trojan?

Status
Not open for further replies.
G

GameGURU

Fully Optimized
Messages
3,543
Ok i was just browsing through some news things on my internet and a i got a trojan downloader. I cant fix it through my Ad-Aware or spyware, nor avg, norton, or panda...it is insane. Alot of stupid and silly pop-ups, browser hijacks bla bla bla. Please help...

Here is Hijak this results:
Logfile of HijackThis v1.97.7
Scan saved at 9:49:04 PM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\d3ls.exe
C:\WINDOWS\system32\mfcfs32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Documents and Settings\SpaceMoose\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lifmx.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lifmx.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lifmx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lifmx.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lifmx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lifmx.dll/sp.html#96676
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SpaceMoose\Application Data\Mozilla\Profiles\default\8r78no3a.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B796330F-1896-180C-7DA0-0653EAC8A2E4} - C:\WINDOWS\system32\mfccx32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntnc.exe] C:\WINDOWS\system32\ntnc.exe
O4 - HKLM\..\Run: [mfcfs32.exe] C:\WINDOWS\system32\mfcfs32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/downplug.cab
 
Trojans are a pain in the butt. What I always do is uninstall all of the unwanted programs that it installed, then do a system restore. It always works for me.
 
only prob is...my system restore has been damaged by this one so that is out the window...
 
Hi GameGURU

Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button.


O4 - HKLM\..\Run: [ntnc.exe] C:\WINDOWS\system32\ntnc.exe
O4 - HKLM\..\Run: [mfcfs32.exe] C:\WINDOWS\system32\mfcfs32.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/downplug.cab
--------------------------------------------------------------------


Download About:Buster from here:

http://www.downloads.subratam.org/AboutBuster.zip

Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!!

Run AboutBuster.exe, click ok, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log.

Reboot and post a new HijackThis log along with the two reports from About:Buster.

Lobos
 
ok: hijack this:
Logfile of HijackThis v1.98.0
Scan saved at 12:01:43 AM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcfs32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
c:\hijackthis\hijackthis.exe
C:\WINDOWS\system32\d3ls.exe
C:\Documents and Settings\SpaceMoose\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SpaceMoose\Application Data\Mozilla\Profiles\default\8r78no3a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7738D4CE-735C-6768-041D-713E7E2F8E97} - C:\WINDOWS\system32\sdkkn.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {E118F9B6-686E-47CF-3507-F787ADEDD0FF} - C:\WINDOWS\appla.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mfcfs32.exe] C:\WINDOWS\system32\mfcfs32.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [FSS_3D20.exe] cmd /c del "C:\DOCUME~1\SPACEM~1\LOCALS~1\Temp\Download Manager\FSS_3D20.exe"
O4 - HKLM\..\RunOnce: [FSS_3D20Wizards.exe] cmd /c del "C:\DOCUME~1\SPACEM~1\LOCALS~1\Temp\Download Manager\FSS_3D20Wizards.exe"
O4 - HKLM\..\RunOnce: [SerifFontPack.exe] cmd /c del "C:\DOCUME~1\SPACEM~1\LOCALS~1\Temp\Download Manager\SerifFontPack.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

about buster scan 1:
-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\apilks.dat
Removed! : C:\WINDOWS\avnzqd.dat
Removed! : C:\WINDOWS\clgchc.dat
Removed! : C:\WINDOWS\dhvupi.dat
Removed! : C:\WINDOWS\dnega.dat
Removed! : C:\WINDOWS\dottan.dat
Removed! : C:\WINDOWS\ezymup.dat
Removed! : C:\WINDOWS\fmehdm.dat
Removed! : C:\WINDOWS\gvtqes.dat
Removed! : C:\WINDOWS\himaij.dat
Removed! : C:\WINDOWS\hpkgqx.dat
Removed! : C:\WINDOWS\jlymyq.dat
Removed! : C:\WINDOWS\jtlysm.dat
Removed! : C:\WINDOWS\jtztj.dat
Removed! : C:\WINDOWS\jtztj.dll
Removed! : C:\WINDOWS\klbogk.dat
Removed! : C:\WINDOWS\lifmx.dat
Removed! : C:\WINDOWS\lifmx.dll
Removed! : C:\WINDOWS\nbuzdy.dat
Removed! : C:\WINDOWS\nmufge.dat
Removed! : C:\WINDOWS\nqibsh.dat
Removed! : C:\WINDOWS\n_kwrhea.dat
Removed! : C:\WINDOWS\qeorbm.dat
Removed! : C:\WINDOWS\qvglln.dat
Removed! : C:\WINDOWS\teaaj.dat
Removed! : C:\WINDOWS\uvwkos.dat
Removed! : C:\WINDOWS\vairbo.dat
Removed! : C:\WINDOWS\wemtoe.dat
Removed! : C:\WINDOWS\wuegd.dll
Removed! : C:\WINDOWS\xivtkh.dat
Removed! : C:\WINDOWS\zbxqpx.dat
Removed! : C:\WINDOWS\System32\cklkn.dat
Error Removing! : C:\WINDOWS\System32\d3ls.exe
Removed! : C:\WINDOWS\System32\egjal.dll
Removed! : C:\WINDOWS\System32\mfccx32.dll
Removed! : C:\WINDOWS\System32\okdti.dat
Removed! : C:\WINDOWS\System32\rtpeo.dat
Removed! : C:\WINDOWS\System32\sdkkn.dll
Removed! : C:\WINDOWS\System32\vjzet.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

about buster scan 2:
-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\jlymyq.dat
Removed! : C:\WINDOWS\zbrprg.dat
Error Removing! : C:\WINDOWS\System32\d3ls.exe
Removed! : C:\WINDOWS\System32\sdkkn.dll
Removed! : C:\WINDOWS\System32\sysmu32.exe
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Pages Reset... Done!
 
it's looking better


press

Ctrl - alt - del scroll down to this process . right click on it and click end process

d3ls.exe


Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button.



R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7738D4CE-735C-6768-041D-713E7E2F8E97} - C:\WINDOWS\system32\sdkkn.dll (file missing)
O2 - BHO: (no name) - {E118F9B6-686E-47CF-3507-F787ADEDD0FF} - C:\WINDOWS\appla.dll
O4 - HKLM\..\Run: [mfcfs32.exe] C:\WINDOWS\system32\mfcfs32.exe
O4 - HKLM\..\RunOnce: [FSS_3D20.exe] cmd /c del "C:\DOCUME~1\SPACEM~1\LOCALS~1\Temp\Download Manager\FSS_3D20.exe"
O4 - HKLM\..\RunOnce: [FSS_3D20Wizards.exe] cmd /c del "C:\DOCUME~1\SPACEM~1\LOCALS~1\Temp\Download Manager\FSS_3D20Wizards.exe"

Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!!

Run AboutBuster.exe, click ok, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log.

Reboot and post a new HijackThis log along with the two reports from About:Buster.

and let me know how your computer is running

Lobos
 
about buster scan 1:
-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\anslb.dll
Removed! : C:\WINDOWS\grcne.dat
Removed! : C:\WINDOWS\hkhpo.dat
Removed! : C:\WINDOWS\jlymyq.dat
Removed! : C:\WINDOWS\kpxks.dll
Removed! : C:\WINDOWS\mfwbvz.dat
Removed! : C:\WINDOWS\ptztv.dat
Removed! : C:\WINDOWS\sysqp32.dll
Removed! : C:\WINDOWS\System32\qmfof.dat
Removed! : C:\WINDOWS\System32\sdkti.exe
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

about 2:
-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\System32\ncipo.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

hijthis:Logfile of HijackThis v1.98.0
Scan saved at 2:14:36 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\mfcfs32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Documents and Settings\SpaceMoose\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\SpaceMoose\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SpaceMoose\Application Data\Mozilla\Profiles\default\8r78no3a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57FC7057-0054-4F46-DA9A-64939906284A} - C:\WINDOWS\system32\addhy.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mfcfs32.exe] C:\WINDOWS\system32\mfcfs32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
 
Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {57FC7057-0054-4F46-DA9A-64939906284A} - C:\WINDOWS\system32\addhy.dll (file missing)


-----------------------------------------------------------------------------------------------------------------------------------

You look clean hows your browser

Lobos
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
C
Hacked by malware
2
Replies
10
Views
8K
PP Mguire
PP Mguire
Back
Top Bottom