Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log, have problem with IPassist.biz


  • Please log in to reply

#1
Turkamo505

Turkamo505

    New Member

  • Member
  • Pip
  • 4 posts
Here is my Log. Within the last few months I have been hit with Security Iguard, problems running Norton Anitvirus (I can install it but I can't run it), and this new Ip Assist.biz problem where a popup comes up when I'm on the computer (not even searching on the internet). Also certain links on web pages with common words will redirect me to the ipassist.biz search page. Other words in webpages are hyperlinked and will bring me to this page. My computer is slow and the internet (Firefox) is very slow.


Logfile of HijackThis v1.99.1
Scan saved at 4:12:20 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Services\{93FC580B-6ECA-45D7-AF5A-6363B10475FD}\SVCHOST.EXE
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\xvhfzzo5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cmozilla.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\xvhfzzo5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pjkrxozl] C:\WINDOWS\System32\mjffhgdn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{93FC580B-6ECA-45D7-AF5A-6363B10475FD}\SVCHOST.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [keydrv.exe] C:\WINDOWS\system32\winsystems.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Please disable the resident protection of both SpySweeper and Microsoft AntiSpyware, since they might block our efforts otherwise.

Then download the Killbox.
Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
Once in Safe Mode, please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\Services\{93FC580B-6ECA-45D7-AF5A-6363B10475FD}\SVCHOST.EXE
C:\WINDOWS\system32\winsystems.exe
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\mjffhgdn.exe

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [pjkrxozl] C:\WINDOWS\System32\mjffhgdn.exe

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{93FC580B-6ECA-45D7-AF5A-6363B10475FD}\SVCHOST.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\Run: [keydrv.exe] C:\WINDOWS\system32\winsystems.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O9 - Extra button: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)

O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe

Reboot once more and post a new HijackThis log.

Regards,
  • 0

#3
Turkamo505

Turkamo505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry it took so long to respond, I was very busy and found that Webroot's Spy Sweeper helped the problem. Therefore, I posted a new log. However, I encountered a problem when trying to follow your directions, Killbox is on my desktop but when I rebooted into safe mode, I couldn't find it.


Logfile of HijackThis v1.99.1
Scan saved at 8:01:31 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\xvhfzzo5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cmozilla.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\xvhfzzo5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mcappins.exe] "D:\VSc\Enu\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Please disable MicroSoft AntiSpyware's resident protection for the time it atkes to get clean. It may hinder our efforts by guarding your settings.


Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O9 - Extra button: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0EBF8008-C46F-4682-B55A-6F5F8EA387B8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {213FE227-4727-4C6B-BF73-EF5A439A467F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26E4448E-7632-49C6-A7D7-A5D7A06D2E6E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36AFF9D8-A5C8-4046-B2EB-32B5EBD5343D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D5D4985-7520-4093-9EC9-AB85683EF94F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {648CD521-5C07-40EA-8359-3520375B7382} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7767891-12FC-4FB6-88FF-99058E0BDBF1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C1E172EA-7214-4C90-B1F7-56DD8865D6E6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F00402AD-FAB4-437B-905C-A4B7E4235E2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F342346E-DA31-4760-A31B-E78196AA9D85} - (no file) (HKCU)

O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe

Then reboot and post a new log.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP