Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

webtracer.cc[RESOLVED]


  • This topic is locked This topic is locked

#1
jok3r19

jok3r19

    New Member

  • Member
  • Pip
  • 4 posts
here is my hijack log file

Logfile of HijackThis v1.99.1
Scan saved at 4:58:20 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jok3r\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe


Ie comes up to webtracer.cc the about/blank

thank you in advance for your help
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Is that your entire log?
Or do you have a ignore list?

Anyway, in Internet Explorer click Tools - Internet Options - Accessibility - and uncheck "Format documents using my style sheet"
  • Download the Registry Search Tool.
  • Unzip the contents of RegSrch.zip to a convenient location.
  • Double-click on RegSrch.vbs.
  • If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
  • In the "Enter search string (case insensitive) and click OK..." box paste this string:
    • stsheets.dat
  • Click "OK" to search the registry for that string.
  • Wait for a few minutes while it completes the search.
  • Click "OK" to open the results in WordPad.
  • Copy and paste the entire results into your next post.
Regards,
  • 0

#3
jok3r19

jok3r19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "stsheets.dat" 5/26/2005 3:11:45 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenuh]
"StsPath"="\\??\\C:\\WINDOWS\\stsheets.dat"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gameenuh]
"StsPath"="\\??\\C:\\WINDOWS\\stsheets.dat"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gameenuh]
"StsPath"="\\??\\C:\\WINDOWS\\stsheets.dat"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Styles]
"User Stylesheet"="C:\\WINDOWS\\stsheets.dat"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Styles]
"User Stylesheet"="C:\\WINDOWS\\stsheets.dat"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Styles]
"User Stylesheet"="C:\\WINDOWS\\stsheets.dat"

[HKEY_USERS\S-1-5-21-823518204-920026266-1343024091-1003\Software\Microsoft\Internet Explorer\Styles]
"User Stylesheet"="C:\\WINDOWS\\stsheets.dat"

[HKEY_USERS\S-1-5-21-823518204-920026266-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5604]
"003"="stsheets.dat"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Styles]
"User Stylesheet"="C:\\WINDOWS\\stsheets.dat"
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Copy the part in bold below into notepad and save it as remcwssys.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenuh]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gameenuh]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gameenuh]

Doubleclick the file and confirm you want to merge it with the registry.

Then copy the part in the CODE box below into notepad and save it as fix.bat

@echo off

sc stop gameenuh

pause

sc delete gameenuh

cd system32\drivers\
attrib -r -s -h gameenuh.sys
del gameenuh.sys
Doubleclick on fix.bat.
A window will open.
It'll ask you to press any button to go further, so press any button.
The window will automatically close again.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Some may already be gone. Skip them if so.
Reboot, run HijackThis again and post the new log.

Regards,
  • 0

#5
jok3r19

jok3r19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:20:31 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Documents and Settings\Jok3r\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\rundll32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Excellent. :tazz:

Is your computer behaving now?

Please have a look at my site for some tips on how to remove and prevent spyware.

Regards,
  • 0

#7
jok3r19

jok3r19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
yea its working great thanx for all your help
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP