Jump to content


Photo
- - - - -

What is causing this???


  • This topic is locked This topic is locked
73 replies to this topic

#21 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 03 February 2006 - 10:28 AM

YESSS! When I first got this virus I did an ad-aware scan, and maybe another and it deleted parts of the c:\WINDOWS\SYSTEM\dgprpsetup.exe program and I think I got rid of the rest. That's when all this got crazy!

I installed the MSconfig cleanup program but never used it because it said on win98 it doesn't let you choose which ones to delete from startup, that it only deletes all the unchecked and I didn't want to do that!

So is c:\WINDOWS\SYSTEM\dgprpsetup.exe the culprit? Ooops!

As far as howiper.exe.. I don't think I deleted that one, but for some reason I identified that I may have that virus from research... I can't remember now, maybe I did.

So what should I do now?

#22 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 February 2006 - 10:36 AM

Can you do the following to ensure those last files are gone
Open killbox.exe
Go to TOOLS>>Delete Temp files
Select "Delete file on Reboot " option
In the "Full path of File to Delete" copy and paste the full entry below in bold

c:\WINDOWS\SYSTEM\howiper.exe

Then click the Red Circle with the White X
Allow to make delete on reboot
Don't worry about no file found messages
Don't Reboot yet

Carry on with the same instructions in killbox with the rest of these

c:\WINDOWS\SYSTEM\dgprpsetup.exe
C:\WINDOWS\SYSTEM\CSNMV.EXE
C:\WINDOWS\SYSTEM\DMVVS.EXE


When you've entered the last path to the file
Allow the computer to reboot
Or Reboot manually
Don't worry about any error messages

The rest of the instructions:
I just mentioned what I wanted you to do in my last post
Can you go to MSConfig and enable everything on startup

I would uninstall McAfee's
Enter Startpage guard and disable it

Post back a fresh hijackthis log afterwards

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#23 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 03 February 2006 - 10:57 AM

Ooops, yes, I did an ad-aware scan and maybe another and it deleted part of the dgprpsetup.exe virus and I got rid of the rest. I'm not sure about howiper.exe, but for some reason I identified as having it.

I installed but never ran the MSconfig cleanup program...

So, what should I do now?

Sorry, I was looking for my last post and didn't realize it was on the second page so I re-posted it.. sorry... I will do as you asked, but I have to run out for a bit... Thanks so much!

#24 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 February 2006 - 11:04 AM

Are you sure of the howiper.exe spelling?
I just want to make sure

FixWareout has been updated to fix hwiper.exe but not howiper.exe
It already pegs dgprpsetup.exe

Let me try something, I'm going to add to the fix and upload it for you
See if the edited fix helps

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#25 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 February 2006 - 11:24 AM

Okay, can you do the following if you didn't start the last set of instructions yet

Delete FixWareout.exe and go to C:\fixwareout <-Delete this folder please

Next: From below, Save the zip file
UNZIP the folder within to your C:\ drive so you now again have
C:\fixwareout

Open the fixwareout folder and double click on fixit.bat
Follow the prompts

Post a fresh hijackthis log afterwards and the new log from Fixwareout

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#26 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 04 February 2006 - 01:56 AM

No, I didn't start the last set of instrcutions, so I did like you asked... and again I can't find these .exe files:

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pgkmd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...
C:\WINDOWS\SYSTEM\CSFFD.EXE
C:\WINDOWS\SYSTEM\DMKGP.EXE

Misc files


Logfile of HijackThis v1.99.1
Scan saved at 2:53:03 AM, on 2/4/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
C:\WINDOWS\IPCONFIG.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\MK9908.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CHotKey] mk9908.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .aiff: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab

#27 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 04 February 2006 - 02:27 AM

How is everything?

Sorry, I'm at a loss
I can't find anyone with your the problems your having
I still say it's interference
I believe you will have to go back and do what I suggested

Which includes uninstalling McAfee's

Enabling EVERYTHING on startup
Truthfully, I don't even usually work on a log unless everything is enabled on startup
This is a big reason why

Enter Startpage guard and disable it the protections, but don't use msconfig

Post back a fresh hijackthis log afterwards

Also, Click on Start, then Settings, and then click on Control Panel to open the Control Panel. Then double-click on the Network icon. You will then be presented with a list of entries. Scroll down until you see TCP/IP -> yournetworkcard and double-click on that entry. This will open the TCP/IP properties window.

Click once on the DNS Configuration tab>>On most machines DNS is set to disabled
What are your settings?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#28 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 04 February 2006 - 12:51 PM

I am sorry this is so frustrating for you... as it is also frustrating for me. There were a few things on the startup that I found to be unknown programs after the dgprpsetup.exe problem began that I had disabled. Later I found that CCleaner removed them so I can't enable them anymore.

So would you like me to still go back and follow those instructions?

#29 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 04 February 2006 - 12:56 PM

YES
Also, do the following
Click on Start, then Settings, and then click on Control Panel to open the Control Panel. Then double-click on the Network icon. You will then be presented with a list of entries. Scroll down until you see TCP/IP -> yournetworkcard and double-click on that entry. This will open the TCP/IP properties window.

Click once on the DNS Configuration tab>>On most machines DNS is set to disabled
What are your settings?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#30 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 04 February 2006 - 12:57 PM

and by the way, yes it is set to "Disable DNS"

#31 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 04 February 2006 - 07:37 PM

OK, I followed the killbox instructions you asked me to do... I uninstalled start page guard because I couldn't how to disable it and I also uninstalled Mcafees.

I enabled all startup through msconfig.

Here is the HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 8:34:16 PM, on 2/4/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\MK9908.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\MXTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TWAIN_32\SCANWIZ5\SDII.EXE
C:\AMERICA ONLINE 4.0\AOLTRAY.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched hpfsched hpfsched hpfsched hpfsched
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CHotKey] mk9908.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [hpidschd.exe -log -- -log] "C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\ONTRACK\SYSTEM~1\MEMCHECK.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SystemSuite.lnk = C:\Program Files\Ontrack\SystemSuite\MXTask.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .aiff: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab

#32 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 February 2006 - 12:36 AM

If you tried to remove McAfee's thru add/remove programs
It didn't totally uninstall
Please use this link to manually remove it

http://www.uvm.edu/c...ualremoval.html

After you reboot the computer

Delete your copy of Fixwareout from the C:\folder
Redownload it and run it again with previous instructions
I ask you to do this, because I want to make sure Mcafee's is not interfering in the fixes

Post a new hijackthis log and the report from fixwareout

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#33 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 05 February 2006 - 02:34 AM

I did exactly what you asked.. and ran fixwareout twice actually... and I still can't these .exe files!

First time...

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\kzemd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...
C:\WINDOWS\SYSTEM\CSHJJ.EXE
C:\WINDOWS\SYSTEM\DMEZK.EXE

Misc files


Second time...

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ludmd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...
C:\WINDOWS\SYSTEM\CSHJJ.EXE
C:\WINDOWS\SYSTEM\CSBER.EXE
C:\WINDOWS\SYSTEM\DMDUL.EXE

Misc files


Logfile of HijackThis v1.99.1
Scan saved at 3:30:43 AM, on 2/5/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
C:\WINDOWS\IPCONFIG.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\MK9908.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\MXTASK.EXE
C:\WINDOWS\TWAIN_32\SCANWIZ5\SDII.EXE
C:\AMERICA ONLINE 4.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched hpfsched hpfsched hpfsched hpfsched
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CHotKey] mk9908.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [hpidschd.exe -log -- -log] "C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\ONTRACK\SYSTEM~1\MEMCHECK.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SystemSuite.lnk = C:\Program Files\Ontrack\SystemSuite\MXTask.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .aiff: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab

#34 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 February 2006 - 02:43 AM

This just won't go away, I'm going to ask you too export some files
But first, can you do the following please

Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

Post back this report please,

By the way, this file was found twice in a row by Fixwareout
C:\WINDOWS\SYSTEM\CSHJJ.EXE
Are you sure you can't see these files?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#35 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 05 February 2006 - 04:05 AM

That's strange, you're right, and yes I did find that file! It's the only one from the list of 5 that I found... what should I do?

#36 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 05 February 2006 - 02:24 PM

I ran the Panda Scan for "local disks" and here are the results:

Incident Status Location

Adware:Adware/Specofer Not disinfected C:\WINDOWS\SYSTEM\httppost.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM\ursrr.dll
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM\cshjj.exe
Adware:Adware/StartPage.BR Not disinfected C:\Browser HiJack Solution\Remove
about blank (run this first)\remove-ablank.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Virtumonde - WinFixer Removal\Virtumonde Actual Fix\VundoFix - Doesn't Work\VundoFix\process.exe


Note:The folders named "browser hijack solution" and "virtumonde - winfixer removal" are folders I named for previous viruses I fixed.

Also, I am able to find all the above .exe and .dll file (.dll only appears when I show all files, it's a hidden file)

#37 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 06 February 2006 - 05:55 PM

Did you delete the files?
If not do so, there all bad
Afterwards run FixWareout again

Back in Windows post a new hijackthis log and the fixwareout report

If it's still hanging around, I want to get a list off of you
Let me see the above first

Also, I am able to find all the above .exe and .dll file (.dll only appears when I show all files, it's a hidden file)

I asked you to show hidden files earlier

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#38 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 06 February 2006 - 06:35 PM

ni, i meant i see it as a hidden file, i do have "show all files" i was just saying that it's there, but it would be a hidden file otherwise :) I'll go ahead and just delete them and do as you said...

#39 magicman911

magicman911

    Journeyman

  • Members
  • PipPip
  • 44 posts

Posted 06 February 2006 - 07:12 PM

ok, finished... and same thing, i can't find these .exe files...

question, can i go back and disable those startup items? i got too much running and it's slowing me down and robbing resources.

here you go:

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gfxmd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...
C:\WINDOWS\SYSTEM\CSMNK.EXE
C:\WINDOWS\SYSTEM\DMXFG.EXE

Misc files


Logfile of HijackThis v1.99.1
Scan saved at 8:09:25 PM, on 2/6/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\MK9908.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ONTRACK\SYSTEMSUITE\MXTASK.EXE
C:\WINDOWS\TWAIN_32\SCANWIZ5\SDII.EXE
C:\AMERICA ONLINE 4.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched hpfsched hpfsched hpfsched hpfsched
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CHotKey] mk9908.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [hpidschd.exe -log -- -log] "C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\ONTRACK\SYSTEM~1\MEMCHECK.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SystemSuite.lnk = C:\Program Files\Ontrack\SystemSuite\MXTask.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .aiff: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

#40 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 06 February 2006 - 07:27 PM

You can disable them in a bit
Can I just try something
From below download and unzip to your desktop find.zip
So you now have find.bat extracted
Double click on find.bat
A text file will open, probably in wordpad
Can you copy and paste the whole contents back in a reply
The list will be long, try and post it all

Could you also post a Hosts file
Open Hijackthis>>Open Misc tools section>>Open "Hosts File Manager"
Click the "Open In Notepad" button
A text file will open, can you copy and paste back these contents too

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here