Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 ashish079

ashish079

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 30 January 2005 - 08:23 AM

Logfile of HijackThis v1.99.0
Scan saved at 13:07:17, on 30/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Jvgvwg\Pvzy.exe
C:\WINDOWS\System32\wtsinet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\hhnt.exe
C:\Documents and Settings\Nagendra Shrestha\Application Data\cesl.exe
C:\WINDOWS\System32\r?gedit.exe
C:\WINDOWS\System32\wifdec32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...ount_id=1000318
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ount_id=1000318
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.buldog-search.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: (no name) - {2CC12EE9-C20C-C888-2F30-EADC3918B1CB} - C:\WINDOWS\System32\csyydfdh.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Wvlky] C:\Program Files\Jvgvwg\Pvzy.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WR1XQDIfd] C:\documents and settings\nagendra shrestha\local settings\temp\WR1XQDIfd.exe
O4 - HKLM\..\Run: [qs8f36R] wtsinet.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkcv32.exe
O4 - HKLM\..\Run: [Power Scan] C:\Documents and Settings\Nagendra Shrestha\Local Settings\Temp\powerscan.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Tswb] C:\Documents and Settings\Nagendra Shrestha\Application Data\cesl.exe
O4 - HKCU\..\Run: [Fws] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [bBrpRWdpT] wifdec32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09abe190938fee...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=3680
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/eng/billard8UK_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A7CABC-6C09-49FD-BFA0-51E3CAFB0A15}: NameServer = 192.168.0.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:45 PM

Posted 30 January 2005 - 08:34 AM

Please download CWShredder and run it, even if it crashes.
http://cwshredder.net/bin/CWSInstall.exe


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...ount_id=1000318
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ount_id=1000318
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.buldog-search.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: (no name) - {2CC12EE9-C20C-C888-2F30-EADC3918B1CB} - C:\WINDOWS\System32\csyydfdh.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Wvlky] C:\Program Files\Jvgvwg\Pvzy.exe
O4 - HKLM\..\Run: [WR1XQDIfd] C:\documents and settings\nagendra shrestha\local settings\temp\WR1XQDIfd.exe
O4 - HKLM\..\Run: [qs8f36R] wtsinet.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkcv32.exe
O4 - HKLM\..\Run: [Power Scan] C:\Documents and Settings\Nagendra Shrestha\Local Settings\Temp\powerscan.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Tswb] C:\Documents and Settings\Nagendra Shrestha\Application Data\cesl.exe
O4 - HKCU\..\Run: [Fws] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [bBrpRWdpT] wifdec32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09abe190938fee...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=3680


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

wifdec32.exe
wtsinet.exe
C:\Documents and Settings\Nagendra Shrestha\Application Data\cesl.exe
C:\WINDOWS\hhnt.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Windows AdStatus
C:\Program Files\Jvgvwg
C:\windows\system32\kalvkcv32.exe
C:\WINDOWS\System32\securer
C:\WINDOWS\System32\csyydfdh.dll
C:\WINDOWS\SYSTEM\blank.htm



Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin




Reboot your computer to go back to normal mode.



Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.

dir C:\WINDOWS\System32\r?gedit.exe /a h > files.txt
notepad files.txt



Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

Also please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ashish079

ashish079
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 30 January 2005 - 09:40 AM

This is from the FindFile.bat.

Volume in drive C has no label.
Volume Serial Number is 3C2F-17F5

Directory of C:\WINDOWS\System32

11/01/2005 14:15 401,408 r?gedit.exe
1 File(s) 401,408 bytes

Directory of C:\Documents and Settings\Nagendra Shrestha\Desktop








Hijackthis log


Logfile of HijackThis v1.99.0
Scan saved at 14:40:22, on 30/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\cdfhe220.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\athplug.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [qs8f36R] cdfhe220.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkcv32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [bBrpRWdpT] athplug.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/eng/billard8UK_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A7CABC-6C09-49FD-BFA0-51E3CAFB0A15}: NameServer = 192.168.0.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:45 PM

Posted 30 January 2005 - 09:30 PM

Download Ad-aware SE from: http://www.majorgeeks.com/download506.html

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Exit Adaware for now.



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [qs8f36R] cdfhe220.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkcv32.exe
O4 - HKCU\..\Run: [bBrpRWdpT] athplug.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\CxtPls
C:\Program Files\AutoUpdate
C:\Program Files\Windows AdStatus
cdfhe220.exe
athplug.exe
C:\windows\system32\kalvkcv32.exe
C:\WINDOWS\System32\r?gedit.exe <-- before deleting verify this file is 401kb and was created on 1/11/2005.



Run a full scan with Adaware.



Reboot your computer to go back to normal mode and post a new log.

Edited by Buckeye_Sam, 30 January 2005 - 09:39 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:45 PM

Posted 23 February 2005 - 06:21 AM

This topic has been closed due to a lack of response. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users