TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Sushil on November 19, 2004, 04:17:36 PM
-
Hi,
My machine seems to be infected with CWS.HiddenDLL spyware. I used to CWShredder program to remove it a couple of time but it keeps on coming back every time I reboot the machine. Can you please help? Following is the HJT log file:
Logfile of HijackThis v1.97.7
Scan saved at 1:25:02 PM, on 11/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
C:\WINNT\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Palm\AlarmApp.exe
C:\Program Files\D-Link AirPlus Xtreme G DWL-G650\AirPlus.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sxkumar\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.oracle.com/ (http://\"http://my.oracle.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net (http://\"http://www.comcast.net\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad/wpad.dat (http://\"http://wpad/wpad.dat\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracle.com; *.oraclecorp.com;<local>
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINNT\system32\mseggo.gif
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AboutTime Setup] regedit /s "C:\Program Files\AboutTime\setup.reg"
O4 - HKLM\..\Run: [AboutTime TimeServer] C:\Program Files\AboutTime\abouttime.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Orl\Vnc\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINNT\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINNT\dhbrwsr.exe
O4 - HKLM\..\Run: [sain] c:\winnt\system32\sain.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [svrrun] C:\WINNT\svrrun.exe
O4 - HKLM\..\Run: [vmetera] C:\WINNT\system32\vmetera.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msedpb.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: D-Link AirPlus Xtreme G DWL-G650 Adapter Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G DWL-G650\AirPlus.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: ProfileCopier.lnk = C:\Program Files\Profile Copier\ProfileCopier.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: WeatherBug (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O12 - Plugin for .com/: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://adsweb.oracleads.com (http://\"http://adsweb.oracleads.com\")
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/ja...jar/cnsload.cab (http://\"https://conference.oracle.com/imtapp/res/jar/cnsload.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.rediff.com/hindi/wfplayer/tdserver.cab (http://\"http://www.rediff.com/hindi/wfplayer/tdserver.cab\")
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab (http://\"http://download.yahoo.com/dl/fv/yv.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab (http://\"http://www.ipix.com/viewers/ipixx.cab\")
O16 - DPF: {17EB9D9F-A863-4C04-B1E7-8412F538388E} (Collaboration Audio Recording Control) - http://appseminar.oracle.com/atc/signedenc...er_1,23,0,0.cab (http://\"http://appseminar.oracle.com/atc/signedencoder_1,23,0,0.cab\")
O16 - DPF: {1A7AEDAF-81DC-47A1-AAED-CBC0E9DEB274} (Oraster) - http://www.oracle.com/broadband/3winviewer/oraster.cab (http://\"http://www.oracle.com/broadband/3winviewer/oraster.cab\")
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://80.96.118.2/we/mw/MSN_QTPieJess01.exe (http://\"http://80.96.118.2/we/mw/MSN_QTPieJess01.exe\")
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.genisar.com/files/genplug60.cab (http://\"http://www.genisar.com/files/genplug60.cab\")
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab (http://\"http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab\")?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab\")
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://\"http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB\")
O16 - DPF: {3B926A18-F7FA-445B-8AE8-3A7BCDF35A56} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVvideo.CAB (http://\"http://www.ndtv.com/video/NDTVvideo.CAB\")
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/c...ontent/opuc.cab (http://\"http://office.microsoft.com/officeupdate/content/opuc.cab\")
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe (http://\"http://fdl.msn.com/public/investor/v13/invinstl.exe\")
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20c2bf2dc33bc9cf4017/...ip/RdxIE601.cab (http://\"http://207.188.7.150/20c2bf2dc33bc9cf4017/netzip/RdxIE601.cab\")
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client...eAutoLaunch.ocx (http://\"http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx\")
O16 - DPF: {689ff870-2ac0-11d5-b634-00c04faedb18} - http://atc-hied3.oracleicenter.com:8039/ja.../jinit11810.exe (http://\"http://atc-hied3.oracleicenter.com:8039/java-plugin/jinit11810.exe\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/r...ader/isetup.cab (http://\"http://zinio.earthc.net/images.zinio.com/reader/isetup.cab\")
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com//video/NDTVseekvideo.CAB (http://\"http://www.ndtv.com//video/NDTVseekvideo.CAB\")
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe (http://\"http://moneycentral.msn.com/cabs/pmupdate.exe\")
O16 - DPF: {9723C992-7B0B-4479-BDC4-6B6D3F5D9079} (Oracle iMeeting Installer) - http://imeetingbeta1.oracle.com/imtapp/res...ar/instctrl.dll (http://\"http://imeetingbeta1.oracle.com/imtapp/res/jar/instctrl.dll\")
O16 - DPF: {9723C9A2-7B0B-4479-BDC4-6B6D3F5D9079} (Oracle iMeeting Installer) - http://imeetingbeta1.oracle.com/imtapp/res...ar/instctrl.dll (http://\"http://imeetingbeta1.oracle.com/imtapp/res/jar/instctrl.dll\")
O16 - DPF: {9723C9A8-7B0B-4479-BDC4-6B6D3F5D9079} (Oracle iMeeting Installer) - https://webconferencingbetahq.oracle.com/im...ar/instctrl.dll (http://\"https://webconferencingbetahq.oracle.com/imtapp/res/jar/instctrl.dll\")
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7696.4467592593 (http://\"http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37696.4467592593\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/viz...N-US/msorun.cab (http://\"http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab\")
O16 - DPF: {A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} - http://www.adsrvr.com/promos/Aff_Installer_5.exe (http://\"http://www.adsrvr.com/promos/Aff_Installer_5.exe\")
O16 - DPF: {B0EDD230-9458-11D4-B700-0050BA881E87} (WdHinIocCtrl Class) - http://www.epatra.com/components/activex/wdhinioc.cab (http://\"http://www.epatra.com/components/activex/wdhinioc.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab\")
O16 - DPF: {BAA165DA-1DAF-4F18-9A28-E0D2D3937A1F} (Wrapper Class) - http://webevents.broadcast.com/wsp/VisionBrowser.CAB (http://\"http://webevents.broadcast.com/wsp/VisionBrowser.CAB\")
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab (http://\"http://www.odysseusmarketing.com/actsetup.cab\")
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab\")
O16 - DPF: {C518A9DE-6C22-416B-BD84-AC759ACA3F99} (NDTVVideo.MPlayer) - http://www1.ndtv.com/video/NDTVvideo.CAB (http://\"http://www1.ndtv.com/video/NDTVvideo.CAB\")
O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/...s/SpeedTest.dll (http://\"http://iweb.intertainer.com/eod/downloads/SpeedTest.dll\")
O16 - DPF: {C7F626D2-0645-4FD8-8212-446707501F82} (Intava Mobile Experience Framework Control) - http://www.mmodemagazine.com/emulator/IntavaMEF.cab (http://\"http://www.mmodemagazine.com/emulator/IntavaMEF.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DA983D04-642D-49BF-A241-80BC6BD0F96A} (Collaboration Application Sharing Control) - http://appseminar.oracle.com/atc/signedsha...re_1,22,0,0.cab (http://\"http://appseminar.oracle.com/atc/signedshare_1,22,0,0.cab\")
O16 - DPF: {DFC9A7BC-27DA-11D6-9FCC-0002A51D1B02} (OraBcnTxnRec.Recorder_UC) - http://gbtech9.us.oracle.com:7777/em/monit...raBcnTxnRec.CAB (http://\"http://gbtech9.us.oracle.com:7777/em/monitoring/website/txn/OraBcnTxnRec.CAB\")
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/swoosh/ni...l/java/RntX.cab (http://\"http://livesc02.rightnowtech.com/swoosh/nike_store/rnt/rnl/java/RntX.cab\")
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab\")
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://reversesweep.com/PlayerWebApp/msxml3.cab (http://\"http://reversesweep.com/PlayerWebApp/msxml3.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab (http://\"http://fdl.msn.com/public/chat/msnchat45.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0884AEEE-5E40-4B37-BB6D-E6A72F60E719}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F0AF3FF-2897-4E2B-8834-CD905A8E8B92}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{73AED5A2-5559-4AD6-A425-52EB322459DE}: Domain = attbi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{73AED5A2-5559-4AD6-A425-52EB322459DE}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0884AEEE-5E40-4B37-BB6D-E6A72F60E719}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0884AEEE-5E40-4B37-BB6D-E6A72F60E719}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com
-
Hi Sushil, can you delete your copy of Hijackthis and download the latest version
Please make a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT
Now you will have C:\HJT
Download Hijackthis from HERE (http://\"https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe\") or HERE (http://\"http://aumha.org/downloads/hijackthis.exe\")
Save it to that new folder
Post back with a log from the new version
Could you also
Download DLLCompare (http://\"http://download.broadbandmedic.com/DllCompare.exe\")
Start the Program and click the Run Locate.com
Default settings should work---C:\WINNT\system32\directory
Let it complete the SCAN, which won't take long
Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.
Click the Make a Log of what was found button
Post back this log too, thanks