Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
16,274 Posts
Its a cws hijacker in fact:

Download CWShredder:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Unzip, run and hit the ->fix tab to fix all found problems

CWShredder takes advantage of seurity holes in windows so you should install all critical as well as hotfixes available from windows update.

Then repost a fresh Hijack this log .

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ and save it to a folder on your desktop.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
 

·
Registered
Joined
·
758 Posts
Discussion Starter · #4 ·
thanks guys. I am currently on XP with IE6. Have not finished all the updates yet though. I will run CWS on here. I get the same error while in 98 SE (but I am running IE 5.5 on that), along with KERNEL32.DLL. Could both dll's be the result of the same hijacker?
 

·
Registered
Joined
·
758 Posts
Discussion Starter · #5 ·
here is my log. I just got XP on here, so not much running :)

Logfile of HijackThis v1.97.7
Scan saved at 10:26:16 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\S3apphk.exe
E:\Program Files\America Online 8.0\aoltray.exe
D:\WINDOWS\System32\wpabaln.exe
D:\Program Files\AOL Companion\companion.exe
E:\Program Files\America Online 8.0\aol.exe
E:\Program Files\America Online 8.0\waol.exe
D:\HJT\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Blurty.lnk = E:\Program Files\Blurty\Blurty.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1015d8449c392fbf1302/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38086.8897106481
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8C1053B-D6FE-4826-A986-207636D5F509}: NameServer = 205.188.146.146
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top