Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can somebody look at my HiJackThis log [CLOSED]

Started by Arhiman , May 02 2004 02:59 PM

  • This topic is locked This topic is locked

#1
Arhiman
Posted 02 May 2004 - 02:59 PM

Arhiman

    Member

  • Member
  • PipPip
  • 14 posts
I have no idea what to get rid of and/or keep


Logfile of HijackThis v1.97.7
Scan saved at 4:56:21 AM, on 05/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\AIM\aim.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...ww.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/home.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5D9ED631-8F23-188C-6A48-40F117A131D7} - C:\WINDOWS\system32\zdmpnqfj.dll
O2 - BHO: (no name) - {60431EC3-1BAA-BB2C-0C5B-DA0F91D5ADCA} - C:\WINDOWS\system32\jrlfepam.dll
O2 - BHO: (no name) - {9942EAA2-9F35-8BE8-1F2B-CB1B216899A6} - C:\WINDOWS\system32\tvseidgc.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C693376E-A608-CACB-35AE-47DCAF70B1CC} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: the info - {9F4DDC96-D065-DA8A-2584-D7FDE025B74D} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [enfwshwv] C:\WINDOWS\aekuzpkp.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\XtawJ.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\}
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\popup stopper\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [online log] C:\PROGRA~1\bibmovekind\Gpl 4 long.exe
O4 - HKLM\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKLM\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKLM\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKLM\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKLM\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKLM\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKLM\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKLM\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKLM\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKLM\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKLM\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKLM\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKLM\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKLM\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Cosmi\HelpExpress\joe\Client\HelpExp.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\}
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKCU\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKCU\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKCU\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKCU\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKCU\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKCU\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKCU\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKCU\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKCU\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKCU\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKCU\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKCU\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKCU\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - Startup: Billminder.lnk = C:\QUICKEN02\BILLMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\SMARTCTR.EXE
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  • 0

Advertisements

#2
Smokey
Posted 02 May 2004 - 03:14 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Welcome Arhiman <_<

Congratulations, this is the worst log I have ever seen :D. But we can still help you fix it :P. Your computer has a NUMBER of spyware programs that we need to remove. For more info on spyware see the Spyware FAQ link in my signature.

Let's start with a few free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run the following two programs.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

Ad-aware Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. :D
  • 0

#3
Arhiman
Posted 02 May 2004 - 07:22 PM

Arhiman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thankyou for such a fast reply, here is the logfile after following your instructions
Logfile of HijackThis v1.97.7
Scan saved at 9:22:05 AM, on 05/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\bibmovekind\Gpl 4 long.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...ww.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/home.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5D9ED631-8F23-188C-6A48-40F117A131D7} - C:\WINDOWS\system32\zdmpnqfj.dll
O2 - BHO: (no name) - {60431EC3-1BAA-BB2C-0C5B-DA0F91D5ADCA} - C:\WINDOWS\system32\jrlfepam.dll
O2 - BHO: (no name) - {9942EAA2-9F35-8BE8-1F2B-CB1B216899A6} - C:\WINDOWS\system32\tvseidgc.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C693376E-A608-CACB-35AE-47DCAF70B1CC} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: the info - {9F4DDC96-D065-DA8A-2584-D7FDE025B74D} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [enfwshwv] C:\WINDOWS\aekuzpkp.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\XtawJ.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\}
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\popup stopper\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [online log] C:\PROGRA~1\bibmovekind\Gpl 4 long.exe
O4 - HKLM\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKLM\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKLM\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKLM\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKLM\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKLM\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKLM\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKLM\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKLM\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKLM\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKLM\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKLM\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKLM\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKLM\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Cosmi\HelpExpress\joe\Client\HelpExp.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\}
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKCU\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKCU\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKCU\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKCU\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKCU\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKCU\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKCU\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKCU\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKCU\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKCU\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKCU\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKCU\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKCU\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - Startup: Billminder.lnk = C:\QUICKEN02\BILLMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\SMARTCTR.EXE
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  • 0

#4
Smokey
Posted 02 May 2004 - 07:47 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
First of all uninstall "SpyKiller" through the control panel. Then, reboot in safe mode (by tapping F8 at startup and select safe mode from the menu). Be sure you are able to view hidden files and folders, and remove the following files:

C:\Program Files\syslaunch.exe <-- This File
C:\Program File\bibmovekind\ <-- This Folder
C:\Program Files\Cosmi\ <-- This Folder

C:\WINDOWS\emsw.exe <-- This File
C:\WINDOWS\aekuzpkp.exe <-- This File
C:\WINDOWS\Updreg.exe <-- This File

C:\WINDOWS\System32\XtawJ.exe <-- This File
c:\WINDOWS\System32\zzb.exe <-- This File

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...ww.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/home.html
O2 - BHO: (no name) - {5D9ED631-8F23-188C-6A48-40F117A131D7} - C:\WINDOWS\system32\zdmpnqfj.dll
O2 - BHO: (no name) - {60431EC3-1BAA-BB2C-0C5B-DA0F91D5ADCA} - C:\WINDOWS\system32\jrlfepam.dll
O2 - BHO: (no name) - {9942EAA2-9F35-8BE8-1F2B-CB1B216899A6} - C:\WINDOWS\system32\tvseidgc.dll
O2 - BHO: (no name) - {C693376E-A608-CACB-35AE-47DCAF70B1CC} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O3 - Toolbar: the info - {9F4DDC96-D065-DA8A-2584-D7FDE025B74D} - C:\PROGRA~1\nurbjump\Bore This.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [enfwshwv] C:\WINDOWS\aekuzpkp.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\XtawJ.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\}
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [online log] C:\PROGRA~1\bibmovekind\Gpl 4 long.exe
O4 - HKLM\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKLM\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKLM\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKLM\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKLM\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKLM\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKLM\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKLM\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKLM\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKLM\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKLM\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKLM\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKLM\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKLM\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Cosmi\HelpExpress\joe\Client\HelpExp.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\}
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [window.onerror = SymEr] c:\WINDOWS\System32\window.onerror = SymError;
O4 - HKCU\..\Run: [var SymRealWinOpen = window.o] c:\WINDOWS\System32\var SymRealWinOpen = window.open;
O4 - HKCU\..\Run: [function SymWinOpen(url, name, attribu] c:\WINDOWS\System32\function SymWinOpen(url, name, attributes)
O4 - HKCU\..\Run: [ return (new Object] c:\WINDOWS\System32\ return (new Object());
O4 - HKCU\..\Run: [window.open = SymWinO] c:\WINDOWS\System32\window.open = SymWinOpen;
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKCU\..\Run: [var SymRealOnUnl] c:\WINDOWS\System32\var SymRealOnUnload;
O4 - HKCU\..\Run: [ window.open = SymWinO] c:\WINDOWS\System32\ window.open = SymWinOpen;
O4 - HKCU\..\Run: [ if(SymRealOnUnload != n] c:\WINDOWS\System32\ if(SymRealOnUnload != null)
O4 - HKCU\..\Run: [ SymRealOnUnloa] c:\WINDOWS\System32\ SymRealOnUnload();
O4 - HKCU\..\Run: [ SymRealOnLoa] c:\WINDOWS\System32\ SymRealOnLoad();
O4 - HKCU\..\Run: [ window.open = SymRealWinO] c:\WINDOWS\System32\ window.open = SymRealWinOpen;
O4 - HKCU\..\Run: [ SymRealOnUnload = window.onunl] c:\WINDOWS\System32\ SymRealOnUnload = window.onunload;
O4 - HKCU\..\Run: [ window.onunload = SymOnUnl] c:\WINDOWS\System32\ window.onunload = SymOnUnload;
O4 - HKCU\..\Run: [window.onload = SymOnL] c:\WINDOWS\System32\window.onload = SymOnLoad;
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log.
  • 0

#5
Arhiman
Posted 02 May 2004 - 08:31 PM

Arhiman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thankyou so much nathanhuth for your time and talent, many problems are fixed and my computer seems faster. It was extremely nice of you to do this.
My logfile-posted again
Logfile of HijackThis v1.97.7
Scan saved at 10:31:01 AM, on 05/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\popup stopper\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - Startup: Billminder.lnk = C:\QUICKEN02\BILLMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\SMARTCTR.EXE
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  • 0

#6
Smokey
Posted 03 May 2004 - 03:24 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Good job :D, your log looks a lot better :D. I see just a couple of HJT entries you can fix. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log. <_<
  • 0

#7
Kat
Posted 03 September 2005 - 12:43 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP