Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

abosearch & unosearch. com--cant't shake'm

Started by moe1320 , May 04 2005 08:22 AM

  • This topic is locked This topic is locked

#1
moe1320
Posted 04 May 2005 - 08:22 AM

moe1320

    New Member

  • Member
  • Pip
  • 2 posts
Hey Folks

Would appreciate any help I can get. I did run all the pre-post scans and downloads and still have a problem. When surfing, I get re-directed to these search addresses. They also plant themselves inside the ad boxes on some web pages. I have pasted my Hijack This Log below.

Thanks in advance


Logfile of HijackThis v1.99.1
Scan saved at 9:38:43 AM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.50.160.142 localhost
O1 - Hosts: 69.50.160.142 downloads.aaa1screensavers.com #[Bargin Buddy]
O1 - Hosts: 69.50.160.142 dl.aaascreensavers.com
O1 - Hosts: 69.50.160.142 abcsearch.com
O1 - Hosts: 69.50.160.142 admin.abcsearch.com
O1 - Hosts: 69.50.160.142 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 69.50.160.142 www.abcsearch.com
O1 - Hosts: 69.50.160.142 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 69.50.160.142 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 69.50.160.142 acestats.com
O1 - Hosts: 69.50.160.142 www.acestats.com
O1 - Hosts: 69.50.160.142 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 69.50.160.142 www.actualnames.com
O1 - Hosts: 69.50.160.142 ad-up.com
O1 - Hosts: 69.50.160.142 www.ad-up.com
O1 - Hosts: 69.50.160.142 adatom.com
O1 - Hosts: 69.50.160.142 aesp.adatom.com
O1 - Hosts: 69.50.160.142 adbest.com
O1 - Hosts: 69.50.160.142 adserv.adbonus.com
O1 - Hosts: 69.50.160.142 www.adbonus.com
O1 - Hosts: 69.50.160.142 ad2.adcept.net
O1 - Hosts: 69.50.160.142 ad3.adcept.net
O1 - Hosts: 69.50.160.142 www.adcept.net
O1 - Hosts: 69.50.160.142 adcomplete.com
O1 - Hosts: 69.50.160.142 www.adcomplete.com
O1 - Hosts: 69.50.160.142 www.adcopy.info
O1 - Hosts: 69.50.160.142 ads.adcorps.com
O1 - Hosts: 69.50.160.142 ads.addynamix.com
O1 - Hosts: 69.50.160.142 pt.server1.adexit.com
O1 - Hosts: 69.50.160.142 www.adexit.com
O1 - Hosts: 69.50.160.142 www.ad4ever.com
O1 - Hosts: 69.50.160.142 adhearus.com
O1 - Hosts: 69.50.160.142 display2.adhearus.com
O1 - Hosts: 69.50.160.142 ssl3.adhost.com
O1 - Hosts: 69.50.160.142 www2.adhost.com
O1 - Hosts: 69.50.160.142 www.addme.com
O1 - Hosts: 69.50.160.142 www.adinfinity.com
O1 - Hosts: 69.50.160.142 te.adlandpro.com
O1 - Hosts: 69.50.160.142 classic.adlink.de
O1 - Hosts: 69.50.160.142 regio.adlink.de
O1 - Hosts: 69.50.160.142 west.adlink.de
O1 - Hosts: 69.50.160.142 www.adminder.com
O1 - Hosts: 69.50.160.142 adsfac.net
O1 - Hosts: 69.50.160.142 www.adonweb.com
O1 - Hosts: 69.50.160.142 www.adrelevance.com #[NetRatings]
O1 - Hosts: 69.50.160.142 media.adrevolver.com
O1 - Hosts: 69.50.160.142 adroar.com
O1 - Hosts: 69.50.160.142 ads.adroar.com
O1 - Hosts: 69.50.160.142 delta.adroar.com
O1 - Hosts: 69.50.160.142 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
O1 - Hosts: 69.50.160.142 lists.adroar.com
O1 - Hosts: 69.50.160.142 www.adroar.com
O1 - Hosts: 69.50.160.142 ads.adsag.com
O1 - Hosts: 69.50.160.142 di.adsag.com
O1 - Hosts: 69.50.160.142 img.adsag.com
O1 - Hosts: 69.50.160.142 adserv.com
O1 - Hosts: 69.50.160.142 www.adserv.com
O1 - Hosts: 69.50.160.142 ads.adtomi.com
O1 - Hosts: 69.50.160.142 www.adtomi.com #[Adware.Adtomi]
O1 - Hosts: 69.50.160.142 downldcl.adtoolsinc.com
O1 - Hosts: 69.50.160.142 www.adtoolsinc.com
O1 - Hosts: 69.50.160.142 www.adtrader.com
O1 - Hosts: 69.50.160.142 survey.advantageresearch.com
O1 - Hosts: 69.50.160.142 ad.adver.com.tw
O1 - Hosts: 69.50.160.142 ads.advertise.net
O1 - Hosts: 69.50.160.142 advertisingvision.com #[Adware.Advision]
O1 - Hosts: 69.50.160.142 www.advertisingvision.com
O1 - Hosts: 69.50.160.142 adviva.com
O1 - Hosts: 69.50.160.142 www.adviva.com
O1 - Hosts: 69.50.160.142 ads.adviva.net
O1 - Hosts: 69.50.160.142 adstats.adviva.net
O1 - Hosts: 69.50.160.142 tracker.affistats.com #[msvrl.dll]
O1 - Hosts: 69.50.160.142 www.affiliatefuel.com
O1 - Hosts: 69.50.160.142 banners.affiliatefuel.com
O1 - Hosts: 69.50.160.142 affiliatetarget.com
O1 - Hosts: 69.50.160.142 www.affiliatetarget.com
O1 - Hosts: 69.50.160.142 fcds.affiliatetracking.net
O1 - Hosts: 69.50.160.142 our.affiliatetracking.net
O1 - Hosts: 69.50.160.142 www.affiliatetracking.net
O1 - Hosts: 69.50.160.142 www.affiliatetracking.com
O1 - Hosts: 69.50.160.142 partner.ah-ha.com #[Troj/Subsear-A][Adware-SSF.dr]
O1 - Hosts: 69.50.160.142 adserver.aim4media.com
O1 - Hosts: 69.50.160.142 adtest.aim4media.com
O1 - Hosts: 69.50.160.142 pops.aim4media.com
O1 - Hosts: 69.50.160.142 www.aim4media.com
O1 - Hosts: 69.50.160.142 crs.akamai.com
O1 - Hosts: 69.50.160.142 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
O1 - Hosts: 69.50.160.142 www.alexa.com
O1 - Hosts: 69.50.160.142 allcheapsolutions.com #[Backdoor-CIE]
O1 - Hosts: 69.50.160.142 ads.as4x.tmcs.akadns.net #[Ticketmaster]
O1 - Hosts: 69.50.160.142 bantam.ai.net
O1 - Hosts: 69.50.160.142 fiona.ai.net
O1 - Hosts: 69.50.160.142 ads.amazingmedia.com
O1 - Hosts: 69.50.160.142 bohema.amillo.net #[Trojan.Mitglieder.H]
O1 - Hosts: 69.50.160.142 adserver04.ancestry.com #[RealMedia]
O1 - Hosts: 69.50.160.142 ads.antionline.com
O1 - Hosts: 69.50.160.142 junior.apk.net
O1 - Hosts: 69.50.160.142 banner.arttoday.com
O1 - Hosts: 69.50.160.142 associmg.com #[amazon.com]
O1 - Hosts: 69.50.160.142 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
O1 - Hosts: 69.50.160.142 www.armbender.com #[UCSearch.ArmBender]
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: BHODemon 2.0.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111849604223
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E47EF9F6-C66B-4514-A923-C0B6AF362CC8} (fpprint.printjob) - http://www.maxwellfo...int/fpprint.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements

#2
moe1320
Posted 05 May 2005 - 10:24 AM

moe1320

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
To anyone that can help
I thank you in advance.

Please check my log file below

When I do a web search I get diverted to an offending web search and it also takes over some of the ad boxes in some web sites. I have gone through all the pre-post tasks twice already. Now my machine is running slower than before and still have the same problem. When I put my mouse over the links in the unwanted site it says "unosearch" at the bottom of the frame next to the "e" logo.
I don't know what to do.

thanks again

Logfile of HijackThis v1.99.1
Scan saved at 12:00:16 PM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: BHODemon 2.0.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111849604223
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E47EF9F6-C66B-4514-A923-C0B6AF362CC8} (fpprint.printjob) - http://www.maxwellfo...int/fpprint.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#3
Crustyoldbloke
Posted 10 May 2005 - 10:01 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Moe1320 and welcome to Geeks to Go.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix will require you to be in Safe Mode, which may not allow you to access the Internet, or my instructions!

Not a huge amount to do here; let’s see if we can do this in one hit. Now if you are ready, let’s get fixing!

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Security Suite

Install Ewido Security Suite (it is a 14-day trial version of the programme).
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The programme will prompt you to update click the OK button
  • The programme will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the programme scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop and include it in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O4 - Startup: BHODemon 2.0.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {E47EF9F6-C66B-4514-A923-C0B6AF362CC8} (fpprint.printjob) - http://www.maxwellfo...int/fpprint.CAB

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Wild Tangent

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete this folder (if present) using Windows Explorer:

C:\Program Files\AWS\

Please delete this file (if present) using Windows Explorer:

C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

Close Windows Explorer and Reboot normally.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and I will take another look.


Please note that member's posts have been merged to one




"Edit,
As there has been no reply from the original poster this topic is now closed,
Should you have any further problems please create a new Topic,

Thanks "

Edited by Crustyoldbloke, 20 May 2005 - 03:53 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP