• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
CDiddy

Please Help :( - MERGED 2 threads

10 posts in this topic

I have no idea what I'm doing, all I know is that whenever I turn on my computer, Internet Explorer launches automatically and pulls up this weird site (www.h4ck.freepage.com)...Can anyone tell me what to delete here? Or tell me what I should be doing?

Thanks in advance!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\WINDOWS\System32\wmmon32.exe

C:\WINDOWS\System32\video_32sD.exe

C:\WINDOWS\System32\smss32.exe

C:\WINDOWS\System32\NAVSCANNER32.EXE

C:\WINDOWS\System32\msnmsgr.exe

C:\WINDOWS\System32\S3tray2.exe

C:\WINDOWS\System32\systemnt.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\valued customer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\valued customer\Application Data\Mozilla\Profiles\default\kfgmtejr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

Share this post


Link to post
Share on other sites

This computer is 2 months old and already, whenever I start up IE pops up and starts directing me to different sites...The site changes almost daily and its starting to get really annoying...I've downloaded Hijackthis and now I need an expert to tell me what to do next...here's the results.

Thanks in advance

 

Logfile of HijackThis v1.97.7

Scan saved at 12:11:05 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\WINDOWS\System32\wmmon32.exe

C:\WINDOWS\System32\video_32sD.exe

C:\WINDOWS\System32\smss32.exe

C:\WINDOWS\System32\NAVSCANNER32.EXE

C:\WINDOWS\System32\msnmsgr.exe

C:\WINDOWS\System32\S3tray2.exe

C:\WINDOWS\System32\systemnt.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\valued customer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\valued customer\Application Data\Mozilla\Profiles\default\kfgmtejr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [Operation Update] suamgrd.exe

O4 - HKLM\..\Run: [won update] wapdate.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\ztnkaj.exe

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKLM\..\Run: [Microsoft Update] smss32.exe

O4 - HKLM\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

O4 - HKLM\..\Run: [update Service] C:\WINDOWS\System32\bdgkfe.exe

O4 - HKLM\..\Run: [skynetave.exe] C:\WINDOWS\skynetave.exe

O4 - HKLM\..\Run: [40465B92] C:\WINDOWS\System32\jkpdolbbsmcst.exe

O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe

O4 - HKLM\..\Run: [NAVSCAN32.EXE] NAVSCAN32.exe

O4 - HKLM\..\Run: [msn] msnmsgr.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] systemnt.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe

O4 - HKLM\..\RunServices: [Operation Update] suamgrd.exe

O4 - HKLM\..\RunServices: [won update] wapdate.exe

O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe

O4 - HKLM\..\RunServices: [Microsoft Update] smss32.exe

O4 - HKLM\..\RunServices: [NAVSCANNER32] NAVSCANNER32.EXE

O4 - HKLM\..\RunServices: [A2FF3DE2] C:\WINDOWS\System32\jkpdolbbsmcst.exe

O4 - HKLM\..\RunServices: [NAVSCAN32.EXE] NAVSCAN32.exe

O4 - HKLM\..\RunServices: [msn] msnmsgr.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemnt.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] systemnt.exe

O4 - HKCU\..\Run: [Microsoft Update] smss32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM

O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1087265704312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

O4 - HKLM\..\Run: [skynetave.exe] C:\WINDOWS\skynetave.exe :alarm:

Sasser worm.

Run either or both of these online scans, and let them delete what they find:

http://www.pandasoftware.com/activescan/co...n_principal.htm

http://housecall.trendmicro.com/

 

Then immediately go here and get the update if you don't have it:

http://www.microsoft.com/technet/security/alerts/sasser.mspx

Reboot and post a fresh log

 

And please stick to just this one thread. Hit ADD REPLY, not NEW TOPIC.

Share this post


Link to post
Share on other sites

Sorry about the 2 threads...I'm new to this...did both scans and downloaded the update...hows this look??

 

Logfile of HijackThis v1.97.7

Scan saved at 3:39:43 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\WINDOWS\System32\wmmon32.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\valued customer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\valued customer\Application Data\Mozilla\Profiles\default\kfgmtejr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [Operation Update] suamgrd.exe

O4 - HKLM\..\Run: [won update] wapdate.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\ztnkaj.exe

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKLM\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

O4 - HKLM\..\Run: [update Service] C:\WINDOWS\System32\bdgkfe.exe

O4 - HKLM\..\Run: [40465B92] C:\WINDOWS\System32\jkpdolbbsmcst.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKCU\..\Run: [Microsoft Update] smss32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM

O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1087265704312

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

You still have a bunch of stuff that is unknown and highly suspect. But before we go after them with HijackThis, please create a permanent folder such as C:\HJT\, move or extract HijackThis.exe to there, and run it from there. It will make backups in that folder.

 

Fixing these will not affect the files themselves, just their startup triggers.

 

Tick the boxes next to all these (unless you know exactly what it is), then close all browser and explorer windows, and tell HijackThis to "Fix checked". Then Reboot.

 

O4 - HKLM\..\Run: [Operation Update] suamgrd.exe

O4 - HKLM\..\Run: [won update] wapdate.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\ztnkaj.exe

O4 - HKLM\..\Run: [update Service] C:\WINDOWS\System32\bdgkfe.exe

O4 - HKLM\..\Run: [40465B92] C:\WINDOWS\System32\jkpdolbbsmcst.exe

O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

 

After reboot, post another log. If everything seems normal then we will delete those files.

Share this post


Link to post
Share on other sites

Here what I've got now...

 

Logfile of HijackThis v1.97.7

Scan saved at 3:49:19 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\WINDOWS\System32\wmmon32.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\valued customer\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\valued customer\Application Data\Mozilla\Profiles\default\kfgmtejr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

Share this post


Link to post
Share on other sites

Your log looks possibly incomplete?

Tick and fix these:

 

Tidy up:

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

 

May be a wrom

O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE

 

This is a virus :alarm:

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

Run the symantec removal tool http://securityresponse.symantec.com/avcen...moval.tool.html

 

And finally, run Ad-Aware.

Download the latest version of Ad-Aware:

http://www.lavasoft.de/software/adaware/

 

After installing AAW, and before running the program.

Please be sure to update the reference file following the instructions here:

http://www.lavahelp.com/howto/updref/index.html

There was an update yesterday.

 

Reconfigure Ad-Aware for Full Scan:

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT to allow it to finish.

Share this post


Link to post
Share on other sites

I really appreciate all of your help...you're a life saver!!! :)

 

Logfile of HijackThis v1.97.7

Scan saved at 4:57:57 PM, on 6/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\valued customer\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\valued customer\Application Data\Mozilla\Profiles\default\kfgmtejr.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe

O4 - HKCU\..\Run: [Microsoft Update] smss32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM

O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1087265704312

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

This is the only bad thing left, I think. Tick and fix it, then reboot.

 

O4 - HKCU\..\Run: [Microsoft Update] smss32.exe

 

After fix and reboot, Make sure you are set to show hidden files and folders:

Show Hidden Files and Folders

 

Do Start->Search, All files and folders. In More advanced options, check the boxes for system, hidden, and subfolders. Click Search.

 

Then delete all instances of smss32.exe that are found. (The file itself, disregard the items that have "search" in them.)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0