Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

helppp! your-searcher hijacked me

Started by shamrockgrfx , Aug 02 2004 04:03 PM

  • Please log in to reply

#1
shamrockgrfx
Posted 02 August 2004 - 04:03 PM

shamrockgrfx

    Member

  • Member
  • PipPip
  • 17 posts
Hi,
I am new to this site, usually can figure out these things myself but this one has got me stumped. My web browser automatically redirects to "Your-Searcher.com" I connect to the internet via a company called "Jointernet". I am not sure how i got this problem. I have run hijakthis and with in 30 seconds the 5 your search entries show back up after deleting. Also 4 links appear in my favorites folder and wont go away even after deleting those... I am obviously not deleting all that i need too. Hope someone with a gracious heart can take a minute to please help me. Please give me some guidance on how to get rid of this problem.
Here is my log file:


Logfile of HijackThis v1.98.1
Scan saved at 5:57:58 PM, on 8/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Rainbow Technologies\sentLM\Server\lservnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\Viewport.exe
C:\Program Files\JoiExpress\propelac.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ipjbqre.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\inetres.exe
C:\Documents and Settings\Brian M. Shannon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\JoiExpress\prpl_IePopupBlocker.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [reg_nuvision_ax] C:\WINDOWS\System32\Regsvr32 /s NUVision.ax
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [HydraVisionViewport] Viewport.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\JoiExpress\propelac.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [xykzvlfoxq] C:\WINDOWS\System32\ipjbqre.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\Brian M. Shannon\Desktop\deinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [inetres] C:\WINDOWS\System32\inetres.exe
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Brian M. Shannon\Local Settings\Temp\{1A1BAFD2-F2E2-441E-AD87-F586178436FE}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\JoiExpress\pac-addwl.html
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\JoiExpress\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\JoiExpress\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f7edadac81f3fd5
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F944816-2A0C-481F-A783-2CB2029AB6AE}: NameServer = 64.63.221.6 64.63.223.6
  • 0

Advertisements

#2
Hemal
Posted 02 August 2004 - 04:25 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a free program. Ad-aware.

Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download Ad-aware
  • 0

#3
shamrockgrfx
Posted 02 August 2004 - 04:51 PM

shamrockgrfx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
K thanks for the quick response...eventhough you ARE a red sox fan, I DO APPRECIATE THE HELP!! <_< I ran an updated Ad-Aware, rebooted and then ran a new hijack this log:

Logfile of HijackThis v1.98.1
Scan saved at 6:48:45 PM, on 8/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Rainbow Technologies\sentLM\Server\lservnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\Viewport.exe
C:\Program Files\JoiExpress\propelac.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ipjbqre.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\inetres.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Documents and Settings\Brian M. Shannon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\JoiExpress\prpl_IePopupBlocker.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [reg_nuvision_ax] C:\WINDOWS\System32\Regsvr32 /s NUVision.ax
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [HydraVisionViewport] Viewport.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\JoiExpress\propelac.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [xykzvlfoxq] C:\WINDOWS\System32\ipjbqre.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\Brian M. Shannon\Desktop\deinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [inetres] C:\WINDOWS\System32\inetres.exe
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Brian M. Shannon\Local Settings\Temp\{1A1BAFD2-F2E2-441E-AD87-F586178436FE}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\JoiExpress\pac-addwl.html
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\JoiExpress\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\JoiExpress\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f7edadac81f3fd5
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
  • 0

#4
admin
Posted 02 August 2004 - 11:52 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
Items in blue are optional, but will improve system performance.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [xykzvlfoxq] C:\WINDOWS\System32\ipjbqre.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

Do you know what this entry is for? If so, leave it for now.
O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\Brian M. Shannon\Desktop\deinst.exe

O4 - HKCU\..\Run: [inetres] C:\WINDOWS\System32\inetres.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Brian M. Shannon\Local Settings\Temp\{1A1BAFD2-F2E2-441E-AD87-F586178436FE}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\JoiExpress\pac-addwl.html
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f7edadac81f3fd5

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\ipjbqre.exe
C:\Program Files\WindUpdates <- this folder
C:\Documents and Settings\Brian M. Shannon\Desktop\deinst.exe (unless known)
C:\WINDOWS\System32\inetres.exe
C:\WINDOWS\System32\winlgn.exe

Reboot your PC.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<
  • 0

#5
shamrockgrfx
Posted 03 August 2004 - 10:36 AM

shamrockgrfx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for all your help, I did everything you said and reran hijack this...

I dont know what the 04-HKCU\..\Run: {DeInstall.exe.} file was but i wiped it out and it didnt seem to bother anything... the other thing is i couldnt find the C:\documents and settings\Brian M. Shannon\Desktop\deinst.exe file anywhere o searched my entire drive and it didnt turn up, same with the winlgn.exe file... Anyways here is a new hijack this log:

Logfile of HijackThis v1.98.1
Scan saved at 12:30:47 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Rainbow Technologies\sentLM\Server\lservnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\Viewport.exe
C:\Program Files\JoiExpress\propelac.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian M. Shannon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\JoiExpress\prpl_IePopupBlocker.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [reg_nuvision_ax] C:\WINDOWS\System32\Regsvr32 /s NUVision.ax
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [HydraVisionViewport] Viewport.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\JoiExpress\propelac.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\JoiExpress\pac-addwl.html
O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\JoiExpress\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\JoiExpress\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
  • 0

#6
admin
Posted 03 August 2004 - 12:14 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend Firefox.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP