Cyberanswers is now on youtube

Register a free account
ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Spyware / Virus Removal
Reload this Page i hate pop ups
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old 10-18-2004, 09:45 AM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
i hate pop ups
for my sisters computer which is crazy ... i have everything downloaded.. here's hjt log .. thanks

Logfile of HijackThis v1.98.2
Scan saved at 9:44:11 AM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32PackethSvc.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOW***plorer.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32ps2.exe
C:Program FilesDownloadWaredw.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:windowsredirect9a.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:WINDOWSSystem32SahAgent.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
C:WINDOWSSystem32RUNDLL32.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:Program FilesAOL Companioncompanion.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1RECOMM~1v15rh.exe
Cocuments and SettingsOwnerDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 80.69.74.15 auto.search.msn.com
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:Program FilesRecommended Hotfix - 421701Dv15RH.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - COCUME~1ALLUSE~1APPLIC~1SetupSetup.dll
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - COCUME~1JennaLOCALS~1Temprbarc.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [HPGamesActiveMenu] C:Program FilesWildTangentActiveMenuHPGamesActiveMenu.exe
O4 - HKLM..Run: [PromulGate] "C:Program FilesDelFinPromulGatePgMonitr.exe"
O4 - HKLM..Run: [MediaLoads Installer] "C:Program FilesDownloadWaredw.exe" /H
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [WT GameChannel] C:Program FilesWildTangentAppsGameChannel.exe
O4 - HKLM..Run: [redirect] C:windowsredirect9a.exe
O4 - HKLM..Run: [easywww] C:windowseasywww2.exe
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [updater] C:Program FilesCommon filesupdaterwupdater.exe
O4 - HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe
O4 - HKLM..Run: [msbb] C:WINDOWSSystem32msbb.exe
O4 - HKLM..Run: [Belt] C:WINDOWSBelt.exe
O4 - HKLM..Run: [FLSVCCWEL] C:WINDOWSFLSVCCWEL.exe
O4 - HKLM..Run: [Media-Search] "C:Program Filesmsnetv9msnet.EXE" /H
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [Search-Exe] "C:Program Filessev11se.EXE" /H
O4 - HKLM..Run: [Win Server Updt] C:WINDOWSwupdt.exe
O4 - HKLM..Run: [New.net Startup] rundll32 ,NewDotNetStartup -s
O4 - HKLM..Run: [prpzjtxyepga] C:WINDOWSSystem32jrokvj.exe
O4 - HKLM..Run: [crabr] C:WINDOWSFontscrabr.exe
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngin eMain
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..RunOnce: [RealPlayer_update] C:Program FilesAmerica Online 9.0JitiReal9_codec_upd.exe restart
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Microsoft Works Update Detection] C:Program FilesMicrosoft WorksWkDetect.exe
O4 - HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe
O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe
O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://crogram filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O8 - Extra context menu item: Backward Links - res://crogram filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://crogram filesgoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://crogram filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://crogram filesgoogleGoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:Program FilesCommon FilesMicrosoft SharedEncarta ResearcherEROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:x.cab

you all are awesome
__________________
--Kelly
Reply With Quote
Sponsored Links

  #2  
Old 10-18-2004, 10:21 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Re: i hate pop ups
Im not much for popups as well to be honest with you..

Rescan and check these then close all browser windows and click "fix checked"



R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O1 - Hosts: 80.69.74.15 auto.search.msn.com

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll

O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:Program FilesRecommended Hotfix - 421701Dv15RH.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL

O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - COCUME~1ALLUSE~1APPLIC~1SetupSetup.dll

O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - COCUME~1JennaLOCALS~1Temprbarc.dat

O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL

O4 - HKLM..Run: [HPGamesActiveMenu] C:Program FilesWildTangentActiveMenuHPGamesActiveMenu.exe

O4 - HKLM..Run: [PromulGate] "C:Program FilesDelFinPromulGatePgMonitr.exe"

O4 - HKLM..Run: [MediaLoads Installer] "C:Program FilesDownloadWaredw.exe" /H

O4 - HKLM..Run: [WT GameChannel] C:Program FilesWildTangentAppsGameChannel.exe

O4 - HKLM..Run: [redirect] C:windowsredirect9a.exe

O4 - HKLM..Run: [easywww] C:windowseasywww2.exe

O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART

O4 - HKLM..Run: [updater] C:Program FilesCommon filesupdaterwupdater.exe

O4 - HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe

O4 - HKLM..Run: [msbb] C:WINDOWSSystem32msbb.exe

O4 - HKLM..Run: [Belt] C:WINDOWSBelt.exe

O4 - HKLM..Run: [FLSVCCWEL] C:WINDOWSFLSVCCWEL.exe

O4 - HKLM..Run: [Media-Search] "C:Program Filesmsnetv9msnet.EXE" /H

O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe

O4 - HKLM..Run: [Search-Exe] "C:Program Filessev11se.EXE" /H

O4 - HKLM..Run: [Win Server Updt] C:WINDOWSwupdt.exe

O4 - HKLM..Run: [New.net Startup] rundll32 ,NewDotNetStartup -s

O4 - HKLM..Run: [prpzjtxyepga] C:WINDOWSSystem32jrokvj.exe

O4 - HKLM..Run: [crabr] C:WINDOWSFontscrabr.exe

O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe

O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngin eMain

O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"

O4 - HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe

O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE

O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe

O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE

O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll

O10 - Hijacked Internet access by New.Net

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:x.cab



Then reboot into safe mode, open windows explorer, find then delete:
C:Program FilesWeb_Rebates
C:Program FilesMyWebSearch
COCUME~1ALLUSE~1
C:Program FilesMyWay
C:Program FilesWildTangent
C:windowsredirect9a.exe
C:windowseasywww2.exe
C:WINDOWSSystem32P2P Networking
C:WINDOWSSystem32SahAgent.exe
C:WINDOWSSystem32msbb.exe
C:WINDOWSBelt.exe
C:WINDOWSFLSVCCWEL.exe
C:Program Filesmsnetv9msnet.EXE" /H
C:Program FilesViewpoint
C:Program Filesse
C:WINDOWSwupdt.exe
C:WINDOWSSystem32jrokvj.exe
C:WINDOWSFontscrabr.exe
C:PROGRA~1ezula


Reboot ownload Adaware Se from [Only Registered and Activated Users Can See Links. Click Here To Register...]
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, Check
Move deleted files to recycle bin
Include additional object information
Include negligible object information
Include environment information
Under the defaults button Set the homepage you wish to have set as default.
Under the tweak button
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom
__________________________________________________ _____________
Rescan with hijack and post a fresh log please.
Reply With Quote
  #3  
Old 10-18-2004, 06:08 PM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
thanks here's another one haha sorry
too many pop ups i swear...

[Only Registered and Activated Users Can See Links. Click Here To Register...]
__________________
--Kelly
Reply With Quote
  #4  
Old 10-18-2004, 06:09 PM
savedtheday89 savedtheday89 is offline
Member
  
Join Date: Oct 2004
Posts: 39
Send a message via AIM to savedtheday89 Send a message via MSN to savedtheday89
thanks here's another one haha sorry
too many pop ups i swear...

Logfile of HijackThis v1.98.2
Scan saved at 6:07:36 PM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32PackethSvc.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:WINDOW***plorer.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32ps2.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAIM95aim.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesAOL Companioncompanion.exe
C:WINDOWSsystem32winlogon.exe
C:Program FilesInternet Exploreriexplore.exe
Cocuments and SettingsJennaDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [lsgrwf] C:WINDOWSSystem32jrokvj.exe
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..RunOnce: [RealPlayer_update] C:Program FilesAmerica Online 9.0JitiReal9_codec_upd.exe restart
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [MoneyStartUp] C:Program FilesMicrosoft MoneySystemMoney Startup.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIM95aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://c:data.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &Search - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:Program FilesCommon FilesMicrosoft SharedEncarta ResearcherEROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O10 - Hijacked Internet access by New.Net
__________________
--Kelly
Reply With Quote
  #5  
Old 10-18-2004, 07:12 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Re: thanks here's another one haha sorry
Now run this uninstaller: [Only Registered and Activated Users Can See Links. Click Here To Register...]
Then rescan and check these then have hijack fix each

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:WINDOWSmxTarget.dll

O
O4 - HKLM..Run: [lsgrwf] C:WINDOWSSystem32jrokvj.exe

O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"

O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART

O8 - Extra context menu item: &RSDN Search - res://c:data.dll/GoRSDN.dll.htm

O8 - Extra context menu item: &Search - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O10 - Hijacked Internet access by New.Net[/quote]
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hate That Crazy Frog! LJM Master Gaming 10 08-29-2005 01:23 PM


All times are GMT -5. The time now is 01:43 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved