Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please HijackThis Diagnose


  • Please log in to reply
9 replies to this topic

#1 marit

marit

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 03 April 2005 - 12:46 PM

hi, i have problems with spyware about:blank since a few days. can you please check my HijackThis log and tell me what to do? Thanks for the help


Logfile of HijackThis v1.99.1
Scan saved at 19:36:17, on 03/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Documents and Settings\Nordico\Escritorio\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nordico\CONFIG~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nordico\CONFIG~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67DC594D-14DE-43CD-9E26-06C59BD43428} - C:\WINDOWS\System32\pgfh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [op6j1D] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO\y-] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO/F%)fNbC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Nordico\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Archivos de programa\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Filter: text/html - {B27B58A4-719E-45CA-830A-71C790FD9056} - C:\WINDOWS\System32\pgfh.dll
O18 - Filter: text/plain - {B27B58A4-719E-45CA-830A-71C790FD9056} - C:\WINDOWS\System32\pgfh.dll

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 03 April 2005 - 04:23 PM

Please download and extract the following file:

http://www.derbilk.de/SpSeHjfix111.zip

Run the program and then post the resulting log along with a new hijackthis log.

#3 arielsages

arielsages

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 03 April 2005 - 05:10 PM

hi!
im a friend that helps marit to solve her computer problem. I noticed that the link that you gave her is wrong. can you please check it?
Thanks!

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 03 April 2005 - 05:31 PM

This one:

http://www.derbilk.de/SpSeHjfix112.zip

#5 marit

marit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 03 April 2005 - 10:19 PM

hi, i have problems with spyware about:blank since a few days. can you please check my HijackThis log and SpSeHjfix112 log and tell me what to do?

Thanks for the help!!

Logfile of HijackThis v1.99.1
Scan saved at 5:14:45, on 04/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nordico\Escritorio\ANTI spyware\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [op6j1D] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO\y-] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO/F%)fNbC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Archivos de programa\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

-------------------------------------------------------------------


(4/4/05 4:53:24) SPSeHjFix started v1.1.2
(4/4/05 4:53:24) OS: WinXP (5.1.2600)
(4/4/05 4:53:24) Language: espaol
(4/4/05 4:53:24) Win-Path: C:\WINDOWS
(4/4/05 4:53:24) System-Path: C:\WINDOWS\System32
(4/4/05 4:53:24) Temp-Path: C:\DOCUME~1\Nordico\CONFIG~1\Temp\
(4/4/05 4:53:26) Disinfection started
(4/4/05 4:53:26) Bad-Dll(IEP): c:\docume~1\nordico\config~1\temp\se.dll
(4/4/05 4:53:26) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\pgfh.dll
(4/4/05 4:53:26) Searchassistant Uninstaller - Keys Deleted
(4/4/05 4:53:26) UBF: 6 - UBB: 1 - UBR: 9
(4/4/05 4:53:26) FilterKey: HKCR\text/html (deleted)
(4/4/05 4:53:26) FilterKey: HKCR\CLSID\{B27B58A4-719E-45CA-830A-71C790FD9056} (deleted)
(4/4/05 4:53:26) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/4/05 4:53:26) FilterKey: HKCR\text/plain (deleted)
(4/4/05 4:53:26) FilterKey: HKCR\CLSID\{B27B58A4-719E-45CA-830A-71C790FD9056} (error while deleting)
(4/4/05 4:53:26) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/4/05 4:53:26) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67DC594D-14DE-43CD-9E26-06C59BD43428} (deleted)
(4/4/05 4:53:26) BHO-Key: HKCR\CLSID\{67DC594D-14DE-43CD-9E26-06C59BD43428} (deleted)
(4/4/05 4:53:26) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Nordico\CONFIG~1\Temp\se.dll,DllInstall (deleted)
(4/4/05 4:53:26) UBF: 4 - UBB: 0 - UBR: 8
(4/4/05 4:53:26) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nordico\config~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nordico\config~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/4/05 4:53:26) Stealth-String not found
(4/4/05 4:53:26) File added to delete: c:\windows\system32\pgfh.dll
(4/4/05 4:53:26) File added to delete: c:\docume~1\nordico\config~1\temp\se.dll
(4/4/05 4:53:26) Reboot


(4/4/05 4:55:12) SPSeHjFix started v1.1.2
(4/4/05 4:55:12) OS: WinXP (5.1.2600)
(4/4/05 4:55:12) Language: espaol
(4/4/05 4:55:12) Win-Path: C:\WINDOWS
(4/4/05 4:55:12) System-Path: C:\WINDOWS\System32
(4/4/05 4:55:12) Temp-Path: C:\DOCUME~1\Nordico\CONFIG~1\Temp\
(4/4/05 4:55:53) Disinfection started
(4/4/05 4:55:53) Bad-Dll(IEP): c:\docume~1\nordico\config~1\temp\se.dll
(4/4/05 4:55:53) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\pgfh.dll
(4/4/05 4:55:53) Searchassistant Uninstaller - Keys Deleted
(4/4/05 4:55:53) UBF: 6 - UBB: 1 - UBR: 8
(4/4/05 4:55:53) FilterKey: HKCR\text/html (deleted)
(4/4/05 4:55:53) FilterKey: HKCR\CLSID\{FD00FA74-19D2-41F0-AC71-6AFC00347D82} (deleted)
(4/4/05 4:55:53) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/4/05 4:55:53) FilterKey: HKCR\text/plain (deleted)
(4/4/05 4:55:53) FilterKey: HKCR\CLSID\{FD00FA74-19D2-41F0-AC71-6AFC00347D82} (error while deleting)
(4/4/05 4:55:53) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/4/05 4:55:53) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8E5EAC1-19F2-4608-99D6-9930E4078C5F} (deleted)
(4/4/05 4:55:53) BHO-Key: HKCR\CLSID\{F8E5EAC1-19F2-4608-99D6-9930E4078C5F} (deleted)
(4/4/05 4:55:53) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Nordico\CONFIG~1\Temp\se.dll,DllInstall (deleted)
(4/4/05 4:55:53) UBF: 4 - UBB: 0 - UBR: 7
(4/4/05 4:55:53) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nordico\config~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nordico\config~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/4/05 4:55:53) Stealth-String not found
(4/4/05 4:55:54) File added to delete: c:\windows\system32\pgfh.dll
(4/4/05 4:55:54) File added to delete: c:\docume~1\nordico\config~1\temp\se.dll
(4/4/05 4:55:54) Reboot


(4/4/05 4:56:47) SPSeHjFix started v1.1.2
(4/4/05 4:56:47) OS: WinXP (5.1.2600)
(4/4/05 4:56:47) Language: espaol
(4/4/05 4:56:47) Win-Path: C:\WINDOWS
(4/4/05 4:56:47) System-Path: C:\WINDOWS\System32
(4/4/05 4:56:47) Temp-Path: C:\DOCUME~1\Nordico\CONFIG~1\Temp\


(4/4/05 5:01:23) SPSeHjFix started v1.1.2
(4/4/05 5:01:23) OS: WinXP (5.1.2600)
(4/4/05 5:01:23) Language: espaol
(4/4/05 5:01:23) Win-Path: C:\WINDOWS
(4/4/05 5:01:23) System-Path: C:\WINDOWS\System32
(4/4/05 5:01:23) Temp-Path: C:\DOCUME~1\Nordico\CONFIG~1\Temp\

#6 arielsages

arielsages

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 04 April 2005 - 04:35 AM

after my friend marit ran the program you gave her and after she posted this last post with the logs she cant now open ANY internet windows! Can you please chekc the logs and tell her what to do?
Thanks!

#7 arielsages

arielsages

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 04 April 2005 - 05:09 AM

Another question: This happens to my friend marit everytime she starts her computer:

"Microsoft AntiSpyware has detected the threat IST.ISTbar trying to install a Startup Registry Entry on your computer. If you would like to allow IST.ISTbar to install the Startup Registry Entry click the 'Allow' button below."

What should she do about that?
Thanks

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 04 April 2005 - 08:08 AM

This is getting very confusing with both of you posting the same stuff. Lets just have marit work with me on this and you can help her behind the scenes if she needs it.

Marit, do the following and then post a brand new HJT log:

Now please Download LSPFix from:

LSP-Fix

Run the program and check immediately press the finish button.

Then Reboot.

To see a tutorial on how to use this program click the link below:

Using LSP-Fix to remove LSP Spyware & Hijackers

Let us know if its better now

#9 marit

marit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 04 April 2005 - 10:03 AM

hi!
thanks for helping me! : )
I have ran the program you asked me to!
And is the log after i ran the hijackthis.
/marit

Logfile of HijackThis v1.99.1
Scan saved at 17:01:12, on 04/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Nordico\Escritorio\ANTI spyware\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [op6j1D] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO\y-] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO/F%)fNbC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Archivos de programa\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 04 April 2005 - 05:07 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O4 - HKLM\..\Run: [op6j1D] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO\y-] C:\WINDOWS\ikbrjug.exe
O4 - HKLM\..\Run: [bO/F%)fNbC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINDOWS\ikbrjug.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\ikbrjug.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users