Forum Index - View Single Post

*Mobo* · #2 11-30-2004, 05:44 PM

First please download then run http://www.spyware911.net/downloads/newdot...20uninstall.exe to get rid of the newdotnet troubles.

Then reboot, rescan with hijack and insert a check next to each of the following, close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://1800search.com/1800search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll

O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: SDWin32 Class - {2778EE31-FAD9-4B56-BC73-8A7BF46C2B41} - C:\WINDOWS\System32\mtfyi.dll

O2 - BHO: SDWin32 Class - {2D74B228-38E3-4B61-9F66-35992A24FC8C} - C:\WINDOWS\System32\dccij.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [lsgrwf] C:\WINDOWS\System32\jrokvj.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe

O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe

O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [bitgv] C:\WINDOWS\bitgv.exe

O4 - HKLM\..\Run: [dccijc] C:\WINDOWS\System32\dccijc.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [v72O39P] mlaroute.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"

O4 - HKLM\..\Run: [mtfyic] C:\WINDOWS\System32\mtfyic.exe

O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Owner\LOCALS~1\Temp\djtopr1150.ex e"

O4 - HKLM\..\RunOnce: [djebmm350.exe] "C:\DOCUME~1\Owner\LOCALS~1\Temp\djebmm350.exe "

O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314

O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (HKCU)

Now reboot the sytstem into safe mode http://www.spyware911.net/forum/index.php?showtopic=15

Open windows explorer, find then delete:
C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\SurfSideKick 2
C:\DOCUME~1\Owner\LOCALS~1\Temp\djebmm350.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\djtopr1150.exe
C:\WINDOWS\System32\mtfyic.exe
C:\Program Files\Web_Rebates
C:\Program Files\AutoUpdate
C:\PROGRA~1\VBouncer
C:\WINDOWS\System32\dccijc.exe
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
C:\WINDOWS\System32\jrokvj.exe
C:\WINDOWS\System32\P2P Networking
C:\WINDOWS\satmat.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\stcloader.exe
C:\WINDOWS\System32\winupdtl.exe
C\windows\system32\saie.exe
C:\WINDOWS\bitgv.exe

Run a scan here http://www.spyware911.net/xcleaner.htm

Reboot and repost a fresh hijack log please.