1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Home page rerouted to "http://296f8.ilxt.info/index.php?aid=632"

Discussion in 'Virus & Other Malware Removal' started by BenWrafter, Sep 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. BenWrafter

    BenWrafter Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    11
    Hi there!

    I am having a problem with my Internet Explorer- evey time I go to open it the homepage gets diverted to "http://296f8.ilxt.info/index.php?aid=632" and popups start to appear. I have downloaded and run HiJackThis and the log is as follows.

    I would greatly appreciate any help you could give me with this,

    Thanks,

    Ben.

    -------------------------------------------------------------------



    Logfile of HijackThis v1.97.7
    Scan saved at 22:41:10, on 07/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Communicator\xcommsvr.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Scan Server\bdss.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Altnet\Points Manager\Points Manager.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    C:\windows\system32\sncntr.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe
    C:\windows\system32\sp2ctr.exe
    C:\windows\system32\mnpol.exe
    C:\WINDOWS\System32\xqajhn.exe
    C:\windows\system32\ntamsjjh.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System\winlogon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\flpycntl.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\My Downloads\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=632
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=632
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=632
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=632
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=632
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    F1 - win.ini: run=c:\windows\system32\flpycntl.exe
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1517.0\en-gb\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [FMSZCJPW] C:\WINDOWS\FMSZCJPW.exe
    O4 - HKLM\..\Run: [Wminf] c:\windows\system32\wminf.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Gay_Sexy_ie] C:\Program Files\SCom\Dialers\Gay_Sexy_ie\Gay_Sexy_ie.exe /dontdial
    O4 - HKLM\..\Run: [Popup Blocker] C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdnagent.exe
    O4 - HKLM\..\Run: [fwt] C:\WINDOWS\fwt.exe
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [rasdisk] C:\WINDOWS\Config\rasdisk.exe
    O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
    O4 - HKLM\..\Run: [Hot_Tarts_ie] C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe /dontdial
    O4 - HKLM\..\Run: [Mdmdll] c:\windows\system32\mdmdll.exe
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
    O4 - HKLM\..\Run: [vtixltzfuq] C:\WINDOWS\System32\xqajhn.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [NTAMSJJH] c:\windows\system32\ntamsjjh.exe /install
    O4 - HKLM\..\Run: [Flpycntl] c:\windows\system32\flpycntl.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Wminf] c:\windows\system32\wminf.exe
    O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\winlogon.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1018.dll,InstantAccess
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent_.exe
    O4 - HKCU\..\Run: [cs] C:\Program Files\Computer Shield\cs.exe /Iconic
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
    O4 - HKCU\..\Run: [Flpycntl] c:\windows\system32\flpycntl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: winlogin.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1018_EN_XP.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\diidgnix.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe
    O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.com/dialer/emsat_ver3_son.CAB
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00005/chm.chm::/files/initial.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.com/dialer/emsat_ver3.CAB
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16475b4fd6b89e6cf617/netzip/RdxIE601.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {8701E3B9-DC63-440B-83A1-80F27A4FCAFA} (Vacpro.emsat_ver2_new2) - http://www.7adpower.com/dialer/emsat_ver2_new2.CAB
    O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-ie/ie/games1.cab
    O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
    O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1031_pack_XP.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {B914A3C5-80F5-43C1-A4A3-C4211921DC7B} - http://akamai.downloadv3.com/binaries/IA/netdtc32_EN_XP.cab
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.idownload.com/download/queue/PBP-0689-3731-0992-4238/setup.exe
    O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Welcome to TSG
    You have a older version of Hijackthis please update

    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    CWshredder from http://www.subratam.org/?page=removal
    Spybot - Search & Destroy from http://security.kolla.de
    AdAware 6 from http://www.lavasoft.de/software/adaware/

    then
    Run CWSHREDDER,

    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.


    then reboot &

    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  3. BenWrafter

    BenWrafter Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    11
    Followed instructions as requested. . .Log from new Hijack this scan below. . .

    Many thanks again. . .

    _______________________________________________________________________


    Logfile of HijackThis v1.98.2
    Scan saved at 12:49:10, on 10/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Communicator\xcommsvr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Scan Server\bdss.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Altnet\Points Manager\Points Manager.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    C:\windows\system32\sncntr.exe
    C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe
    C:\windows\system32\sp2ctr.exe
    C:\windows\system32\mnpol.exe
    C:\WINDOWS\System32\xqajhn.exe
    C:\windows\system32\ntamsjjh.exe
    C:\windows\system32\mswavedll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\My Downloads\HiJackThisUpdated\HijackThis.exe

    R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1517.0\en-gb\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Gay_Sexy_ie] C:\Program Files\SCom\Dialers\Gay_Sexy_ie\Gay_Sexy_ie.exe /dontdial
    O4 - HKLM\..\Run: [Popup Blocker] C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdnagent.exe
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [rasdisk] C:\WINDOWS\Config\rasdisk.exe
    O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
    O4 - HKLM\..\Run: [Hot_Tarts_ie] C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe /dontdial
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
    O4 - HKLM\..\Run: [vtixltzfuq] C:\WINDOWS\System32\xqajhn.exe
    O4 - HKLM\..\Run: [NTAMSJJH] c:\windows\system32\ntamsjjh.exe /install
    O4 - HKLM\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cs] C:\Program Files\Computer Shield\cs.exe /Iconic
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1018_EN_XP.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.com/dialer/emsat_ver3_son.CAB
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16475b4fd6b89e6cf617/netzip/RdxIE601.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {8701E3B9-DC63-440B-83A1-80F27A4FCAFA} (Vacpro.emsat_ver2_new2) - http://www.7adpower.com/dialer/emsat_ver2_new2.CAB
    O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-ie/ie/games1.cab
    O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
    O16 - DPF: {B914A3C5-80F5-43C1-A4A3-C4211921DC7B} - http://akamai.downloadv3.com/binaries/IA/netdtc32_EN_XP.cab
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.idownload.com/download/queue/PBP-0689-3731-0992-4238/setup.exe
    O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab
     
  4. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    I highly recommend you get rid of Kazaa. It is full of spyware and the source of many problems. A lot of the problems you have now are from the garbage that comes bundled with Kazaa and is installed on your PC without your knowledge.

    Go here and get KazaaBegone and run it to get rid of Kazaa:http://www.spychecker.com/program/kazaagone.html

    You need to do a online scan from here http://housecall.trendmicro.com/. When it is done Run HIjackthis and fix the below items some of them may be gone after you do the online scan



    Run HIjackthis and fix the following. Be sure all windows are closed except for hijackthis.

    R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg

    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm

    O4 - HKLM\..\Run: [Hot_Tarts_ie] C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe /dontdial

    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm

    O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe


    16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binari..._1018_EN_XP.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab
    O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.com/dialer/emsat_ver3_son.CAB
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari...tia32_EN_XP.cab
    O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binari...thv32_EN_XP.cab
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binari...ice_5_EN_XP.cab

    You also have an Adult dialler on your slystem
    At one time you had the Mastak virus on your system

    reboot and post a new log we will have some more to take off
     
  5. BenWrafter

    BenWrafter Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    11
    Did as you required - again, many thanks for all your help. . . Log below.


    -----------------------------------------------------------------------------------
    Logfile of HijackThis v1.98.2
    Scan saved at 21:44:55, on 13/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\windows\system32\cddrv32.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Altnet\Points Manager\Points Manager.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    C:\windows\system32\sncntr.exe
    C:\Program Files\Video1\Dialers\Hot_Tarts_ie\Hot_Tarts_ie.exe
    C:\windows\system32\sp2ctr.exe
    C:\windows\system32\mnpol.exe
    C:\WINDOWS\System32\xqajhn.exe
    C:\windows\system32\vvmwemja.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Communicator\xcommsvr.exe
    C:\Program Files\Common Files\iDownload\Virus Hunter Scan Server\bdss.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\My Downloads\HiJackThisUpdated\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=632
    F3 - REG:win.ini: run=c:\windows\system32\cddrv32.exe
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1517.0\en-gb\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Popup Blocker] C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\IDOWNL~1\VIRUSH~1\bdnagent.exe
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
    O4 - HKLM\..\Run: [rasdisk] C:\WINDOWS\Config\rasdisk.exe
    O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
    O4 - HKLM\..\Run: [vtixltzfuq] C:\WINDOWS\System32\xqajhn.exe
    O4 - HKLM\..\Run: [VVMWEMJA] c:\windows\system32\vvmwemja.exe /install
    O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cs] C:\Program Files\Computer Shield\cs.exe /Iconic
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16475b4fd6b89e6cf617/netzip/RdxIE601.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {8701E3B9-DC63-440B-83A1-80F27A4FCAFA} (Vacpro.emsat_ver2_new2) - http://www.7adpower.com/dialer/emsat_ver2_new2.CAB
    O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-ie/ie/games1.cab
    O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
    O16 - DPF: {B914A3C5-80F5-43C1-A4A3-C4211921DC7B} - http://akamai.downloadv3.com/binaries/IA/netdtc32_EN_XP.cab
    O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.idownload.com/download/queue/PBP-0689-3731-0992-4238/setup.exe
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Do you know what this is?:

    O4 - HKCU\..\Run: [cs] C:\Program Files\Computer Shield\cs.exe /Iconic


    Go to Add/Remove programs and uninstall SpyBlocs. It is a ripoff/bogus anti-spyware program.

    Also uninstall SpyKiller if you have not paid for it. Adware and Spybot are better for free.

    Uninstall Altnet Points Manager and p2p Networking too.

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=632

    F3 - REG:win.ini: run=c:\windows\system32\cddrv32.exe

    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg

    O4 - HKLM\..\Run: [rasdisk] C:\WINDOWS\Config\rasdisk.exe

    O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe

    O4 - HKLM\..\Run: [vtixltzfuq] C:\WINDOWS\System32\xqajhn.exe

    O4 - HKLM\..\Run: [VVMWEMJA] c:\windows\system32\vvmwemja.exe /install

    O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe

    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan

    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

    O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16475b4fd6b89e...ip/RdxIE601.cab

    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

    O16 - DPF: {8701E3B9-DC63-440B-83A1-80F27A4FCAFA} (Vacpro.emsat_ver2_new2) - http://www.7adpower.com/dialer/emsat_ver2_new2.CAB

    O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/...e/ie/games1.cab

    O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binari...ice_4_EN_XP.cab

    O16 - DPF: {B914A3C5-80F5-43C1-A4A3-C4211921DC7B} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab


    Restart to safe mode.

    How to start your computer in safe mode

    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now find and delete these files:

    C:\WINDOWS\Config\rasdisk.exe
    c:\windows\system32\sncntr.exe
    c:\windows\system32\mnpol.exe
    C:\WINDOWS\System32\pc32.exe
    C:\WINDOWS\System32\xqajhn.exe
    C:\windows\system32\vvmwemja.exe
    C:\windows\system32\cddrv32.exe
    C:\windows\system32\sp2ctr.exe
    C:\WINDOWS\System32\matrixhere.exe

    Delete these folders:

    C:\Program Files\SpyBlocs
    C:\Program Files\Video1
    C:\Program Files\Altnet
    C:\WINDOWS\System32\P2P Networking

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Documents and Settings\(Your user profile name here)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    When you are sure you are clean turn it back on and create a restore point.


    Go here and do an online virus scan.

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.

    Turn System Restore back on and create a restore poit:

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
     
  7. BenWrafter

    BenWrafter Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    11
    Thank you sooooo much!!!

    Web access is possible once more and there is no sign of any traces of the hijacker anymore. One small problem is that I can't access my emails through MSN explorer - I would imagine I knocked out something getting rid of the hijacked. Do you know how I can fis this?

    I really appreciate all your help and thanks again!
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Are you getting na error? Please tell me exactly what you mena whe you say " I can't access my emails through MSN explorer"
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Home page rerouted
  1. ated19
    Replies:
    4
    Views:
    680
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271330

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice