Posted 25 June 2004 - 02:24 AM

My homepage keeps resetting to about:blank, I am getting alot of pop-ups and redirects, and my stuff seems to be running alot slower. I have run A-v scans, Spy Sweeper, Spybot S&D, and am using Free Surfer to limit pop-ups and keep my homepage. I got rid of some stuff using the programs, but the problem wont go away. Also, I tried to use SpyBlaster but it keeps saying I have a bad sector or virus and wont let me start it. I have done scandisks and defrags but that didnt help me use that. My HijackThis log is below, please help me.

Running processes:
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\My Documents\My Videos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.tigerdirect.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {654861C4-DCF5-4BE4-B0E1-D1B8E49DB8DE} - C:\WINDOWS\System32\hpojfd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O17 - HKLM\System\CCS\Services\Tcpip\..\{900818FA-58CF-404C-A0EA-61AF9568C257}: NameServer =

Posted 28 June 2004 - 10:08 PM

I had the same virus/trojan on my computer. It periodically launches web sites using Internet Explorer.

Here are the steps that I performed to get rid of it:
1. I killed the "mcc.exe" app that was running as a current process, using Task Manager.
2. I deleted the "mcc.exe" app that was in my windows directory.
3. I deleted the entire hkey_current_user\software\media codecs registry key
4. I removed the registry value that was causing the app to automatically restart when rebooting. That registry value is in "hkey_local_machine\software\microsoft\windows\currentversion\run" and it launches the mcc.exe application, referring to it as "multimedia codecs".

I then rebooted and the problem has not occurred again since. This was a hard one to clean up, since McAfee, AVG, Ad-aware, SpyBot, and many other apps that I tried could not clean it up for me.

(((i noticed you have the exact same symptoms I did....hope this helps...it worked for me))) :D

