Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://allaboutsearching.com/ Please help remove [CLOSED]

Started by rsousa , Apr 14 2004 06:10 PM

  • This topic is locked This topic is locked

#1
rsousa
Posted 14 April 2004 - 06:10 PM

rsousa

    New Member

  • Member
  • Pip
  • 1 posts
I have run Ad aware 6 and Spy remover and this is still here. Here is my Hijack this file. Please help remove all spyware.

Thanks


Logfile of HijackThis v1.97.7
Scan saved at 0:46:18, on 15-04-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\GEARSEC.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Programas\Minolta\PageScope Net Care\JavaService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programas\QuickTime\qttask.exe
C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\WINNT\kdx\KHost.exe
C:\WINNT\system32\sysdll.exe
C:\Programas\Ficheiros comuns\CMEII\CMESys.exe
C:\WINNT\system32\rundll32.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programas\SETI@home\[email protected]
C:\PROGRA~1\WEATHE~1\Weather.exe
C:\Programas\Netscape\Netscape\Netscp.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programas\Gator.com\Gator\Gator.exe
C:\Programas\PrecisionTime\PrecisionTime.exe
C:\Programas\Ficheiros comuns\GMT\GMT.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\COPERN~1\COPERN~1.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rafael Sousa\Ambiente de trabalho\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programas\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc.../www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.122.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: mags more - {DB4A9E6A-771A-AC42-C081-7468D895654E} - C:\PROGRA~1\ACIDDR~1\one bags.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Face Stop] C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [System DLL Resources] C:\WINNT\system32\sysdll.exe
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programas\Ficheiros comuns\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [SpyBlocker] C:\Programas\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [Configuration Loader] cygwin32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [seticlient] C:\Programas\SETI@home\[email protected] -min
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programas\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Programas\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Programas\Ficheiros comuns\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programas\PrecisionTime\PrecisionTime.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Programas\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Programas\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programas\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programas\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Inicio (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower....ler/A091AEM.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenido.../ruboskizo2.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7712.5569444444
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com...tivex/euras.CAB
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsorad...sWebTelecom.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
  • 0

Advertisements

#2
Smokey
Posted 14 April 2004 - 06:20 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
1) New.net, remove by Add/Remove Programs, uninstall NewDotNet

2) P2PNetorking, remove Add/Remove Programs uninstall P2PNetworking

3) A LOP infection. Reboot in safe mode and please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked:

C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc.../www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.122.3
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Face Stop] C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe

Delete the folder:
C:\PROGRAM FILES\IDLEBE... (name abbreviated)

Then please reboot and post a new new log <_<.
  • 0

#3
Kat
Posted 17 August 2005 - 05:57 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP