Thread: trojan..
View Single Post
  #2  
Old 11-11-2004, 08:04 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Lets begin by rescanning once again with hijack then insert a check next to each of these then close all broser windows and click "fix checked"


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)

O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [sqrvic] C:\WINDOWS\System32\laesbpfl.exe

O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe

O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: MA521 Configuration Utility.lnk = ?

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/1w2fcksh.cab




Then reboot the system ionto safe mode, open windows explorer, find then delete:
C:\Program Files\TV Media
C:\WINDOWS\System32\laesbpfl.exe


Reboot, rescan and post a fresh log.
Reply With Quote