|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
HT Assistance?
Heres the log (came out double spaced):
C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SIHSTECH\FOLDERLOCK\FLDRLOCK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE D:\APPZ\EVIDENCE ELIMINATOR\EVIDENCE ELIMINATOR\EE.EXE C:\WINDOWS\SYSTEM\KHOOKER.EXE C:\WINDOWS\SYSTEM\CHTVINIT.EXE C:\WINDOWS\SYSTEM\HPZTSB03.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\PROXOMITRON NAOKO-4\PROXOMITRON.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatsfind.com/page.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TOAST.net R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080 O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [_flbinaryfile_] c:\program files\sihstech\folderlock\fldrlock.exe O4 - HKLM\..\Run: [Evidence Eliminator] D:\APPZ\EVIDENCE ELIMINATOR\EVIDENCE ELIMINATOR\ee.exe /m O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe O4 - HKLM\..\Run: [ChrontelInitTV] CHTVINIT.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [_flbinaryfile_] c:\program files\sihstech\folderlock\fldrlock.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE" O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF3 2.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toast.net/start/ O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab O16 - DPF: {BA549C46-AD38-11D7-A476-00D0590EC9DE} (SiS_OCX98 Control) - http://www.sis.com/support/chipdetec...todetect98.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...882.7754282407 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB Thanks. |
#2
|
|||
|
|||
Hi
What was the problem ? |
#3
|
|||
|
|||
The browser tries to go to http://www.whatsfind.com/page.html . It doesnt because I have that site blocked, but still it tries to and I cant change the homepage.
|
#4
|
|||
|
|||
Run "CWshreader" and let us know what develops.
Then run hjt and remove these R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatsfind.com/page.html O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 Last edited by Pancake; July 5th, 2004 at 08:42 AM. |
#5
|
|||
|
|||
CWShredder said the whatsfind.com thing wasnt found.
Then I erased the files you said and it appears to be working now. Thanks. |
#6
|
|||
|
|||
Ok.Let us know if you have anymore problems.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Assistance please | The Dude | Windows 98 | 2 | October 29th, 2011 12:11 AM |
In need of assistance | Domagoj | Hardware | 5 | September 11th, 2011 12:04 AM |
Need assistance with HJT log | Pado | Malware Removal | 3 | February 16th, 2007 01:38 PM |
Assistance Please | irconfused | Malware Removal | 37 | March 29th, 2006 09:29 PM |
I need some assistance... | Gretzky1999 | Malware Removal | 15 | July 27th, 2005 02:28 AM |
All times are GMT +1. The time now is 02:52 AM.