Recommended Posts

[size=1Logfile of HijackThis v1.98.0

Scan saved at 6:28:23 PM, on 10/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\sistray.EXE

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\dfrvamo.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\WindUpdates\WinUpdt.exe

C:\Program Files\Defender Pro Anti Spam\admin.exe

C:\WINDOWS\QuickBrowser.exe

C:\Program Files\WindUpdates\WinKA.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\mscif.exe

C:\Documents and Settings\Mom & Dad\Application Data\thbo.exe

C:\WINDOWS\System32\hwxun.exe

C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe

C:\Program Files\Defender Pro Anti Spam\dpantispam.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\ipmontr.exe

C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.charter.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {14A6345F-9418-0DC6-8058-105505AE2F3A} - C:\WINDOWS\System32\uqhzst.dll

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif

O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [scomscsle] C:\WINDOWS\System32\dfrvamo.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe

O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe

O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKCU\..\Run: [Oosl] C:\Documents and Settings\Mom & Dad\Application Data\thbo.exe

O4 - HKCU\..\Run: [Luwlvnrv] C:\WINDOWS\System32\hwxun.exe

O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe

O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe

O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct3_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f8612b9d97b9...ip/RdxIE601.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab]

Link to post
Share on other sites

1. Ok first download Adaware from. http://lavasoft.element5.com/support/download/#free Install it then open it and press check for updates. Dont scan with it yet we will do that later.

2. Download Cwsshredder from. http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip it dont run it yet.

3. Boot into safemode go here for Intructions on how to. http://service1.symantec.com/SUPPORT/tsgen...001052409420406

4. While in safemode open Adaware.

Click Start

Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.

It will list malware files and registry keys. Click Next.

Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.

It will ask for verification of checked items. Choose OK.

Close Ad-Aware

5. Run Cwsshredder which you downloaded earlyer and press fix.

6. Reboot back in to Windows and run an online virus scan http://housecall.antivirus.com/ make sure the auto clean option is on.

7. Then reboot again and post a new Hijackthis log here in a reply.

Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 9:14:17 PM, on 10/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Defender Pro Anti Spam\admin.exe

C:\WINDOWS\QuickBrowser.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe

C:\Program Files\Defender Pro Anti Spam\dpantispam.exe

C:\WINDOWS\System32\ipmontr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe

O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe

O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe

O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct3_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f8612b9d97b9...ip/RdxIE601.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

Link to post
Share on other sites

1. Move Hijackthis to a perment folder like c:/hjt so backups can be made. Ok open Hijackthis from c:/hjt and press scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)

O4 - HKLM\..\Run: [enss] C:\WINDOWS\System32\enss.exe

O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

O4 - HKCU\..\Run: [jgsd400] C:\WINDOWS\System32\jgsd400.exe

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [ipxpromn] C:\WINDOWS\System32\ipxpromn.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

2. Reboot and delete the following files.

C:\WINDOWS\System32\enss.exe

C:\WINDOWS\QuickBrowser.exe

C:\WINDOWS\System32\sysdoor.exe

C:\WINDOWS\System32\jgsd400.exe

C:\WINDOWS\System32\ipmontr.exe

C:\WINDOWS\System32\ipxpromn.exe

3. Delete the folders.

C:\Documents and Setting\AllUsers\Application data\Pribi\

C:\Program Files\Ebates_MoeMoneyMaker\

4. Go to Start, Settings, Control Panel, Add/Remove and uninstall Viewpoiont Manager.

5. Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 2:32:00 PM, on 10/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\ipmontr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 2:32:00 PM, on 10/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\ipmontr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

O4 - HKCU\..\Run: [ipmontr] C:\WINDOWS\System32\ipmontr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

**THIS IS ALL I HAVE.........I HOPE I DID EVERYTHING RIGHT. **

Link to post
Share on other sites
  • 2 weeks later...

This topic is now closed, if you need it reopened please contact a moderator on this site to have it reopened, please be sure to include a link to this post when you send the request.

If this isn't your topic, please start a new one and someone will respond as soon as possible

Thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.