Thread: Problems here...
View Single Post
  #2  
Old 04-12-2005, 07:11 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Hi sula


Lets start by first having you rescan once again with hijack, insert a check next to each of the following then close all other browser windows and click "fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe

O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe ams491.dat,Execute

O4 - HKLM\..\Run: [wupdate] C:\WINDOWS\System32\wisvccz.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteuvf32.exe

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N

O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe

O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Olivier\LOCALS~1\Temp\shop1004.exe run

O4 - HKLM\..\Run: [1EVnn9e] C:\WINDOWS\exbocthe.exe

O4 - HKCU\..\Run: [Dosd] C:\WINDOWS\System32\rnai.exe

O4 - HKCU\..\Run: [Ysykt] C:\WINDOWS\System32\m?iexec.exe

O4 - Startup: winupdate03430305[1].exe

O4 - Startup: winupdate07872521[1].exe

O4 - Startup: winupdate52561670[1].exe

O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c18.cab

O16 - DPF: {1F01C8C9-C6D3-5AC7-53DF-048E16451A2A} - http://69.50.182.94/1/rdgCA1882.exe

O16 - DPF: {2BA7DF23-C31A-3F24-520C-3EEB36728E80} - http://69.50.182.94/1/rdgCA1882.exe

O16 - DPF: {32E2DEDC-4925-7395-17C7-540131C39AC5} - http://69.50.182.94/1/rdgCA1882.exe

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/...sb_regular.cab

O16 - DPF: {466610E2-93B2-4094-C1B9-6756481BBF1F} - http://69.50.182.94/1/rdgCA1882.exe

O16 - DPF: {5161D29F-FFF7-6AF8-3EAE-3CBA611CD498} - http://69.50.182.94/1/rdgCA1882.exe

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab



Now download this program. http://www.spyware911.net/downloads/KillBox.exe
Open it and in the space provided paste this line.
C:\WINDOWS\System32\wisvccz.exe

Then tick the "delete on reboot option"
Then click the red x.
When it asks to reboot select not to reboot at this time.

Now do the same for these lines as well.

C:\windows\system32\eliteuvf32.exe

C:\WINDOWS\System32\canada.exe -N

C:\WINDOWS\System32\ap9h4qmo.exe

C:\WINDOWS\exbocthe.exe

C:\WINDOWS\System32\rnai.exe

C:\WINDOWS\System32\m?iexec.exe

C:\WINDOWS\EliteSideBar

C:\WINDOWS\system32\init32m.exe

C:\windows\system32\taskmg.exe

C:\WINDOWS\shop1004.exe

C:\WINDOWS\System32\wisvccz.exe
Now do this please.
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Then this:

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.


Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.


Now reboot

escan with hijackthis again and post a fresh log for me please.
Reply With Quote