jjbrodell Posted October 14, 2004 Report Share Posted October 14, 2004 [size=1Logfile of HijackThis v1.98.0Scan saved at 6:28:23 PM, on 10/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\System32\sistray.EXEC:\Program Files\Lexmark X5100 Series\lxbabmgr.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\dfrvamo.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Lexmark X5100 Series\lxbabmon.exeC:\Program Files\WindUpdates\WinUpdt.exeC:\Program Files\Defender Pro Anti Spam\admin.exeC:\WINDOWS\QuickBrowser.exeC:\Program Files\WindUpdates\WinKA.exeC:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\System32\mscif.exeC:\Documents and Settings\Mom & Dad\Application Data\thbo.exeC:\WINDOWS\System32\hwxun.exeC:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exeC:\Program Files\Defender Pro Anti Spam\dpantispam.exeC:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exeC:\Program Files\Outlook Express\msimn.exeC:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\ipmontr.exeC:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.charter.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dllO2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {14A6345F-9418-0DC6-8058-105505AE2F3A} - C:\WINDOWS\System32\uqhzst.dllO2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gifO2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dllO2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLLO2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dllO2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dllO2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dllO2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dllO2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXEO4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exeO4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [scomscsle] C:\WINDOWS\System32\dfrvamo.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exeO4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exeO4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exeO4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exeO4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exeO4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exeO4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorunO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exeO4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exeO4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exeO4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exeO4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exeO4 - HKCU\..\Run: [Oosl] C:\Documents and Settings\Mom & Dad\Application Data\thbo.exeO4 - HKCU\..\Run: [Luwlvnrv] C:\WINDOWS\System32\hwxun.exeO4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exeO4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exeO4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exeO4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exeO4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exeO4 - Global Startup: Event Reminder.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htmO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cabO16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cabO16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cabO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cabO16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cabO16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct3_x.cabO16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cabO16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cabO16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cabO16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cabO16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cabO16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cabO16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cabO16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cabO16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cabO16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cabO16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cabO16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cabO16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f8612b9d97b9...ip/RdxIE601.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab] Link to post Share on other sites
therock247uk Posted October 14, 2004 Report Share Posted October 14, 2004 1. Ok first download Adaware from. http://lavasoft.element5.com/support/download/#free Install it then open it and press check for updates. Dont scan with it yet we will do that later.2. Download Cwsshredder from. http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip it dont run it yet.3. Boot into safemode go here for Intructions on how to. http://service1.symantec.com/SUPPORT/tsgen...0010524094204064. While in safemode open Adaware. Click Start Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives. It will list malware files and registry keys. Click Next.Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.It will ask for verification of checked items. Choose OK.Close Ad-Aware5. Run Cwsshredder which you downloaded earlyer and press fix. 6. Reboot back in to Windows and run an online virus scan http://housecall.antivirus.com/ make sure the auto clean option is on. 7. Then reboot again and post a new Hijackthis log here in a reply. Link to post Share on other sites
jjbrodell Posted October 15, 2004 Author Report Share Posted October 15, 2004 Logfile of HijackThis v1.98.0Scan saved at 9:14:17 PM, on 10/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\sistray.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Lexmark X5100 Series\lxbabmgr.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Defender Pro Anti Spam\admin.exeC:\WINDOWS\QuickBrowser.exeC:\Program Files\Lexmark X5100 Series\lxbabmon.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exeC:\Program Files\Defender Pro Anti Spam\dpantispam.exeC:\WINDOWS\System32\ipmontr.exeC:\Program Files\Outlook Express\msimn.exeC:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXEO4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exeO4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exeO4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exeO4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorunO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exeO4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exeO4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exeO4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exeO4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exeO4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exeO4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exeO4 - Global Startup: Event Reminder.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cabO16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cabO16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cabO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cabO16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cabO16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct3_x.cabO16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cabO16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cabO16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cabO16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cabO16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cabO16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cabO16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cabO16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cabO16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cabO16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cabO16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cabO16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cabO16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f8612b9d97b9...ip/RdxIE601.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab Link to post Share on other sites
therock247uk Posted October 15, 2004 Report Share Posted October 15, 2004 1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exeO4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exeO4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exeO4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exeO4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exeO4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exeO4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exeO9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab2. Reboot and delete the following files.C:\WINDOWS\System32\enss.exeC:\WINDOWS\QuickBrowser.exeC:\WINDOWS\System32\sysdoor.exeC:\WINDOWS\System32\jgsd400.exeC:\WINDOWS\System32\ipmontr.exeC:\WINDOWS\System32\ipxpromn.exe3. Delete the folders.C:\Documents and Setting\AllUsers\Application data\Pribi\C:\Program Files\Ebates_MoeMoneyMaker\4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager.5. Then post a new Hijackthis log here in a reply. Link to post Share on other sites
jjbrodell Posted October 15, 2004 Author Report Share Posted October 15, 2004 Logfile of HijackThis v1.98.0Scan saved at 2:32:00 PM, on 10/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEc:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\ipmontr.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exeO4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Link to post Share on other sites
therock247uk Posted October 15, 2004 Report Share Posted October 15, 2004 Can you please post the full log that looks very very small to me Link to post Share on other sites
jjbrodell Posted October 16, 2004 Author Report Share Posted October 16, 2004 Logfile of HijackThis v1.98.0Scan saved at 2:32:00 PM, on 10/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEc:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\ipmontr.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exeO4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background**THIS IS ALL I HAVE.........I HOPE I DID EVERYTHING RIGHT. ** Link to post Share on other sites
therock247uk Posted October 16, 2004 Report Share Posted October 16, 2004 (edited) Ok well your clean a bit to clean Go here for Infomation on how to prevent Reinfection. http://forums.net-integration.net/index.php?showtopic=3051 Edited October 16, 2004 by therock247uk Link to post Share on other sites
jjbrodell Posted October 16, 2004 Author Report Share Posted October 16, 2004 thank you for all your help. I hope that my computer is now free from all the annoyances. If I need further help I will come running. Or I will call EFWIS. Should I run the Hijackthis on a regular basis to keep this clean and good? Thanks again!! Link to post Share on other sites
therock247uk Posted October 16, 2004 Report Share Posted October 16, 2004 (edited) Should I run the Hijackthis on a regular basis to keep this clean and good?Do you mean tick and fix everything in Hijackthis? Edited October 16, 2004 by therock247uk Link to post Share on other sites
Dragon Posted October 24, 2004 Report Share Posted October 24, 2004 This topic is now closed, if you need it reopened please contact a moderator on this site to have it reopened, please be sure to include a link to this post when you send the request.If this isn't your topic, please start a new one and someone will respond as soon as possibleThank you Link to post Share on other sites
Recommended Posts