1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

all the other removal threads haven't helped me...

Discussion in 'Virus & Other Malware Removal' started by hollyface, Sep 1, 2004.

Thread Status:
Not open for further replies.
  1. hollyface

    hollyface Thread Starter

    Joined:
    Aug 30, 2004
    Messages:
    7
    okay, i've realized i've got the about:blank hijacker. i've got spybot, adaware, hijack this, and adwareaway on the machine now.

    the original symptoms were that nothing explorer related worked, no internet, no windows explorer, nothing.

    i've gone through and run adaware, then spy bot, then hijack this for a log (where i found out i had this), then tried the adawareaway removal tool.

    i've renamed (i think) the file in regedit.

    things are sort of working again, can't get on the internet. i know this means the thing wasn't completely removed.

    i can't run the recovery console because Ndetect fails (a problem i've also encountered out in the field but there it comes with a "cannot repair because drive is corrupt" message, more info than you need but an explanation of this would rock)

    here's my second log, which one of these things is not like the other??? where's the blue meanie???

    and yes, i have sleep issues and play a lot of games online in the middle of the night... ahem...

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Hijack\HijackThis19802.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O1 - Hosts: 216.93.168.167 auto.search.msn.com
    O1 - Hosts: comments (such as these) may be inserted on individual
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {F101D8F9-9E90-4401-9FBF-9B515CAA045F} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.8.3.20/s...assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/...assets.cab
    O16 - DPF: Bridge by pogo - http://bridge02.pogo.com/applet/bridge/...assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/...assets.cab
    O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.2.31...assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.1...assets.cab
    O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/...assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cr...assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/ch...assets.cab
    O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/ch...assets.cab
    O16 - DPF: Dominoes by pogo.com - http://temp22.pogo.com/applet/domino/domino-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire32.pogo.com/applet/soli...assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.0...assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenb...assets.cab
    O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenb...assets.cab
    O16 - DPF: Hammerhead Pool by pogo - http://pool30.pogo.com/applet/pool/pool-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.9.2....assets.cab
    O16 - DPF: High Stakes Poker by pogo.com - http://temp05.pogo.com/applet/drawpoker...assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/p...assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoke...assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.0.25/gin/gin-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.2...assets.cab
    O16 - DPF: Payday FreeCell by pogo.com - http://temp36.pogo.com/applet/freecell/...assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0...assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.0.25...assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://broken01.pogo.com/applet-5.8.2.1...assets.cab
    O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/applet-5.9.2.31/p...assets.cab
    O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/...assets.cab
    O16 - DPF: Poppit! TM by pogo.com - http://poppit16.pogo.com/applet/poppit/...assets.cab
    O16 - DPF: Ricochet by pogo - http://game5.pogo.com/applet-5.9.0.18/r...assets.cab
    O16 - DPF: Sci-Fi Slots by pogo.com - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.8.6.20/s...assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slots/s...assets.cab
    O16 - DPF: Showbiz Slots by pogo.com - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.1...assets.cab
    O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squel...assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweet03.pogo.com/applet/sweettoo...assets.cab
    O16 - DPF: Sweet Tooth TM by pogo.com - http://sweet05.pogo.com/applet/sweettoo...assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.31...assets.cab
    O16 - DPF: The Sims Pinball by pogo.com - http://simball02.pogo.com/applet/simbal...assets.cab
    O16 - DPF: Toki Toki Boom - http://yog56.games.scd.yahoo.com/yog/y/vto_x.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.1.18/p...assets.cab
    O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triv...assets.cab
    O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/triv...assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.3.20/...assets.cab
    O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo07.pogo.com/applet-5.8.3.26...assets.cab
    O16 - DPF: Turbo 21 TM by pogo.com - http://turbo04.pogo.com/applet/turbo21/...assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/...assets.cab
    O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/...assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.1....assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackd...assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldcl...assets.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c...ltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Spelldown - http://yog56.games.scd.yahoo.com/yog/y/sdt1_x.cab
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://support.charter.com/sdccommon/download/tgctlins.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o...winrep.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47...ckwerx.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/install...nstall.cab
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} (Spam Arrest Email Configurator Download) - http://spamarrest.com/xcarab/10013/saclient.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v44...rdmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
    O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c...mplete.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40...lecity.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/p...der_v5.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi hollyface

    Be sure you have the newest version of Hijackthis:

    http://tools.radiosplace.com/HijackThis.exe

    The top header of your log is not showing, we generally like to see that...can you try again and post the entire log?
    Or wouldn't Notepad take it all? :)

    tryyyyy try to post again..........
    *Don't sound like Sheryl Crow do I...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/268948

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice