|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
April 14th, 2004, 05:37 AM
|
|||
|
|||
Help Needed Please
I close all windows ans IE but everytime I restart my computer it comes back. What am I doing wrong??
Thanks in Advance. Logfile of HijackThis v1.97.7 Scan saved at 7:36:44 PM, on 14/04/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\jushed32.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\DAP\DAP.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O10 - Broken Internet access because of LSP provider 'imon.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4FA9B746-F9FD-4BBB-ACE0-65C9E6B4312A}: NameServer = 203.24.105.2 203.24.105.8 |
|
#2
April 14th, 2004, 05:50 AM
|
||||
|
||||
|
Re: Help Needed Please
enjoy search is a cws site so
First download CWshredder from http://www.wilderssecurity.com/showthread.php?t=14086 then Run it Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing. Now as CWS installs via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended. then reboot & see if that cures it
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#3
April 14th, 2004, 07:25 AM
|
|||
|
|||
|
Re: Help Needed Please
Thanks for helping out but no it did not fix the problem. I have tried fixing the problem with Spybot, HJT, Shredder and Adaware6. What else can I do??
Thanks in Advance. |
|
#4
April 14th, 2004, 07:28 AM
|
||||
|
||||
|
Re: Help Needed Please
Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip, unzip it to the desktop.
Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat. Notepad will open with a log in it copy that log back here in this thread and we can check if you have the new version that cwshreder doesn't yet remove and also post a new hijackthis log then we can sort out a fix for you
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#5
April 14th, 2004, 08:12 AM
|
|||
|
|||
|
Re: Help Needed Please
Thank You for taking the time out to help me. Much appreciated. The list is below from that Program.
alg.exe 1312 C:\WINDOWS\System32\alg.exe Application Layer Gateway Service 5.1.2600.1106. © Microsoft Corporation. All rights reserved. Ati2evxx.exe 1336 C:\WINDOWS\System32\Ati2evxx.exe Ati2evxx.exe atiptaxx.exe 472 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ATI Desktop Control Panel 6.14.10.4029. Copyright (C) 1998-2002 ATI Technologies Inc. csrss.exe 528 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process 5.1.2600.0. © Microsoft Corporation. All rights reserved. CTLTask.exe 1724 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe Creative Taskbar 1.00.00.32. Copyright (c) Creative Technology Ltd. 2001 CTLTray.exe 1692 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe Creative TaskTray 1.00.00.24. Copyright (c) Creative Technology Ltd. 2001 CtNotify.exe 872 C:\Program Files\Creative\ShareDLL\CtNotify.exe Disc Detector 2.0. Copyright (c) Creative Technology Ltd. 2001 CTPlay2.exe 2364 C:\Program Files\Creative\SBAudigy\PlayCenter2\CTPlay2.exe Creative PlayCenter 3.00.22.0. Copyright (c) Creative Technology Ltd. 2001 CTsvcCDA.EXE 1360 C:\WINDOWS\System32\CTsvcCDA.EXE Creative Service for CDROM Access 1.0.0.0. Copyright (c) Creative Technology Ltd., 1999. All rights reserved. DAP.EXE 1052 C:\PROGRA~1\DAP\DAP.EXE Download Accelerator Plus 5, 0, 0, 1. Copyright (C) 1999 - 2001 SpeedBit Ltd EasyShare.exe 1772 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe Kodak EasyShare software 3, 1, 0, 66. Copyright © Eastman Kodak Company 2002 em_exec.exe 1484 C:\Program Files\Logitech\MouseWare\system\em_exec.exe Logitech Events Handler Application 9.75.302. (C) 1987-2002 Logitech. All rights reserved. eraser.exe 1504 C:\Program Files\Eraser\eraser.exe Eraser. 5.7. Copyright © 2002-2003 Garrett Trant. Explorer.EXE 336 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved. iexplore.exe 2708 C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved. iTouch.exe 524 C:\Program Files\Logitech\iTouch\iTouch.exe iTouch Application 2.15.264. (C) 1998-2002 Logitech. All rights reserved. jushed32.exe 1248 C:\WINDOWS\jushed32.exe jushed32.exe LEXBCES.EXE 1112 C:\WINDOWS\system32\LEXBCES.EXE LexBce Service 8.19. (C) 1993 - 2003 Lexmark International, Inc. LEXPPS.EXE 1204 C:\WINDOWS\system32\LEXPPS.EXE LEXPPS.EXE 8.19. (C) 1993 - 2003 Lexmark International, Inc. lsass.exe 612 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) 5.1.2600.1106. © Microsoft Corporation. All rights reserved. lxbfbmgr.exe 856 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe Lexmark X6100 Series Button Manager 0.1.25.0. (C) 2002 Lexmark International, Inc. lxbfbmon.exe 1388 C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe Lexmark X6100 Series Button Monitor 0.1.25.0. (C) 2002 Lexmark International, Inc. MediaDet.Exe 1508 C:\Program Files\Creative\ShareDLL\MediaDet.Exe Disc Detector 2.00. Copyright (c) Creative Technology Ltd. 2001 MsPMSPSv.exe 1640 C:\WINDOWS\System32\MsPMSPSv.exe WMDM PMSP Service 7.00.00.1954. Copyright (C) Microsoft Corp. 1981-2000 nod32krn.exe 1436 C:\Program Files\Eset\nod32krn.exe nod32krn.exe nod32kui.exe 888 C:\Program Files\Eset\nod32kui.exe nod32kui.exe PrcView.exe 3656 C:\Documents and Settings\Andrew P\Desktop\PrcView.exe Process Viewer Application 3.7.3.1. Developed by Igor Nys, 1995-2003 ScsiAccess.EXE 1492 C:\WINDOWS\System32\ScsiAccess.EXE ScsiAccess.EXE services.exe 600 C:\WINDOWS\system32\services.exe Services and Controller app 5.1.2600.0. © Microsoft Corporation. All rights reserved. smss.exe 480 C:\WINDOWS\System32\smss.exe Windows NT Session Manager 5.1.2600.1106. © Microsoft Corporation. All rights reserved. spoolsv.exe 1168 C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 792 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 828 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 912 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 936 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 1516 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. vsmon.exe 1572 C:\WINDOWS\system32\ZoneLabs\vsmon.exe TrueVector Service 4.5.594.000. Copyright © 1998-2003, Zone Labs Inc. winlogon.exe 552 C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application 5.1.2600.1106. © Microsoft Corporation. All rights reserved. zlclient.exe 1076 C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe Zone Labs Client 4.5.594.000. Copyright © 1998-2003, Zone Labs Inc. |
|
#6
April 14th, 2004, 08:44 AM
|
||||
|
||||
|
Re: Help Needed Please
Hi Slayer,
I think something went wrong. When you doubleclick runme.bat you will get a screen with a few options. Choose option 2 while you have one IE window open and click Enter. The txt file that gets made then is the one we need. Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#7
April 15th, 2004, 03:49 AM
|
|||
|
|||
|
Re: Help Needed Please
Ok sorry about that. This is what I got..
Module information for 'iexplore.exe' MODULE BASE SIZE PATH iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll LgWndHk.dll 10000000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll DAPIEBar.dll d00000 344064 C:\Program Files\DAP\DAPIEBar.dll comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV AcroIEHelper.ocx d70000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll crtv2_32.dll ee0000 32768 C:\WINDOWS\System32\crtv2_32.dll shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll dapie.dll f00000 180224 C:\PROGRA~1\DAP\dapie.dll mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll imon.dll 20b00000 225280 C:\WINDOWS\System32\imon.dll NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll iTchHk.dll 1600000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll msi.dll 1860000 2101248 C:\WINDOWS\System32\msi.dll LgMsgHk.dll 1b80000 45056 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll iphlpapi.dll 76d60000 94208 C:\WINDOWS\System32\iphlpapi.dll winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll kbdhook.dll 1bc0000 28672 C:\Program Files\Logitech\iTouch\kbdhook.dll mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll Module information for 'iexplore.exe' MODULE BASE SIZE PATH iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll LgWndHk.dll 10000000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll DAPIEBar.dll d00000 344064 C:\Program Files\DAP\DAPIEBar.dll comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV AcroIEHelper.ocx d70000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll crtv2_32.dll ee0000 32768 C:\WINDOWS\System32\crtv2_32.dll shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll dapie.dll f00000 180224 C:\PROGRA~1\DAP\dapie.dll mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll imon.dll 20b00000 225280 C:\WINDOWS\System32\imon.dll NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll iTchHk.dll 1640000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll msi.dll 1880000 2101248 C:\WINDOWS\System32\msi.dll LgMsgHk.dll 1660000 45056 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll |
|
#8
April 15th, 2004, 04:09 AM
|
||||
|
||||
|
Re: Help Needed Please
Nothing showing there
I have sen this fix work Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406 then as some of the files or folders you need to delete may be hidden do this: Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" Delete these files C:\WINDOWS\jushed32.exe for some reason the jushed32.exe file doesn't show in hjt log until you have fixed the infection a couple of times with shredder
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#9
April 15th, 2004, 04:35 AM
|
|||
|
|||
|
Re: Help Needed Please
It worked. Thank You very much. You are a legend.
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
