• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
macerda

Help

6 posts in this topic

Hi, I just read these forums on how to get rid of all the spyware on my computer. I just have finished running rubber duckies and hijack this, but what else do I need to check on the list. I really appreciate it. here is my log

 

Logfile of HijackThis v1.97.7

Scan saved at 11:29:51 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\WINDOWS\System32\tfgaml.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\windows\system32\winexplor.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\Martin Cerda\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qvthe.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qvthe.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qvthe.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qvthe.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qvthe.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qvthe.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R3 - Default URLSearchHook is missing

O1 - Hosts file is located at: C:\WINDOWS\help\hosts

O1 - Hosts: 209.66.114.130 sitefinder.verisign.com

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {50E8A13C-2A6A-007E-B813-2EC0A63B8202} - C:\WINDOWS\system32\iesy.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [efhksziio] C:\WINDOWS\System32\tfgaml.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NGIFFAZ] C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

O4 - HKLM\..\Run: [47mi37g] msxmsg.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe

O4 - HKLM\..\Run: [atlnw.exe] C:\WINDOWS\system32\atlnw.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [atldu.exe] C:\WINDOWS\atldu.exe

O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\winii.exe

O4 - HKLM\..\RunOnce: [iepc32.exe] C:\WINDOWS\iepc32.exe

O4 - HKLM\..\RunOnce: [netun32.exe] C:\WINDOWS\netun32.exe

O4 - HKLM\..\RunOnce: [addyg.exe] C:\WINDOWS\system32\addyg.exe

O4 - HKLM\..\RunOnce: [javait.exe] C:\WINDOWS\system32\javait.exe

O4 - HKLM\..\RunOnce: [d3tg.exe] C:\WINDOWS\system32\d3tg.exe

O4 - HKLM\..\RunOnce: [ntaq.exe] C:\WINDOWS\ntaq.exe

O4 - HKLM\..\RunOnce: [ntqo.exe] C:\WINDOWS\system32\ntqo.exe

O4 - HKLM\..\RunOnce: [d3sg.exe] C:\WINDOWS\system32\d3sg.exe

O4 - HKLM\..\RunOnce: [addld.exe] C:\WINDOWS\system32\addld.exe

O4 - HKLM\..\RunOnce: [apikg.exe] C:\WINDOWS\system32\apikg.exe

O4 - HKLM\..\RunOnce: [javarn.exe] C:\WINDOWS\system32\javarn.exe

O4 - HKLM\..\RunOnce: [mfcmk.exe] C:\WINDOWS\system32\mfcmk.exe

O4 - HKLM\..\RunOnce: [atlwo.exe] C:\WINDOWS\atlwo.exe

O4 - HKLM\..\RunOnce: [netik32.exe] C:\WINDOWS\netik32.exe

O4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS\system32\netgy.exe

O4 - HKLM\..\RunOnce: [sysoo32.exe] C:\WINDOWS\sysoo32.exe

O4 - HKLM\..\RunOnce: [mfcwd.exe] C:\WINDOWS\mfcwd.exe

O4 - HKLM\..\RunOnce: [apixk32.exe] C:\WINDOWS\apixk32.exe

O4 - HKLM\..\RunOnce: [ipvm32.exe] C:\WINDOWS\ipvm32.exe

O4 - HKLM\..\RunOnce: [apikd.exe] C:\WINDOWS\apikd.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=

O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29baae4b77d3b6...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

Share this post


Link to post
Share on other sites

Hey Download About:Buster from www.ducky.atribune.org. Then unzip it to your desktop. Now restart in safe mode by pressing F8 several times while the computer is first booting. Run About:Buster and save the report. Restart normally and post a new Hijack this log and the report you saved from About:Buster.

Share this post


Link to post
Share on other sites

Okay, here are both of the file. Which ones do I check on hijack this. I don't have as many problems as i did before, but I think I am missing something. Thank you very much

 

About:Buster Version 1.24

Removed! : C:\WINDOWS\System32\vzvrh.dat

Removed! : C:\WINDOWS\System32\xcgnt.dat

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed __NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:52:36 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\WINDOWS\System32\tfgaml.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\windows\system32\winexplor.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Documents and Settings\Martin Cerda\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qvthe.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://65.75.143.119/freeticket.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R3 - Default URLSearchHook is missing

O1 - Hosts file is located at: C:\WINDOWS\help\hosts

O1 - Hosts: 209.66.114.130 sitefinder.verisign.com

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {50E8A13C-2A6A-007E-B813-2EC0A63B8202} - C:\WINDOWS\system32\iesy.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [efhksziio] C:\WINDOWS\System32\tfgaml.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NGIFFAZ] C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

O4 - HKLM\..\Run: [47mi37g] msxmsg.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=

O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29baae4b77d3b6...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

Share this post


Link to post
Share on other sites

Ok the first variant has been removed. (you ran about:buster 2 times right.. and forgot to post the first log. :) its ok)...

 

Ok Download Ad-Aware from www.lavasoftusa.com. Install it. Start it and hit Update (the globe). Let it update and hit finish. Then hit next until it starts scanning. Once its done hit next. Tick the boxes next to all the items. Hit Next. Restart and post a new log.

Share this post


Link to post
Share on other sites

Okay, here are the last two logs. Everything seems to be working better than it was before. Your program really helped. Am I missing anything on Hijack this to check off and delete? Thank you

 

About:Buster Version 1.24

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Pages Reset... Done!

 

Logfile of HijackThis v1.97.7

Scan saved at 12:11:52 AM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Documents and Settings\Martin Cerda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R3 - Default URLSearchHook is missing

O1 - Hosts file is located at: C:\WINDOWS\help\hosts

O1 - Hosts: 209.66.114.130 sitefinder.verisign.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {50E8A13C-2A6A-007E-B813-2EC0A63B8202} - C:\WINDOWS\system32\iesy.dll (file missing)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NGIFFAZ] C:\documents and settings\martin cerda\local settings\temp\NGIFFAZ.exe

O4 - HKLM\..\Run: [47mi37g] msxmsg.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29baae4b77d3b6...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

Share this post


Link to post
Share on other sites

Any other tips on what to check of on Hijack this?? All the webpages are loading, except for one. Some of the webpages say that I "may not have the credential". I have visited the site before, so what is wrong now??

 

Thank you for your time

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0