Jump to content


Photo

home search assistent removal for me PLEASE


  • This topic is locked This topic is locked
13 replies to this topic

#1 SPACEJASE

SPACEJASE

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2004 - 11:50 AM

can you please review my HJT log and help me remove HSA


Logfile of HijackThis v1.97.7
Scan saved at 10:50:17 AM, on 06/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mfcrd32.exe
C:\Documents and Settings\JasonD\Start Menu\Programs\Startup\eUniPrint.exe
C:\Program Files\Outlook Express\Msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\JasonD\Desktop\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hyvct.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hyvct.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hyvct.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hyvct.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hyvct.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hyvct.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {679FBC90-9CFF-0EE3-49C1-BCDA522B0F8F} - C:\WINDOWS\apiqf32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [mfcrd32.exe] C:\WINDOWS\system32\mfcrd32.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKLM\..\RunOnce: [netkr.exe] C:\WINDOWS\system32\netkr.exe
O4 - HKLM\..\RunOnce: [winpn.exe] C:\WINDOWS\winpn.exe
O4 - Startup: eUniPrint.exe
O4 - Global Startup: eUniPrint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B162FD50-BF48-464A-A442-A1D4DF4BD3A6}: Domain = cableone.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{B162FD50-BF48-464A-A442-A1D4DF4BD3A6}: NameServer = 24.116.0.201,24.116.0.202

i will thank you in this life and the next!
your humble servant
jason

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 12:28 PM

Please download "FINDnFIX.exe". Run the "!LOG!.bat" file and post the results into this message for further review.

#3 Midnite

Midnite

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 25 June 2004 - 12:30 PM

Here is your solution !!!

http://www.spywarein...showtopic=10120

:techsupport:

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 12:38 PM

Midnite - Please stop posting in logs where help is already under way. If you would really like to help, become a "Helper Trainee" by clicking on this link and responding to the message.

SPASEJASE - PLease proceed with my instructions as posted.

#5 SPACEJASE

SPACEJASE

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2004 - 01:04 PM

here is the log from that

Analyzer v1.36 by Boogie Copyright © 1997 ESP Team
Files: C:\WINDOWS\SYSTEM32\*.DLL
─
3CTHNK32.DLL MS Windows 95 / Windows NT Exe
8514A.DLL MS Windows 95 / Windows NT Exe
AAAAMON.DLL MS Windows 95 / Windows NT Exe
ACCTRES.DLL MS Windows 95 / Windows NT Exe
ACCWIZ.DLL MS Windows 95 / Windows NT Exe
ACLEDIT.DLL MS Windows 95 / Windows NT Exe
ACLUI.DLL MS Windows 95 / Windows NT Exe
ACNEPL~1.DLL MS Windows 95 / Windows NT Exe
ACSETUPC.DLL MS Windows 95 / Windows NT Exe
ACSMIB.DLL MS Windows 95 / Windows NT Exe
ACTIVEDS.DLL MS Windows 95 / Windows NT Exe
ACTRPT.DLL MS Windows 95 / Windows NT Exe
ACTXPRXY.DLL MS Windows 95 / Windows NT Exe
ADME.DLL MS Windows 95 / Windows NT Exe
ADMPARSE.DLL MS Windows 95 / Windows NT Exe
ADPTIF.DLL MS Windows 95 / Windows NT Exe
ADSLDP.DLL MS Windows 95 / Windows NT Exe
ADSLDPC.DLL MS Windows 95 / Windows NT Exe
ADSMSEXT.DLL MS Windows 95 / Windows NT Exe
ADSNDS.DLL MS Windows 95 / Windows NT Exe
ADSNT.DLL MS Windows 95 / Windows NT Exe
ADSNW.DLL MS Windows 95 / Windows NT Exe
ADV01W9X.DLL MS Windows 95 / Windows NT Exe
ADV02W9X.DLL MS Windows 95 / Windows NT Exe
ADV05W9X.DLL MS Windows 95 / Windows NT Exe
ADVAPI32.DLL MS Windows 95 / Windows NT Exe
ADVPACK.DLL MS Windows 95 / Windows NT Exe
ALRSVC.DLL MS Windows 95 / Windows NT Exe
AM16.DLL MS Windows 95 / Windows NT Exe
AMF16.DLL MS Windows 95 / Windows NT Exe
AMSDP_1.DLL MS Windows 95 / Windows NT Exe
AMSDP_~1.DLL MS Windows 95 / Windows NT Exe
AMSTREAM.DLL MS Windows 95 / Windows NT Exe
APCUPS.DLL MS Windows 95 / Windows NT Exe
APPMGMTS.DLL MS Windows 95 / Windows NT Exe
APPMGR.DLL MS Windows 95 / Windows NT Exe
APPXEC32.DLL MS Windows 95 / Windows NT Exe
ASFERROR.DLL MS Windows 95 / Windows NT Exe
ASFSIPC.DLL MS Windows 95 / Windows NT Exe
ASYCFILT.DLL MS Windows 95 / Windows NT Exe
ATI.DLL MS Windows 95 / Windows NT Exe
ATKCTRS.DLL MS Windows 95 / Windows NT Exe
ATL.DLL MS Windows 95 / Windows NT Exe
ATMFD.DLL MS Windows 95 / Windows NT Exe
ATMLIB.DLL MS Windows 95 / Windows NT Exe
ATV01W9X.DLL MS Windows 95 / Windows NT Exe
ATV02W9X.DLL MS Windows 95 / Windows NT Exe
ATV04W9X.DLL MS Windows 95 / Windows NT Exe
AUDIOE~1.DLL MS Windows 95 / Windows NT Exe
AUTHZ.DLL MS Windows 95 / Windows NT Exe
AUTPRX32.DLL MS Windows 95 / Windows NT Exe
AVICAP.DLL MS Windows: "avicap.exe"
AVICAP32.DLL MS Windows 95 / Windows NT Exe
AVIFIL32.DLL MS Windows 95 / Windows NT Exe
AVIFILE.DLL MS Windows: "Microsoft AVI File Read/Write library"
AVMETER.DLL MS Windows 95 / Windows NT Exe
AVMONTR.DLL MS Windows 95 / Windows NT Exe
AVTAPI.DLL MS Windows 95 / Windows NT Exe
AVWAV.DLL MS Windows 95 / Windows NT Exe
AWCODC32.DLL MS Windows 95 / Windows NT Exe
AWDCXC32.DLL MS Windows 95 / Windows NT Exe
AWDENC32.DLL MS Windows 95 / Windows NT Exe
AWRESX32.DLL MS Windows 95 / Windows NT Exe
AWVIEW32.DLL MS Windows 95 / Windows NT Exe
BASEBALL.DLL MS Windows 95 / Windows NT Exe
BASESRV.DLL MS Windows 95 / Windows NT Exe
BATMETER.DLL MS Windows 95 / Windows NT Exe
BATT.DLL MS Windows 95 / Windows NT Exe
BINDFILE.DLL MS Windows 95 / Windows NT Exe
BLACKBOX.DLL MS Windows 95 / Windows NT Exe
BOOTVID.DLL MS Windows 95 / Windows NT Exe
BR549.DLL MS Windows 95 / Windows NT Exe
BROWSELC.DLL MS Windows 95 / Windows NT Exe
BROWSER.DLL MS Windows 95 / Windows NT Exe
BROWSEUI.DLL MS Windows 95 / Windows NT Exe
BROWSEWM.DLL MS Windows 95 / Windows NT Exe
BTN32D10.DLL MS Windows 95 / Windows NT Exe
CABINET.DLL MS Windows 95 / Windows NT Exe
CABVIEW.DLL MS Windows 95 / Windows NT Exe
CAPESNPN.DLL MS Windows 95 / Windows NT Exe
CARDS.DLL MS Windows 95 / Windows NT Exe
CATSRV.DLL MS Windows 95 / Windows NT Exe
CATSRVPS.DLL MS Windows 95 / Windows NT Exe
CATSRVUT.DLL MS Windows 95 / Windows NT Exe
CCFGNT.DLL MS Windows 95 / Windows NT Exe
CCP3216.DLL MS Windows 95 / Windows NT Exe
CDFVIEW.DLL MS Windows 95 / Windows NT Exe
CDM.DLL MS Windows 95 / Windows NT Exe
CDO.DLL MS Windows 95 / Windows NT Exe
CDONTS.DLL MS Windows 95 / Windows NT Exe
CDOSYS.DLL MS Windows 95 / Windows NT Exe
CDRAL.DLL MS Windows 95 / Windows NT Exe
CDRTC.DLL MS Windows 95 / Windows NT Exe
CERTCLI.DLL MS Windows 95 / Windows NT Exe
CERTMGR.DLL MS Windows 95 / Windows NT Exe
CEWMDM.DLL MS Windows 95 / Windows NT Exe
CFGMGR32.DLL MS Windows 95 / Windows NT Exe
CH7XXW9X.DLL MS Windows 95 / Windows NT Exe
CIADMIN.DLL MS Windows 95 / Windows NT Exe
CIC.DLL MS Windows 95 / Windows NT Exe
CIODM.DLL MS Windows 95 / Windows NT Exe
CLB.DLL MS Windows 95 / Windows NT Exe
CLBCATEX.DLL MS Windows 95 / Windows NT Exe
CLBCATQ.DLL MS Windows 95 / Windows NT Exe
CLICONFG.DLL MS Windows 95 / Windows NT Exe
CLPRMON.DLL MS Windows 95 / Windows NT Exe
CLRVIDDC.DLL

thanks for looking and helping mr phantom guy

jason

#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 01:12 PM

Are you sure that you ran the !LOG!.BAT file as your log is not what I was expecting?

#7 SPACEJASE

SPACEJASE

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2004 - 01:28 PM

i think so, which file do you want me to copy to here?

#8 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 01:39 PM

After a few minutes it should open a log.txt file that contains:

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

Fri 06/25/2004
11:32am  up 0 days, 20:49
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

╗╗Locked or 'Suspect' file(s) found...


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
etc.
etc.
etc.



#9 SPACEJASE

SPACEJASE

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2004 - 02:03 PM

Microsoft Windows 2000 [Version 5.00.2195]
The type of the file system is NTFS.
C: is not dirty.

Fri 06/25/2004
1:02pm up 0 days, 0:32
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

╗╗Locked or 'Suspect' file(s) found...


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
╗╗╗Special 'locked' files scan in 'System32'........
**File C:\FINDnFIX\LIST.TXT

****Filtering files in System32... (-h -s -r...) ***
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

No matches found.

C:\WINDOWS\SYSTEM32\
hyvct.dll Thu Jun 10 2004 6:33:54p A.SH. 70,656 69.00 K
pewhw.dll Wed May 26 2004 6:10:48a A.SH. 70,656 69.00 K
wmvdecax.dll Sun Jun 6 2004 9:39:32p A.S.. 520,192 508.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 661,504 bytes 646.00 K

Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\HYVCT.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\PEWHW.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\WMVDECAX.DLL
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 398

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read Everyone
(ID-IO) ALLOW Read Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read Everyone
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM


╗╗Member of...: (Admin logon required!)
User is a member of group CASTLELAKEINS\Domain Users.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.
User is a member of group CASTLELAKEINS\Domain Admins.

╗╗Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000003 tco- 001F01FF ---- DSPO rw+x \Everyone

Owner: BUILTIN\Administrators

Primary Group: CASTLELAKEINS\Domain Users



╗╗╗╗╗╗Backups created...╗╗╗╗╗╗
1:04pm up 0 days, 0:35
Fri 06/25/2004

A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 8,192 06-25-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 268 06-25-2004 winkey.reg

╗╗Performing 16bit string scan....

---------- WIN.TXT
REGEDIT4
it runs for a few minutes and then disappears, so this is a copy of the log file

please forgive my ignorance.

jason

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Windows
DeviceNotSelectedTimeout
GDIProcessHandleQuota
Spooler
swapdisk
TransmissionRetryTimeout
USERProcessHandleQuotas

**File C:\FINDnFIX\WIN.TXT


#10 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 03:01 PM

I need to solicit some help from one of the experts so please bear with me until I have a response for you..
Thank you.

#11 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 03:26 PM

Try this procedure:
  • Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":
    O2 - BHO: (no name) - {679FBC90-9CFF-0EE3-49C1-BCDA522B0F8F} - C:\WINDOWS\apiqf32.dll
    O4 - HKLM\..\Run: [mfcrd32.exe] C:\WINDOWS\system32\mfcrd32.exe
    O4 - HKLM\..\RunOnce: [netkr.exe] C:\WINDOWS\system32\netkr.exe
    O4 - HKLM\..\RunOnce: [winpn.exe] C:\WINDOWS\winpn.exe
  • Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "mfcrd32.exe". If you find the file, click on it, and then click End Process => Exit the Task Manager.
  • Delete the files:
    C:\WINDOWS\system32\netkr.exe
    C:\WINDOWS\winpn.exe
    C:\WINDOWS\system32\mfcrd32.exe
  • Restart your computer.
  • After you have restarted your computer please download About:Buster by RubbeRDuckY from here or from here . Save it to your desktop. Unzip it and start it. Read the Message that popsup (which is directions.). You have done most of it. Now hit start. Start up internet explorer and copy ALL THE TEXT in the address bar. Then in the white box paste the text and hit Ok. It should work.
  • Then please restart your computer and post a new Hijack this log.


#12 SPACEJASE

SPACEJASE

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2004 - 04:10 PM

Logfile of HijackThis v1.97.7
Scan saved at 3:09:48 PM, on 06/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\JasonD\Start Menu\Programs\Startup\eUniPrint.exe
C:\Program Files\Outlook Express\Msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JasonD\Desktop\hjt.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: eUniPrint.exe
O4 - Global Startup: eUniPrint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B162FD50-BF48-464A-A442-A1D4DF4BD3A6}: Domain = cableone.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{B162FD50-BF48-464A-A442-A1D4DF4BD3A6}: NameServer = 24.116.0.201,24.116.0.202

here is the latest log after i did the other stuff you sent. it seems to have worked. i changed my home page to foxnews.com and it stayed there when i logged in again.

you are a freaking guiness. thanks so much! i am donating today.

jason

#13 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 08:05 PM

Your log is looking clean :)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#14 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 08:06 PM

It has been a pleasure to help you :)

The problems here look to be resolved so I will close the thread. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you would like to make a contribution to help support SpywareInfo, please check this link for more information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button