Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
25-Aug-2004, 07:10 AM
#1 | |||||
 Hijackthis - program |
| |
25-Aug-2004, 01:00 PM
#2 | ||||||
 Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > ViewDownload and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.computercops.biz/downloads-cat-14.html Then: 1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT...01052409420406 2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uqrrghgqhdwis.com/wb_u04...bZGnT/A5eQ.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ecppevwmyg.com/wb_u048nt...XFxeajTjsr9.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [20736330.exe] C:\WINDOWS\System\20736330.exe ^^ find and delete the file 20736330.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart  Messenger Plus must be removed through Add/Remove programs. It installs and maintains a "lop.com" hijack, which will return otherwise.Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire. 3 >> on reboot, use the latest version of HijackThis, available below, to post a new Scanlog. http://www.net-integration.net/tools/hijackthis.html |
25-Aug-2004, 04:05 PM
#4 | ||||||
26-Aug-2004, 01:40 PM
#6 | ||||||
27-Aug-2004, 05:27 AM
#7 | |||||
| probably the problerm has been resolved because the date wait and the other things did not come back even after i connected to the internet, and i removed the files that you said to take a look. there was some "window search" in the add remove programs and i removed it. here is the final scan log: Logfile of HijackThis v1.98.2 Scan saved at 11:15:20, on 27.8.2004 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WND.EXE C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\LOADQM.EXE C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\MMTRAYLSI.EXE C:\WINDOWS\SYSTEM\MMTRAY2K.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE C:\WINDOWS\SYSTEM\MMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\NOTEPAD.EXE D:\HIJAC THIS\2\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F1 - win.ini: run=hpfsched N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\MY DOCUMENTS\PDF READER\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\My Documents\Lotta\HP valokuva ohjelma\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\My Documents\Lotta\HP valokuva ohjelma\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: PowerReg Scheduler.exe O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab I wondered if you could tell me how to be sure that thease kind of problerms would not come back again,perhaps you could tell me some program that refuses them,i tried to use two different kind of firewall programs (not at the same time)and when i had installed firewall program my computer started to reboot himself without warning,after i had un installed firewall my computer did not any more reboot himself.i tink thats kind of weird, i hope you can help me out.  |
27-Aug-2004, 11:32 AM
#8 | ||||||
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 06:04 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile