Help Needed Please

Discussion in 'adware, spyware & hijack cleaning' started by Slayer, Apr 14, 2004.

Thread Status:
Not open for further replies.
  1. Slayer

    Slayer Guest

    I close all windows ans IE but everytime I restart my computer it comes back. What am I doing wrong??

    Thanks in Advance.


    Logfile of HijackThis v1.97.7
    Scan saved at 7:36:44 PM, on 14/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\jushed32.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
    O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4FA9B746-F9FD-4BBB-ACE0-65C9E6B4312A}: NameServer = 203.24.105.2 203.24.105.8
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    enjoy search is a cws site so

    First download CWshredder from https://www.wilderssecurity.com/showthread.php?t=14086 then Run it
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.

    Now as CWS installs via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    then reboot & see if that cures it
     
  3. Slayer

    Slayer Guest

    Thanks for helping out but no it did not fix the problem. I have tried fixing the problem with Spybot, HJT, Shredder and Adaware6. What else can I do??
    Thanks in Advance.
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip, unzip it to the desktop.
    Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.
    Notepad will open with a log in it

    copy that log back here in this thread and we can check if you have the new version that cwshreder doesn't yet remove and also post a new hijackthis log

    then we can sort out a fix for you
     
  5. Slayer

    Slayer Guest

    Thank You for taking the time out to help me. Much appreciated. The list is below from that Program.



    alg.exe 1312 C:\WINDOWS\System32\alg.exe Application Layer Gateway Service 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
    Ati2evxx.exe 1336 C:\WINDOWS\System32\Ati2evxx.exe Ati2evxx.exe
    atiptaxx.exe 472 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ATI Desktop Control Panel 6.14.10.4029. Copyright (C) 1998-2002 ATI Technologies Inc.
    csrss.exe 528 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    CTLTask.exe 1724 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe Creative Taskbar 1.00.00.32. Copyright (c) Creative Technology Ltd. 2001
    CTLTray.exe 1692 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe Creative TaskTray 1.00.00.24. Copyright (c) Creative Technology Ltd. 2001
    CtNotify.exe 872 C:\Program Files\Creative\ShareDLL\CtNotify.exe Disc Detector 2.0. Copyright (c) Creative Technology Ltd. 2001
    CTPlay2.exe 2364 C:\Program Files\Creative\SBAudigy\PlayCenter2\CTPlay2.exe Creative PlayCenter 3.00.22.0. Copyright (c) Creative Technology Ltd. 2001
    CTsvcCDA.EXE 1360 C:\WINDOWS\System32\CTsvcCDA.EXE Creative Service for CDROM Access 1.0.0.0. Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
    DAP.EXE 1052 C:\PROGRA~1\DAP\DAP.EXE Download Accelerator Plus 5, 0, 0, 1. Copyright (C) 1999 - 2001 SpeedBit Ltd
    EasyShare.exe 1772 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe Kodak EasyShare software 3, 1, 0, 66. Copyright © Eastman Kodak Company 2002
    em_exec.exe 1484 C:\Program Files\Logitech\MouseWare\system\em_exec.exe Logitech Events Handler Application 9.75.302. (C) 1987-2002 Logitech. All rights reserved.
    eraser.exe 1504 C:\Program Files\Eraser\eraser.exe Eraser. 5.7. Copyright © 2002-2003 Garrett Trant.
    Explorer.EXE 336 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
    iexplore.exe 2708 C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
    iTouch.exe 524 C:\Program Files\Logitech\iTouch\iTouch.exe iTouch Application 2.15.264. (C) 1998-2002 Logitech. All rights reserved.
    jushed32.exe 1248 C:\WINDOWS\jushed32.exe jushed32.exe
    LEXBCES.EXE 1112 C:\WINDOWS\system32\LEXBCES.EXE LexBce Service 8.19. (C) 1993 - 2003 Lexmark International, Inc.
    LEXPPS.EXE 1204 C:\WINDOWS\system32\LEXPPS.EXE LEXPPS.EXE 8.19. (C) 1993 - 2003 Lexmark International, Inc.
    lsass.exe 612 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
    lxbfbmgr.exe 856 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe Lexmark X6100 Series Button Manager 0.1.25.0. (C) 2002 Lexmark International, Inc.
    lxbfbmon.exe 1388 C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe Lexmark X6100 Series Button Monitor 0.1.25.0. (C) 2002 Lexmark International, Inc.
    MediaDet.Exe 1508 C:\Program Files\Creative\ShareDLL\MediaDet.Exe Disc Detector 2.00. Copyright (c) Creative Technology Ltd. 2001
    MsPMSPSv.exe 1640 C:\WINDOWS\System32\MsPMSPSv.exe WMDM PMSP Service 7.00.00.1954. Copyright (C) Microsoft Corp. 1981-2000
    nod32krn.exe 1436 C:\Program Files\Eset\nod32krn.exe nod32krn.exe
    nod32kui.exe 888 C:\Program Files\Eset\nod32kui.exe nod32kui.exe
    PrcView.exe 3656 C:\Documents and Settings\Andrew P\Desktop\PrcView.exe Process Viewer Application 3.7.3.1. Developed by Igor Nys, 1995-2003
    ScsiAccess.EXE 1492 C:\WINDOWS\System32\ScsiAccess.EXE ScsiAccess.EXE
    services.exe 600 C:\WINDOWS\system32\services.exe Services and Controller app 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    smss.exe 480 C:\WINDOWS\System32\smss.exe Windows NT Session Manager 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
    spoolsv.exe 1168 C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    svchost.exe 792 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    svchost.exe 828 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    svchost.exe 912 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    svchost.exe 936 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    svchost.exe 1516 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
    vsmon.exe 1572 C:\WINDOWS\system32\ZoneLabs\vsmon.exe TrueVector Service 4.5.594.000. Copyright © 1998-2003, Zone Labs Inc.
    winlogon.exe 552 C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
    zlclient.exe 1076 C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe Zone Labs Client 4.5.594.000. Copyright © 1998-2003, Zone Labs Inc.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Slayer,

    I think something went wrong. When you doubleclick runme.bat you will get a screen with a few options. Choose option 2 while you have one IE window open and click Enter.

    The txt file that gets made then is the one we need.

    Regards,

    Pieter
     
  7. Slayer

    Slayer Guest

    Ok sorry about that. This is what I got..



    Module information for 'iexplore.exe'
    MODULE BASE SIZE PATH
    iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    LgWndHk.dll 10000000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    DAPIEBar.dll d00000 344064 C:\Program Files\DAP\DAPIEBar.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV
    AcroIEHelper.ocx d70000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    crtv2_32.dll ee0000 32768 C:\WINDOWS\System32\crtv2_32.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    dapie.dll f00000 180224 C:\PROGRA~1\DAP\dapie.dll
    mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    imon.dll 20b00000 225280 C:\WINDOWS\System32\imon.dll
    NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll
    iTchHk.dll 1600000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    msi.dll 1860000 2101248 C:\WINDOWS\System32\msi.dll
    LgMsgHk.dll 1b80000 45056 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll
    iphlpapi.dll 76d60000 94208 C:\WINDOWS\System32\iphlpapi.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    kbdhook.dll 1bc0000 28672 C:\Program Files\Logitech\iTouch\kbdhook.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll
    Module information for 'iexplore.exe'
    MODULE BASE SIZE PATH
    iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    LgWndHk.dll 10000000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    DAPIEBar.dll d00000 344064 C:\Program Files\DAP\DAPIEBar.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV
    AcroIEHelper.ocx d70000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    crtv2_32.dll ee0000 32768 C:\WINDOWS\System32\crtv2_32.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    dapie.dll f00000 180224 C:\PROGRA~1\DAP\dapie.dll
    mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    imon.dll 20b00000 225280 C:\WINDOWS\System32\imon.dll
    NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    iTchHk.dll 1640000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    msi.dll 1880000 2101248 C:\WINDOWS\System32\msi.dll
    LgMsgHk.dll 1660000 45056 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL
    msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll
    actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Nothing showing there

    I have sen this fix work
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html


    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\jushed32.exe

    for some reason the jushed32.exe file doesn't show in hjt log until you have fixed the infection a couple of times with shredder
     
  9. Slayer

    Slayer Guest

    It worked. Thank You very much. You are a legend.
     
Thread Status:
Not open for further replies.