Pekoe

Members
 View Profile  See their activity

  • Content Count

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by Pekoe

  1. Problem With Search.finwhatever.com And Hijackthis

    in Malware Removal

    Posted

    BTW, my Internet Service provider is Green Mountain Access (gmavt.net) Successfully got the log! Here it is:

    Logfile of HijackThis v1.98.2

    Scan saved at 10:21:20 PM, on 1/6/2005

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINNT\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    C:\WINNT\System32\svchost.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

    C:\WINNT\system32\regsvc.exe

    C:\WINNT\system32\MSTask.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\WINNT\System32\mspmspsv.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\Explorer.EXE

    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\Real\RealJukebox\tsystray.exe

    C:\Program Files\Microsoft Hardware\Mouse\point32.exe

    C:\WINNT\System32\qttask.exe

    C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe

    C:\WINNT\system32\itunes.exe

    C:\WINNT\system32\rundll32.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

    C:\WINNT\system32\rundll32.exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\WINNT\system32\itunes.exe

    C:\WINNT\system32\wuauclt.exe

    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

    C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

    C:\Program Files\FinePixViewer\QuickDCF.exe

    C:\Program Files\interMute\SpySubtract\SpySub.exe

    C:\Program Files\KeirNet\K9\K9.exe

    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe

    C:\Program Files\Mozilla Thunderbird\thunderbird.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Program Files\ZipGenius\zipgenius.exe

    C:\ZGtemp\906543\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll

    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe

    O4 - HKLM\..\Run: [POINTER] point32.exe

    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

    O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe

    O4 - HKLM\..\Run: [Configuration Loade32r] itunes.exe

    O4 - HKLM\..\Run: [Win32 USB2] wins32.exe

    O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run

    O4 - HKLM\..\Run: [sysPersonalFirewall] system.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe

    O4 - HKLM\..\RunServices: [Configuration Loade32r] itunes.exe

    O4 - HKLM\..\RunServices: [Win32 USB2] wins32.exe

    O4 - HKLM\..\RunServices: [sysPersonalFirewall] system.exe

    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

    O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

    O4 - HKCU\..\Run: [Win32 USB2] wins32.exe

    O4 - HKCU\..\Run: [sysPersonalFirewall] system.exe

    O4 - HKCU\..\Run: [Configuration Loade32r] itunes.exe

    O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe

    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab

    O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinstall.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe

    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cab

    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

    O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab

    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab

  3. Problem With Search.finwhatever.com And Hijackthis

    in Malware Removal

    Posted

    I am having a problem with search.findwhatevernow.com and cannot get HiJackThis to run without generated errors!

    I have used and run Norton Anti-Virus 2005, AVG (most recent), Spybot, Ad-Aware (12/04), SpySubtract. All have fixed what they found. My OS is Windows 2000 Professional and I am using Mozilla Firefox and Thunderbird, but IE is on my computer because I can't delete it without causing havoc.

    Symptoms:

    Multiple attempts to log into Windows

    Computer extremely slow starting up to the point where I can actually click an icon and begin using the computer; seems to have something running in background

    Both browsers can't find yahoo, google, trouble finding others and when it does, images are missing and text font size too large on some parts and too small on others. Other sites work fine.

    I downloaded HikackThis, saved it to my My Documents Folder. When ran HiJack This it began scanning and then I got a message saying HiJack This had generated erros and would have to be restarted. I deleted that file, downloaded it again and the same thing happened. I completely shut off the computer, turned it on and tried again - same message

    What's up with that? I did some research and found that this virus or whatever it is changes DNS entries.

    Thanks,