• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Cabo

Unwanted

8 posts in this topic

Hi guys,

 

I imagine you get a ton of e-mails from people like me. I have made some boo boos and yes I was looking at some porn sights.

 

I am afraid all this computer jargon is too much for me. I am trying to learn how to speak Spanish and that is enough for my little brain. I have also spent about 20 hours on this stuff with absolutley no sucess. I have the following problems. Can you help me before my wife comes back from her trip this Friday.

 

1. My home page does not do what I want it to, every time I change it it lasts only for a short time.

 

2. My virus programs have been killed somehow. When I try to run them I get " not a valid Win 32 application"

 

3. Lastly I have this cute little porn program called Pretty Teens that just wont go away. It is in my favorite and no matter how often I delete it it keeps returning.

 

I have read how helpful you have been for other people and that is the reason I am here. Below is what I have from Hijack this. I can see some of the problem but need help with it. Can someone help

 

chow for now

 

Martin

 

PS I forgot to mention recently I added Yahoo messenger to my computer and I think that started a big chain reaction. I have deleted it so anything to do with Yahoo I would like gone as well.

 

Logfile of HijackThis v1.97.7

Scan saved at 8:30:36 PM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\STOPzilla!\szntsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\STOPzilla!\Stopzilla.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\mcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\PROGRA~1\ALURIA~1\ASE\ASEserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\unzipped\hijackthis\HijackThis.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siClientUI.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siMain.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbr.cc (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bigbr.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Prodigy Internet

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files\GIANT Company Software\Spam Inspector\siClientUIHotmail.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [sTOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [_Hazafibb] C:\WINDOWS\System32\memkxeih.exe

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\RunServices: [RNBOStart] <WINSYSDIR>\rnbosent\sentstrt.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [CWU_AutoStartup] C:\Program Files\ContentWatch\Updater\cwupdate.exe

O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: ATI TV (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix: http://%62%69%67%62%72%2E%63%63?error=

O13 - WWW Prefix: http://%62%69%67%62%72%2E%63%63?error=

O13 - Home Prefix: http://%62%69%67%62%72%2E%63%63?error=

O13 - Mosaic Prefix: http://%62%69%67%62%72%2E%63%63?error=

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002082...all/xscan53.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/..._140/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7357.3984837963

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwatch.com/audit/includes...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12499694-08BC-4502-8B7B-0316BCF4D9B9}: NameServer = 200.23.242.201,200.23.242.193

O17 - HKLM\System\CCS\Services\Tcpip\..\{797AAD9C-A8B2-4AC4-B8AD-FEF5DAC14ABA}: NameServer = 200.23.242.202 200.23.242.196

Edited by Cabo

Share this post


Link to post
Share on other sites

Hi, Cabo

 

Print a copy of this topic to make it easy for you to follow all of the steps.

*

 

Download CWShredder.exe CoolWebSearch removal tool from

http://www.spywareinfo.com/~merijn/files/CWShredder.exe

 

Place the download file in it's own folder.

 

Make sure all browsers and all Windows Explorer windows are closed before running it and

be sure to click on the "Fix" button.

 

When the scan is completed and all files removed, close the application.

*

Get the new Version 1.98 of Hijackthis.

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Run HijackThis and post a fresh log.

Share this post


Link to post
Share on other sites

Hi, firstly thanks for responding. I have spent a ton of time on this problem and have fixed most of the problems including my start page and the virus programs. I have run CW shredder, Hijack this, Spybot, Ad aware, Internet Cleanup and McAfee. I still have thise annoying porn popups and I would also like to get rid of all traces of Yahoo if that is possible. thanks Martin

 

Logfile of HijackThis v1.97.7

Scan saved at 8:37:59 AM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\STOPzilla!\szntsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALURIA~1\ASE\ASEserv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\STOPzilla!\Stopzilla.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe

C:\Program Files\DIGStream\digstream.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Prodigy Internet

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files\GIANT Company Software\Spam Inspector\siClientUIHotmail.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sTOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\RunServices: [RNBOStart] <WINSYSDIR>\rnbosent\sentstrt.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: ATI TV (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...swflash5r42.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12499694-08BC-4502-8B7B-0316BCF4D9B9}: NameServer = 200.23.242.201,200.23.242.193

O17 - HKLM\System\CCS\Services\Tcpip\..\{797AAD9C-A8B2-4AC4-B8AD-FEF5DAC14ABA}: NameServer = 200.23.242.202 200.23.242.196

Share this post


Link to post
Share on other sites

Hi Cabo

 

Your last log is clean so the tools you used have helped.

 

I can only suggest that you run some Virus Scan. Here are two well known locations.

 

Noton/Symantec On Line check of your computer.

http://security.symantec.com/sscv6/default.asp

 

McAfee, OnLine free Scan

http://us.mcafee.com/root/mfs/default.asp?cid=9914

*

Also check for Trojans, these two are free.

 

TrojanHunter

http://www.computercops.biz/reviews-8.html

 

a2 Scanner

http://www.emsisoft.com/en/software/free/

*

Make sure also that you have run the latest version of AdAware and Spybot.

No harm in doing it again. In Normal mode and in Safe mode.

 

Reboot, on restart, restart in "Safe Mode"[/b].

 

How To

1 - Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.

2 - When the Windows Advanced Options menu appears, select an option, and then press ENTER.

3 - When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

*

I strongly recommend that your read this article and take the necessary steps to protect your system.

 

Important: "So how did I get infected in the first place?"

http://forums.net-integration.net/index.php?showtopic=3051

*

Do not forget, you need the new Version 1.98 of Hijackthis.

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Run HijackThis and post a new log.

Share this post


Link to post
Share on other sites

Hi Cabo

 

Following my post this morning.

 

Please Fix the following before submitting your next log with the new version of HJT.

 

Make sure all browsers and all Windows Explorer windows are closed

then run "HijackThis" and have it fix these entries.

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

Thanks.

Share this post


Link to post
Share on other sites

Hello again,

 

I have been working with some trojan removing softwares so sorry for the delay. I really appreciate your help, by running the last Hijack This and fixing the files you suggested everything is back to normal. One of the trojan softeware companies has picked up on SYSTEM32\msbar.exe and I have sent them an attachment of that file. After that I believe its all done.

You guys must be swamped with enqiuies.

 

thanks again Martin

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\STOPzilla!\szntsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\STOPzilla!\Stopzilla.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe

C:\Program Files\DIGStream\digstream.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\ALURIA~1\ASE\ASEserv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siClientUI.exe

C:\Program Files\GIANT Company Software\Spam Inspector\siMain.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Prodigy Internet

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files\GIANT Company Software\Spam Inspector\siClientUIHotmail.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sTOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\RunServices: [RNBOStart] <WINSYSDIR>\rnbosent\sentstrt.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...377/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12499694-08BC-4502-8B7B-0316BCF4D9B9}: NameServer = 200.23.242.201,200.23.242.193

O17 - HKLM\System\CCS\Services\Tcpip\..\{797AAD9C-A8B2-4AC4-B8AD-FEF5DAC14ABA}: NameServer = 200.23.242.202 200.23.242.196

Share this post


Link to post
Share on other sites

Hello cabo

 

Glad to see that all is back in order.

 

We ( my tutor and I ) had a feeling that there was some hidden process that could not be identified with HJT.

 

Our next step after the Trojan scans would have been to suggest a tool to sniff it out.

 

It looks like it's been taken care of.

 

Your current log at first glance looks good. It's not complete so will not spend any more time on it.

 

Regards.

Share this post


Link to post
Share on other sites

It has been a pleasure to help you :)

 

The problems here look to be resolved so I will close the thread. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0