Please evaluate what needs to be done

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Iggy54

Thread Starter
Joined
Sep 29, 2003
Messages
3
Logfile of HijackThis v1.97.2
Scan saved at 9:45:01 AM, on 9/29/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\COMMON~1\AOL\EVENTM~1\emservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\Explorer.com
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sqwire\cc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NoPops\PopupKillerGUI.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe
C:\PROGRA~1\NoPops\POPUPK~1.EXE
C:\Windows\Explorer.com
C:\Program Files\Internet Washer Pro\iw.exe
C:\Documents and Settings\rent a center\Application Data\DownloadPlus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Explorer.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rent a center\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ez-searching.com/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ez-searching.com/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ez-searching.com/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.venusseek.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ez-searching.com/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - C:\DOCUME~1\RENTAC~1\LOCALS~1\Temp\BHO010~1.DLL (file missing)
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\Program Files\Sqwire\u.dll (file missing)
O2 - BHO: (no name) - {34D516EA-40E3-4E3B-8BA8-505112738ED5} - C:\WINDOWS\System32\ctavp3.dll
O2 - BHO: Popup Killer - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Program Files\NoPops\PopupKiller.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem215.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_5_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\system32\QaBar.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O3 - Toolbar: Search Bar - {B418B139-414D-4374-820F-EE74520C5A0D} - C:\WINDOWS\System32\ctavp3.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Explorer] C:\Windows\Explorer.com
O4 - HKLM\..\Run: [infwin] c:\windows\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Explorer] C:\Windows\Explorer.com
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [Explorer] C:\Windows\Explorer.com
O4 - HKCU\..\RunOnce: [Explorer] C:\Windows\Explorer.com
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\rent a center\Application Data\DownloadPlus.exe
O4 - Startup: JulianKeys.lnk = C:\Program Files\JulianKeys\JulianKeys.EXE
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdepot.com/CFIDE/classes/CFJava.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8106/turbo.cab?id=3107323
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {132BDF97-4059-46E6-BB76-9BFD2527226F} (CChat Class) - http://cuteandsingle.com/downloads/cc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.camworldz.com/3330.exe
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/CGA38106/payload2.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} (Loader Class) - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/CGA38106/clean.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {4580026C-022A-4FDA-87BC-EDA848D0B7A6} (PKey Class) - http://66.51.29.59/ctavp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/232ef4d8727ea76ec816/netzip/RdxIE601.cab
O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodcontacts.com/install/Reunion/Reunion.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.badamateur.com/r/webcamplugin.cab
O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QaBar.cab
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - http://216.127.94.241/PremiumConnectLoad.cab
O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialerXP.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,13/mcgdmgr.cab
O16 - DPF: {C02ABE2E-82E4-11D7-8C3C-D9882698AD71} (InstallMMObj Class) - http://www.youclick2earn.com/messenger/youclick2earn/InstallMM.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://www.absoluteteensmut.com/activeinstaller.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
 
Joined
Jul 24, 2003
Messages
420
You can have Hijack This ''Fix Checked'' the following ,

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ez-searching.com/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ez-searching.com/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ez-searching.com/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.venusseek.com/home.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ez-searching.com/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3....rchPageHome.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - C:\DOCUME~1\RENTAC~1\LOCALS~1\Temp\BHO010~1.DLL (file missing)

O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\Program Files\Sqwire\u.dll (file missing)

O2 - BHO: (no name) - {34D516EA-40E3-4E3B-8BA8-505112738ED5} - C:\WINDOWS\System32\ctavp3.dll

O2 - BHO: Popup Killer - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Program Files\NoPops\PopupKiller.dll

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem215.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll

O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll

O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\system32\QaBar.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll

O3 - Toolbar: Search Bar - {B418B139-414D-4374-820F-EE74520C5A0D} - C:\WINDOWS\System32\ctavp3.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [infwin] c:\windows\system32\infwin.exe /noconnect

O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe

O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe

O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\rent a center\Application Data\DownloadPlus.exe

O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdepot.com/CFIDE/classes/CFJava.cab

O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com....cab?id=3107323

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe

O16 - DPF: {132BDF97-4059-46E6-BB76-9BFD2527226F} (CChat Class) - http://cuteandsingle.com/downloads/cc.cab

O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.camworldz.com/3330.exe

O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.co...06/payload2.cab

O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} (Loader Class) - http://www.tnc4u.com/MCInst.cab

O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.co...38106/clean.cab

O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproact...etwasherpro.cab

O16 - DPF: {4580026C-022A-4FDA-87BC-EDA848D0B7A6} (PKey Class) - http://66.51.29.59/ctavp.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/232ef4d8727ea7...ip/RdxIE601.cab

O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodcontacts.com/install/Reunion/Reunion.cab

O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.badamateur.com/r/webcamplugin.cab

O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QaBar.cab

O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab

O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - http://216.127.94.241/PremiumConnectLoad.cab

O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.ne...TMLDialerXP.cab

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsol...ArcadeRdxIE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/s...,13/mcgdmgr.cab

O16 - DPF: {C02ABE2E-82E4-11D7-8C3C-D9882698AD71} (InstallMMObj Class) - http://www.youclick2earn.com/messen...n/InstallMM.cab

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download...ptdmgainads.cab

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDist.CAB

O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://www.absoluteteensmut.com/activeinstaller.dll


The following link can assist you in enabling the ''Show all Files and Folders'' option in Windows
http://service1.symantec.com/SUPPOR...92715262339?Open&src=&docid=2000040412261548&


Now start your computer in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Navigate to and Delete the following

C:\Program Files\MyWebSearch > Folder
C:\Program Files\Sqwire > Folder
C:\Program Files\Hotbar > Folder
C:\Program Files\NoPops > Folder
c:\windows\system32\infwin.exe > File

Shutdown & Normal Reboot

Follow normmork's Ad-aware 6 Personal Build 6.181 Recommendation http://forums.techguy.org/t164245/s.html

Follow-up with Downloading and installing Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer

Consider installing SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

When you're finished , Rescan Hijack This , Return to this thread and post a new log for a follow-up review

Good luck
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
And have the following fixed as well:

O4 - HKLM\..\Run: [Explorer] C:\Windows\Explorer.com
O4 - HKCU\..\Run: [Explorer] C:\Windows\Explorer.com
O4 - HKLM\..\RunOnce: [Explorer] C:\Windows\Explorer.com
O4 - HKCU\..\RunOnce: [Explorer] C:\Windows\Explorer.com


After rebooting, delete the C:\Windows\Explorer.com file itself. Its a worm or trojan.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
BTW, before deleting the Explorer.com file, would you please send a copy to this e-mail address for analysis?
If it's an all new baddie, we'd want to forward copies to the developers ASAP!

We'd appreciate it! :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top