mysearch parasite - Page 3

kimkay · 26-Aug-2003, 12:19 AM **#31**

Thanks a bunch guys! I had work and other annoying stuff to do so I'm just getting back to working on this. MySearch is gone now, yay!!! I'm running AdAware as I type--I downloaded it a year or so ago and didn't really know how to use it, so I'd uninstalled it. The new version is so much more user-friendly. As far as the hard drive goes, I have a C, D, E, and F that are one drive partitioned that way, and then a separate 120-gig hard drive. D is totally full, but I couldn't find any way to tell the service pack where I wanted it to install, it just automatically goes to D. I've got lots of room on G if I can put it there...help???

kimkay · 26-Aug-2003, 12:29 AM **#32**

as per your request, here's the new log that I ran after using AdAware...

Logfile of HijackThis v1.96.2
Scan saved at 10:20:14 PM, on 8/25/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\WINNT\system32\spoolsv.exe
E:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\WINNT\System32\crypserv.exe
D:\WINNT\System32\svchost.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\explorer.exe
D:\WINNT\system32\winupdate.exe
E:\PROGRA~1\NORTON~1\navapw32.exe
E:\program files\adobe 6\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Support.com\bin\tgcmd.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Winamp\Winampa.exe
G:\INTERNET FILES\Temporary Internet Files\Netscp.exe
E:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
E:\Program Files\Microsoft Office\Office\OSA.EXE
D:\WINNT\system32\RUNDLL32.exe
D:\WINNT\system32\RUNDLL32.exe
E:\PROGRA~1\HEWLET~1\HPPSC7~1\bin\hpoevm07.exe
E:\Program Files\Hewlett-Packard\hp psc 700 series\bin\HPOSTS07.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\AIM95\aim.exe
F:\PROGRA~1\WinZip\winzip32.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=explorer.exe winupdate.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\6idjj3p5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CINTERNET%20FILES%5CTemporary%20Internet%20Files%5Csearchplugins%5CSB Web_01.src"); (D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\6idjj3p5.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\adobe 6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "D:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [windowsupdate] winupdate.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "g:\INTERNET FILES\Temporary Internet Files\Netscp.exe" -turbo
O4 - Startup: HotSync Manager.lnk.disabled
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SnagIt 5.lnk.disabled
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: HPAiODevice.lnk = E:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk.disabled
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Add to FireViewer Conduit (HKLM)
O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030...verContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1...L/PhPSetup.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {3717DF55-0396-463D-98B7-647C7DC6898A} - http://tb-static.adpowerzone.com/mtb/toolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2992916e43b292d...p/RdxIE601.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hawaiilive.sheraton-hawaii.co...CamControl.ocx
O16 - DPF: {A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} - http://www.adsrvr.com/promos/Aff_Installer_4.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yaho...io4_0_2_10.cab

I can already tell a difference in my computer's stability and speed--this is awesome! Now if I can just figure out how to get that MSBlast patch downloaded and installed I'll feel better. Muchas gracias, Winchester and Buckaroo.

$teve · 26-Aug-2003, 08:45 AM **#33**

hello kim

in hijackthis check the following,close all browser windows and fix checked.

R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=explorer.exe winupdate.exe
O4 - HKLM\..\Run: [windowsupdate] winupdate.exe
O16 - DPF: {3717DF55-0396-463D-98B7-647C7DC6898A} - http://tb-static.adpowerzone.com/mtb/toolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2992916e43b292...ip/RdxIE601.cab
O16 - DPF: {A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} - http://www.adsrvr.com/promos/Aff_Installer_4.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab

re-boot into safe mode (by tapping the f8 key on boot up)
find and delete:
D:\WINNT\system32\winupdate.exe

$teve · 26-Aug-2003, 08:51 AM **#34**

COULD YOU PLEASE POST YOUR HIJACKTHIS LOGFILES IN NEW AND SEPARATE THREADS IN THE SECURITY FORUM.....IF YOU TAG THEM ONTO THIS OR ANY OTHER EXISTING THREAD,SOME MAY GET MISSED,AND WE WOULDNT WANT THAT NOW WOULD WE......THANKYOU

kimkay · 27-Aug-2003, 09:21 PM **#35**

$teve--did all you said, then got this message when I rebooted in regular mode: "Cannot find the file 'winupdate.exe' (or one of its components). Make sure the path and filename are correct and that all required libraries are available." What do I do now? And thanks for the tip on posting the logfiles in a new thread, I just assumed it was better to post in the same thread to keep things together.

Flrman1 · 27-Aug-2003, 09:30 PM **#36**

kimkay

You will have to run Hijack This again and look for one or both of these entries and have HT fix them. One of these entries is still there and that is why you are receiving that message at startup.

F0 - system.ini: Shell=explorer.exe winupdate.exe

O4 - HKLM\..\Run: [windowsupdate] winupdate.exe

kimkay · 27-Aug-2003, 09:57 PM **#37**

I actually had both of those, flrman--I fixed them and started up normally. All the help has been great, my computer is running soooo much better. Thanks!!!

Flrman1 · 27-Aug-2003, 10:36 PM **#38**

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!