Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rapid blaster1-6/we like the girls 1-7 [CLOSED]


  • This topic is locked This topic is locked

#16
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Hi Char,

Did you see my reply, above your last reply?

Hi char12,

Buckle in, we're getting pretty geeky here, but I'm sure you can handle it

Copy the contents of the CODE box below to Notepad, and save as remove.reg (save as type: 'all files' )

CODE
REGEDIT4

[-HKEY_CURRENT_USER\Software\adtomi]

[-HKEY_CLASSES_ROOT\CLSID\{B549456D-F5D0-4641-BCED-8648A0C13D83}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B549456D-F5D0-4641-BCED-8648A0C13D83}] 


DoubleClick Remove.reg, and hit yes on the prompt to add its contents to the Registry!

Please move Hijack This to its own directory (i.e. C:\HJT). This is because HJT creates backups that may be needed later, and they may get deleted when in a temp directory.

Run Hijack This, and check and have it fix all of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O1 - Hosts: 199.181.132.145 abc.go.com
O1 - Hosts: 66.163.172.88 admin.yahoo.com
O1 - Hosts: 165.254.12.131 adopt.hotbar.com
O1 - Hosts: 66.135.200.136 cgi.ebay.com
O1 - Hosts: 66.135.194.20 cgi1.ebay.com
O1 - Hosts: 66.135.210.30 cgi2.ebay.com
O1 - Hosts: 209.47.15.73 cnt.rapidblaster.com
O1 - Hosts: 206.16.0.219 download.com.com
O1 - Hosts: 216.109.126.26 e.my.yahoo.com
O1 - Hosts: 216.136.227.7 edit.yahoo.com
O1 - Hosts: 66.135.195.237 electronics.ebay.com
O1 - Hosts: 216.73.89.150 email.staples-deals.com
O1 - Hosts: 207.46.167.100 encarta.msn.com
O1 - Hosts: 207.68.170.124 groups.msn.com
O1 - Hosts: 207.218.164.60 home.neopets.com
O1 - Hosts: 216.237.188.22 images.emailhello.com
O1 - Hosts: 208.254.63.60 images.trafficmp.com
O1 - Hosts: 64.12.46.235 lastsamurai.warnerbros.com
O1 - Hosts: 66.135.195.27 listings.ebay.com
O1 - Hosts: 65.54.231.240 login.passport.com
O1 - Hosts: 65.54.229.246 login.passport.net
O1 - Hosts: 66.218.75.184 login.yahoo.com
O1 - Hosts: 216.109.127.60 mail.yahoo.com
O1 - Hosts: 65.54.229.252 memberservices.passport.net
O1 - Hosts: 207.46.189.15 moneycentral.msn.com
O1 - Hosts: 207.46.150.21 msnbc.com
O1 - Hosts: 207.68.173.234 my.msn.com
O1 - Hosts: 216.109.126.22 my.yahoo.com
O1 - Hosts: 206.31.10.94 new1.mysurvey.com
O1 - Hosts: 66.135.200.137 offer.ebay.com
O1 - Hosts: 66.135.192.87 pages.ebay.com
O1 - Hosts: 165.254.12.202 premium-offers.com
O1 - Hosts: 66.135.195.245 promo.ebay.com
O1 - Hosts: 209.68.226.5 resources.lawinfo.com
O1 - Hosts: 66.135.210.135 search.ebay.com
O1 - Hosts: 66.135.194.165 search-desc.ebay.com
O1 - Hosts: 206.204.52.6 security.symantec.com
O1 - Hosts: 198.6.49.121 service1.symantec.com
O1 - Hosts: 66.135.210.112 signin.ebay.com
O1 - Hosts: 165.254.12.100 software4thenet.com
O1 - Hosts: 65.88.128.22 support.rnetinc.net
O1 - Hosts: 207.218.164.16 survey.neopets.com
O1 - Hosts: 216.109.127.246 us.rd.yahoo.com
O1 - Hosts: 209.68.226.14 wishtv.lawinfo.com
O1 - Hosts: 207.171.184.16 www.amazon.com
O1 - Hosts: 165.138.113.249 www.bcsc.k12.in.us
O1 - Hosts: 134.68.52.57 www.bursar.iupui.edu
O1 - Hosts: 24.173.79.235 www.bursar.org
O1 - Hosts: 66.77.107.150 www.buzme.com
O1 - Hosts: 63.146.175.46 www.campmor.com
O1 - Hosts: 63.240.56.20 www.cbs.com
O1 - Hosts: 206.246.138.42 www.centra.org
O1 - Hosts: 134.68.19.195 www.columbus.iupui.edu
O1 - Hosts: 63.240.215.65 www.discovery.com
O1 - Hosts: 65.214.48.1 www.divorcenet.com
O1 - Hosts: 66.213.200.130 www.easierrebate.com
O1 - Hosts: 66.135.192.88 www.ebay.com
O1 - Hosts: 139.171.64.10 www.elderly.com
O1 - Hosts: 63.127.205.130 www.familychristian.com
O1 - Hosts: 66.162.192.49 www.goodysonline.com
O1 - Hosts: 207.182.237.203 www.gozingsurveys.com
O1 - Hosts: 157.91.12.65 www.in.gov
O1 - Hosts: 198.64.149.203 www.indiana.com
O1 - Hosts: 209.125.194.211 www.ipsh.net
O1 - Hosts: 134.68.122.5 www.iupui.edu
O1 - Hosts: 192.232.125.61 www.kodak.com
O1 - Hosts: 64.60.155.251 www.melissadata.com
O1 - Hosts: 216.154.228.146 www.montelshow.com
O1 - Hosts: 134.68.52.127 www.mpc.adaf.iupui.edu
O1 - Hosts: 207.46.245.60 www.msnbc.com
O1 - Hosts: 198.247.208.102 www.mycomicspage.com
O1 - Hosts: 216.251.43.11 www.names9.com
O1 - Hosts: 207.218.164.17 www.neopets.com
O1 - Hosts: 207.66.2.46 www.onlineregister.com
O1 - Hosts: 216.193.193.16 www.otxresearch.com
O1 - Hosts: 65.54.230.254 www.passport.net
O1 - Hosts: 165.138.113.251 www.pc.bcsc.k12.in.us
O1 - Hosts: 64.94.127.55 www.pcsecuritynews.com
O1 - Hosts: 65.42.130.84 www.reliable.net
O1 - Hosts: 65.88.128.3 www.rnetinc.net
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 63.160.50.32 www.staplesrebates.com
O1 - Hosts: 66.37.205.40 www.switchboard.com
O1 - Hosts: 56.0.134.24 www.usps.com
O1 - Hosts: 212.72.51.68 www.vgfe.com
O1 - Hosts: 161.170.254.20 www.walmart.com
O1 - Hosts: 64.88.151.10 www.win250dollar.com
O1 - Hosts: 216.74.146.21 www.wishtv.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32.dll
O16 - DPF: DigiChat Applet - http://host.digichat...s/Client_IE.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com...eX/NPBMCtrl.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com...X/BMAXSetup.cab

Next:

--Find and delete all files called BrowserHelper.dll from any location(s)

Delete these files in bold.
C:\WINDOWS\p_9904.exe <- this file
C:\WINDOWS\IME <- this folder

Reboot your computer start normally.

Run this file: http://www10.brinkst.../L2M/Msg121.htm

We recommed you uninstall SpyKiller and instead use As-aware or Spybot S&D.

When finished post a fresh log


  • 0

Advertisements


#17
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
New hijack I'm not sure what to do with the code you told me to copy to notebook.
I think I got off everything you wanted. Went to add/remove and could not find spykiller. Tried to go to link and said not available



Logfile of HijackThis v1.97.7
Scan saved at 10:23:18 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Charlotte\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O1 - Hosts: 65.88.128.22 support.rnetinc.net
O1 - Hosts: 207.218.164.16 survey.neopets.com
O1 - Hosts: 216.109.127.246 us.rd.yahoo.com
O1 - Hosts: 209.68.226.14 wishtv.lawinfo.com
O1 - Hosts: 207.171.184.16 www.amazon.com
O1 - Hosts: 165.138.113.249 www.bcsc.k12.in.us
O1 - Hosts: 134.68.52.57 www.bursar.iupui.edu
O1 - Hosts: 24.173.79.235 www.bursar.org
O1 - Hosts: 66.77.107.150 www.buzme.com
O1 - Hosts: 63.146.175.46 www.campmor.com
O1 - Hosts: 63.240.56.20 www.cbs.com
O1 - Hosts: 206.246.138.42 www.centra.org
O1 - Hosts: 134.68.19.195 www.columbus.iupui.edu
O1 - Hosts: 63.240.215.65 www.discovery.com
O1 - Hosts: 65.214.48.1 www.divorcenet.com
O1 - Hosts: 66.213.200.130 www.easierrebate.com
O1 - Hosts: 66.135.192.88 www.ebay.com
O1 - Hosts: 139.171.64.10 www.elderly.com
O1 - Hosts: 63.127.205.130 www.familychristian.com
O1 - Hosts: 66.162.192.49 www.goodysonline.com
O1 - Hosts: 207.182.237.203 www.gozingsurveys.com
O1 - Hosts: 157.91.12.65 www.in.gov
O1 - Hosts: 198.64.149.203 www.indiana.com
O1 - Hosts: 209.125.194.211 www.ipsh.net
O1 - Hosts: 134.68.122.5 www.iupui.edu
O1 - Hosts: 192.232.125.61 www.kodak.com
O1 - Hosts: 64.60.155.251 www.melissadata.com
O1 - Hosts: 216.154.228.146 www.montelshow.com
O1 - Hosts: 134.68.52.127 www.mpc.adaf.iupui.edu
O1 - Hosts: 207.46.245.60 www.msnbc.com
O1 - Hosts: 198.247.208.102 www.mycomicspage.com
O1 - Hosts: 216.251.43.11 www.names9.com
O1 - Hosts: 207.218.164.17 www.neopets.com
O1 - Hosts: 207.66.2.46 www.onlineregister.com
O1 - Hosts: 216.193.193.16 www.otxresearch.com
O1 - Hosts: 65.54.230.254 www.passport.net
O1 - Hosts: 165.138.113.251 www.pc.bcsc.k12.in.us
O1 - Hosts: 64.94.127.55 www.pcsecuritynews.com
O1 - Hosts: 65.42.130.84 www.reliable.net
O1 - Hosts: 65.88.128.3 www.rnetinc.net
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 63.160.50.32 www.staplesrebates.com
O1 - Hosts: 66.37.205.40 www.switchboard.com
O1 - Hosts: 56.0.134.24 www.usps.com
O1 - Hosts: 212.72.51.68 www.vgfe.com
O1 - Hosts: 161.170.254.20 www.walmart.com
O1 - Hosts: 64.88.151.10 www.win250dollar.com
O1 - Hosts: 216.74.146.21 www.wishtv.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host.digichat...s/Client_IE.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...porter.cab?RND=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7613.3897916667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com...eX/NPBMCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com...X/BMAXSetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
  • 0

#18
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Lets try it this way, download the attached file (remove.reg). Save it to your desktop, or somewhere you'll remeber. Next double click this file (remove.reg) and hit yes on the prompt to add its contents to the Registry!

The restart Hijack This and fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O1 - Hosts: 199.181.132.145 abc.go.com
O1 - Hosts: 66.163.172.88 admin.yahoo.com
O1 - Hosts: 165.254.12.131 adopt.hotbar.com
O1 - Hosts: 66.135.200.136 cgi.ebay.com
O1 - Hosts: 66.135.194.20 cgi1.ebay.com
O1 - Hosts: 66.135.210.30 cgi2.ebay.com
O1 - Hosts: 209.47.15.73 cnt.rapidblaster.com
O1 - Hosts: 206.16.0.219 download.com.com
O1 - Hosts: 216.109.126.26 e.my.yahoo.com
O1 - Hosts: 216.136.227.7 edit.yahoo.com
O1 - Hosts: 66.135.195.237 electronics.ebay.com
O1 - Hosts: 216.73.89.150 email.staples-deals.com
O1 - Hosts: 207.46.167.100 encarta.msn.com
O1 - Hosts: 207.68.170.124 groups.msn.com
O1 - Hosts: 207.218.164.60 home.neopets.com
O1 - Hosts: 216.237.188.22 images.emailhello.com
O1 - Hosts: 208.254.63.60 images.trafficmp.com
O1 - Hosts: 64.12.46.235 lastsamurai.warnerbros.com
O1 - Hosts: 66.135.195.27 listings.ebay.com
O1 - Hosts: 65.54.231.240 login.passport.com
O1 - Hosts: 65.54.229.246 login.passport.net
O1 - Hosts: 66.218.75.184 login.yahoo.com
O1 - Hosts: 216.109.127.60 mail.yahoo.com
O1 - Hosts: 65.54.229.252 memberservices.passport.net
O1 - Hosts: 207.46.189.15 moneycentral.msn.com
O1 - Hosts: 207.46.150.21 msnbc.com
O1 - Hosts: 207.68.173.234 my.msn.com
O1 - Hosts: 216.109.126.22 my.yahoo.com
O1 - Hosts: 206.31.10.94 new1.mysurvey.com
O1 - Hosts: 66.135.200.137 offer.ebay.com
O1 - Hosts: 66.135.192.87 pages.ebay.com
O1 - Hosts: 165.254.12.202 premium-offers.com
O1 - Hosts: 66.135.195.245 promo.ebay.com
O1 - Hosts: 209.68.226.5 resources.lawinfo.com
O1 - Hosts: 66.135.210.135 search.ebay.com
O1 - Hosts: 66.135.194.165 search-desc.ebay.com
O1 - Hosts: 206.204.52.6 security.symantec.com
O1 - Hosts: 198.6.49.121 service1.symantec.com
O1 - Hosts: 66.135.210.112 signin.ebay.com
O1 - Hosts: 165.254.12.100 software4thenet.com
O1 - Hosts: 65.88.128.22 support.rnetinc.net
O1 - Hosts: 207.218.164.16 survey.neopets.com
O1 - Hosts: 216.109.127.246 us.rd.yahoo.com
O1 - Hosts: 209.68.226.14 wishtv.lawinfo.com
O1 - Hosts: 207.171.184.16 www.amazon.com
O1 - Hosts: 165.138.113.249 www.bcsc.k12.in.us
O1 - Hosts: 134.68.52.57 www.bursar.iupui.edu
O1 - Hosts: 24.173.79.235 www.bursar.org
O1 - Hosts: 66.77.107.150 www.buzme.com
O1 - Hosts: 63.146.175.46 www.campmor.com
O1 - Hosts: 63.240.56.20 www.cbs.com
O1 - Hosts: 206.246.138.42 www.centra.org
O1 - Hosts: 134.68.19.195 www.columbus.iupui.edu
O1 - Hosts: 63.240.215.65 www.discovery.com
O1 - Hosts: 65.214.48.1 www.divorcenet.com
O1 - Hosts: 66.213.200.130 www.easierrebate.com
O1 - Hosts: 66.135.192.88 www.ebay.com
O1 - Hosts: 139.171.64.10 www.elderly.com
O1 - Hosts: 63.127.205.130 www.familychristian.com
O1 - Hosts: 66.162.192.49 www.goodysonline.com
O1 - Hosts: 207.182.237.203 www.gozingsurveys.com
O1 - Hosts: 157.91.12.65 www.in.gov
O1 - Hosts: 198.64.149.203 www.indiana.com
O1 - Hosts: 209.125.194.211 www.ipsh.net
O1 - Hosts: 134.68.122.5 www.iupui.edu
O1 - Hosts: 192.232.125.61 www.kodak.com
O1 - Hosts: 64.60.155.251 www.melissadata.com
O1 - Hosts: 216.154.228.146 www.montelshow.com
O1 - Hosts: 134.68.52.127 www.mpc.adaf.iupui.edu
O1 - Hosts: 207.46.245.60 www.msnbc.com
O1 - Hosts: 198.247.208.102 www.mycomicspage.com
O1 - Hosts: 216.251.43.11 www.names9.com
O1 - Hosts: 207.218.164.17 www.neopets.com
O1 - Hosts: 207.66.2.46 www.onlineregister.com
O1 - Hosts: 216.193.193.16 www.otxresearch.com
O1 - Hosts: 65.54.230.254 www.passport.net
O1 - Hosts: 165.138.113.251 www.pc.bcsc.k12.in.us
O1 - Hosts: 64.94.127.55 www.pcsecuritynews.com
O1 - Hosts: 65.42.130.84 www.reliable.net
O1 - Hosts: 65.88.128.3 www.rnetinc.net
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 63.160.50.32 www.staplesrebates.com
O1 - Hosts: 66.37.205.40 www.switchboard.com
O1 - Hosts: 56.0.134.24 www.usps.com
O1 - Hosts: 212.72.51.68 www.vgfe.com
O1 - Hosts: 161.170.254.20 www.walmart.com
O1 - Hosts: 64.88.151.10 www.win250dollar.com
O1 - Hosts: 216.74.146.21 www.wishtv.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DXM6Patch_9904] C:\WINDOWS\p_9904.exe /Q:A
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32.dll
O16 - DPF: DigiChat Applet - http://host.digichat...s/Client_IE.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com...eX/NPBMCtrl.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com...X/BMAXSetup.cab

Next:

--Find and delete all files called BrowserHelper.dll from any location(s)

Delete these files in bold.
C:\WINDOWS\p_9904.exe <- this file
C:\WINDOWS\IME <- this folder

Reboot your computer start normally.

Attached Files


  • 0

#19
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I downloaded the attached file and when I tried to enter it I got this error "is not a registry script you can only import binary registery files from within the registry.

I took off all the items you asked for and have run a new hijack

Logfile of HijackThis v1.97.7
Scan saved at 7:36:33 AM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Documents and Settings\Charlotte\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...porter.cab?RND=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7613.3897916667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
  • 0

#20
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I just tried to go to another site, that I go to daily, and got redirected to msn search engine. Is this part of the adware problem that you found?

If you want me to remove yahoo messanger or msn messsenger no problem my daughter is the only one that uses it.
  • 0

#21
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Your log actually looks pretty good. Just fix this entry:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab

Next try and install this attached registry script again. I think I may have accidentally included some extra spaces.

BTW, MSN is the default search engine for Internet Explorer. Is there another search engne you want to use by default?

Attached Files


  • 0

#22
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I usally don't use msn browser. I have used yahoo. It doesn't matter to me what I use as long as I can do things I need to do onthe internet. Any suggstione would be helpful. As for the file it still gives me the same error. Is there a way to put the registries in manually?

Logfile of HijackThis v1.97.7
Scan saved at 1:21:33 PM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlotte\Local Settings\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...porter.cab?RND=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7613.3897916667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
  • 0

#23
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

As for the file it still gives me the same error. Is there a way to put the registries in manually?


Try creating this registry script on your own system again:

Copy the contents of the CODE box below to Notepad, and save as remove.reg (save as type: 'all files' )

REGEDIT4

[-HKEY_CURRENT_USER\Software\adtomi]

[-HKEY_CLASSES_ROOT\CLSID\{B549456D-F5D0-4641-BCED-8648A0C13D83}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B549456D-F5D0-4641-BCED-8648A0C13D83}]
 


DoubleClick Remove.reg, and hit yes on the prompt to add its contents to the Registry!


  • 0

#24
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
<_< yea I got it registered in the computer. Now what do we need to do?
  • 0

#25
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Restart and post a new log. Hopefully your errors will be gone.
  • 0

Advertisements


#26
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.97.7
Scan saved at 7:23:47 AM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Charlotte\Local Settings\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...porter.cab?RND=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7613.3897916667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?314
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{30515995-F64E-4CE8-ACB9-C461A11BEF32}: NameServer = 67.39.236.2 67.39.236.3


Here you go I hope this takes care of all. <_<
  • 0

#27
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
You log looks good <_< Do you still get any errors?

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#28
char12

char12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
<_< Everything is back to normal. No new errors have surfaced.
Thanks for the help
  • 0

#29
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Whew! That was a tough one. Glad to hear all is well <_<
  • 0

#30
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP