have one internet exploder window open. Save the log & paste the results back here.
VX2Finder

Also post a new hijackthis log thanks

Edited by billiebob, 20 June 2004 - 03:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button