oneclicksearches & m00.exe problems: HJTlog included.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jonty

Thread Starter
Joined
Jun 28, 2005
Messages
4
Hi! As the title suggests I have two spyware problems at the moment that I'm struggling to solve. Firstly, on my desktop and in My Documents I have an icon for m00.exe that I can't remove, as when I right-click and try deleting it, a message pops-up that it is being used by another program or person. Secondly, my IE homepage has been hijacked to take me to www.oneclicksearches.com and reverts to this continually when I go online, effectively preventing me from using the net (although I do have access to the net at work).
I've run an up to date vesion of Sophos, Spysweeper 4.0 and Spybot S & D (both normally and in Safe Mode) but these don't seem to have done the job.
Any help to rid me of these gremlins would be gratefully received!

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 20:02:49, on 27/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sophos\SWNETSUP.EXE
C:\Program Files\Sophos\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sophos\ICMON.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp3B38.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SWEEP for Windows NT Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos\SWNETSUP.EXE
O23 - Service: SWEEP for Windows NT (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos\SWEEPSRV.SYS

Thanks,
Jonty
 
Joined
May 13, 2005
Messages
4,699
HiJonty, welcome to TSG

1) go to ccleaner.com and download to the desktop.
2) run the cleaner and also click on issues in the top left corner and search for registry issues
3) fix all that it found.
This will remove all spyware cookies, and temp files that may be causing your pop-up problems.

You HJT log seems to be clear, your popup problem may be due to lack of protection. I'm not sure, my experience is limited and i am new here.

"bump" later to ask a pop-up specialist about pop-ups, or about virus's
I also recommend you do a trend micro housecall virus scan, if you havent done one already. I consider this to be the best from previous experience.
David
 

jonty

Thread Starter
Joined
Jun 28, 2005
Messages
4
Thanks David, I'll have a go with CCCleaner and then get back to you.
I've tried trashing the R0 entry from HJT but every time I reboot and scan again it re-appears.
 

jonty

Thread Starter
Joined
Jun 28, 2005
Messages
4
Problem solved (partially at any rate)! I followed flrman1 's excellent guidance (see threads started by anthole 69 on 22nd June and Thomas on 27th June) and it seems to have done the job with the pesky oneclicksearches homepage hijack. My problem with m00.exe still exists, but I'll start a new thread on this. All hail flrman1!
Thanks,
Jonty
 

jonty

Thread Starter
Joined
Jun 28, 2005
Messages
4
On my Desktop and in My Documents I have an icon for m00.exe that I can't remove, as when I right-click and try deleting it, a message pops-up that it is being used by another program or person. Any ideas about what this is and more importantly, how to get rid of it? Please help.
Thanks,
Jonty
 
Joined
Feb 15, 2004
Messages
826
Download HijackThis from here. Make a new folder for the program and then open it, click Scan. When it finishes scanning, do no remove anything but instead save the log and copy and paste it here. Someone will then come along and further help you.
 

Cookiegal

Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
116,531
First Name
Karen
jonty,

Hi and Welcome to TSG,

I have merged both of your threads together so that we can see all of the problems and avoid duplication of our efforts to help.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top