 |  |  |  |  |  |  |  |
Iexplorer.exe
 |
Hi, I think my browser got hijacked, because sometimes the Iexplorer.exe uses nearly 100% of the CPU.
So I used the Hijack this, and here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 14:50:32, on 22-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\TGTSoft\StyleXP\StyleXPService.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Aston\aston.exe
C:\Aston\XP\internat.exe
C:\Programas\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programas\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programas\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Programas\QuickTime\qttask.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
C:\Programas\Winamp\winampa.exe
C:\Programas\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\Programas\Netcount\Netcount.exe
C:\Programas\Rainlendar\Rainlendar.exe
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCI~1\DEFINI~1\Temp\Rar$EX00.797\HijackThis.exe
C:\Programas\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/i...nonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O1 - Hosts: 69.1.67.70 btuga.com www.btuga.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E06DE18D-7530-977B-A974-82B8E32C6724} - C:\PROGRA~1\gridheck\HTM PURE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.1629.0\pt-br\msntb.dll
O3 - Toolbar: mags manager - {ECFF9B8F-84C7-09D2-F1C2-1F4DE7DD2099} - C:\PROGRA~1\gridheck\HTM PURE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programas\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Programas\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programas\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MMTray] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programas\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programas\Ficheiros comuns\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [book proc] C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programas\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Amsn.lnk = C:\Programas\Amsn\amsn.exe
O4 - Startup: Netcount.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Rainlendar.lnk = C:\Programas\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...847.3377893519
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Please Help
So I used the Hijack this, and here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 14:50:32, on 22-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\TGTSoft\StyleXP\StyleXPService.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Aston\aston.exe
C:\Aston\XP\internat.exe
C:\Programas\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programas\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programas\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Programas\QuickTime\qttask.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
C:\Programas\Winamp\winampa.exe
C:\Programas\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\Programas\Netcount\Netcount.exe
C:\Programas\Rainlendar\Rainlendar.exe
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCI~1\DEFINI~1\Temp\Rar$EX00.797\HijackThis.exe
C:\Programas\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/i...nonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O1 - Hosts: 69.1.67.70 btuga.com www.btuga.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E06DE18D-7530-977B-A974-82B8E32C6724} - C:\PROGRA~1\gridheck\HTM PURE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.1629.0\pt-br\msntb.dll
O3 - Toolbar: mags manager - {ECFF9B8F-84C7-09D2-F1C2-1F4DE7DD2099} - C:\PROGRA~1\gridheck\HTM PURE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Programas\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Programas\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programas\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MMTray] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programas\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programas\Ficheiros comuns\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [book proc] C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programas\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Amsn.lnk = C:\Programas\Amsn\amsn.exe
O4 - Startup: Netcount.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Rainlendar.lnk = C:\Programas\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...847.3377893519
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Please Help
•
•
Join Date: Feb 2004
Posts: 10,112
Reputation: 
Solved Threads: 769
Reboot into safe mode following the instructions here & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...unonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O1 - Hosts: 69.1.67.70 btuga.com www.btuga.com
O2 - BHO: (no name) - {E06DE18D-7530-977B-A974-82B8E32C6724} - C:\PROGRA~1\gridheck\HTM PURE.dll
O3 - Toolbar: mags manager - {ECFF9B8F-84C7-09D2-F1C2-1F4DE7DD2099} - C:\PROGRA~1\gridheck\HTM PURE.dll
O4 - HKLM\..\Run: [book proc] C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
Delete the following manually:
C:\PROGRA~1\gridheck< folder
C:\PROGRA~1\ADMINV~1< folder
C:\Program Files\AutoUpdate< folder
C:\Program Files\WindowsSA< folder
Reboot normally after doing the above then post a fresh log plz.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...unonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O1 - Hosts: 69.1.67.70 btuga.com www.btuga.com
O2 - BHO: (no name) - {E06DE18D-7530-977B-A974-82B8E32C6724} - C:\PROGRA~1\gridheck\HTM PURE.dll
O3 - Toolbar: mags manager - {ECFF9B8F-84C7-09D2-F1C2-1F4DE7DD2099} - C:\PROGRA~1\gridheck\HTM PURE.dll
O4 - HKLM\..\Run: [book proc] C:\PROGRA~1\ADMINV~1\TypeWinDent.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
Delete the following manually:
C:\PROGRA~1\gridheck< folder
C:\PROGRA~1\ADMINV~1< folder
C:\Program Files\AutoUpdate< folder
C:\Program Files\WindowsSA< folder
Reboot normally after doing the above then post a fresh log plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- How to remove iexplorer.exe (Viruses, Spyware and other Nasties)
- Iexplorer.exe (Windows NT / 2000 / XP)
- remove iexplorer.exe (Viruses, Spyware and other Nasties)
- iexplorer.exe error and restarting after going to some websites (Web Browsers)
- Unhandled exception in IEXPLORER.EXE (SHDOCVW.DLL): 0xC0000005: Access Violation (Web Browsers)
- iexplorer.exe error in MS 2000 Professional (Web Browsers)
- iexplorer.exe (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: hijack this log
- Next Thread: Yet another About;Blank homepage problem
Views: 3958 | Replies: 1
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit explorer facebook fake fancheckvirus firefox gaming gumblar hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile news norton obama panel parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume warning web windows worm zero-day
