• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mishka029

easy-search.biz

23 posts in this topic

Help! I have the easy-search.biz home page re-setting my internet explorer page every few minutes and also a porndialer that keeps getting me booted off i tried the cw shredder and I have run spybot and spysweep it tells me it has removed it then it tells me it cannot remove it and says it is in the webviewer file but when i try to check that file it says it is empty...I am going insane. thanks in advance for your help

Deborah

Share this post


Link to post
Share on other sites

Please do this.

Download 'Hijack This!'

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Here you go...if I did it wrong, let me know and I will try again. THANK YOU SO MUCH FOR YOUR HELP

Logfile of HijackThis v1.98.0

Scan saved at 6:07:13 AM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\PROMon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\System32\wuinchat.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\nsxhkw.exe

C:\WINDOWS\runwin32.exe

C:\WINDOWS\wininet32.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\America Online 9.0c\aoltray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\runwin32.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\Tepv.exe

C:\WINDOWS\System32\Suv49R6.exe

C:\WINDOWS\dialup.exe

C:\DOCUME~1\RENT-A~1\LOCALS~1\Temp\saDDA.tmp.exe

C:\WINDOWS\dialup.exe

C:\Program Files\WebSiteViewer\123804.dlr

C:\Program Files\America Online 9.0c\waol.exe

C:\Program Files\America Online 9.0c\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\RENT-A-CENTER\My Documents\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: NavErrRedir Class - {01CD4DDA-166D-4831-A373-ACCC27E1BB9D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~3.DLL (file missing)

O2 - BHO: - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll

O2 - BHO: - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: - {9530F709-BC15-4CE7-8671-EFAF1FC57272} - C:\WINDOWS\msie32.dll

O2 - BHO: - {DF9C3C9C-D1FD-410C-A2CE-1AD849CC1EFD} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {FC4FBF2D-D8F5-4C71-86ED-3282ECFA8675} - C:\WINDOWS\System32\diogest.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [3SAHCS#4MABT@T] C:\WINDOWS\System32\Oywf2.exe

O4 - HKLM\..\Run: [0kE] C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [wuinchat.exe] C:\WINDOWS\System32\wuinchat.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [5Iq] C:\WINDOWS\nsxhkw.exe

O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

Hello,

You have the Peper Trojan ,so download uninst.exe here and run it while you are online, reboot

and Post a new log.

Share this post


Link to post
Share on other sites

when i install the uninstall program and then try to run it , it starts to run then goes to a blank page. am I doing something wrong or am I being blocked from running it?

Share this post


Link to post
Share on other sites

Due to the number of infections that you have, can you please run through the following procedures and after you have completed them, reboot and post another HijackThis log into this message for further review:

Download CWShredder install, run and click fix.

  1. Run either of these free online virus scans.

[*]How to use Ad-Aware to remove Spyware <= Please check this link for instructions on how to download, install and then use adaware. Run this program as soon as possible.

[*]How to use Spybot to remove Spyware <= Please check this link for instructions on how to download, install and then use spybot. Run this as soon as possible as it may catch things that adaware misses.

[*]Download, install and run Tojan Hunter (Trial)

Share this post


Link to post
Share on other sites

Hello again. I ran everything you asked and here are the results

Logfile of HijackThis v1.97.7

Scan saved at 4:56:57 PM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\PROMon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\System32\wuinchat.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\nsxhkw.exe

C:\WINDOWS\wininet32.exe

C:\WINDOWS\runwin32.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\America Online 9.0c\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\America Online 9.0c\waol.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\America Online 9.0c\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\RENT-A-CENTER\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: NavErrRedir Class - {01CD4DDA-166D-4831-A373-ACCC27E1BB9D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~3.DLL (file missing)

O2 - BHO: (no name) - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {9530F709-BC15-4CE7-8671-EFAF1FC57272} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {DF9C3C9C-D1FD-410C-A2CE-1AD849CC1EFD} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {FC4FBF2D-D8F5-4C71-86ED-3282ECFA8675} - C:\WINDOWS\System32\diogest.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [0kE] C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [wuinchat.exe] C:\WINDOWS\System32\wuinchat.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [5Iq] C:\WINDOWS\nsxhkw.exe

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

Print out these instructions so you can read them while you clean your system.

Run CWShredder again but click on Check for Updates first then close all browsers and click on Fix.

 

reboot into safe mode - How do I boot into "Safe" mode?

Now close all open windows AND browsers and check these items for HJT to fix(a fair amount of these are likely to be gone because of CWShredder):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: NavErrRedir Class - {01CD4DDA-166D-4831-A373-ACCC27E1BB9D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~3.DLL (file missing)

O2 - BHO: (no name) - {9530F709-BC15-4CE7-8671-EFAF1FC57272} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {DF9C3C9C-D1FD-410C-A2CE-1AD849CC1EFD} - C:\WINDOWS\msie32.dll

O2 - BHO: (no name) - {FC4FBF2D-D8F5-4C71-86ED-3282ECFA8675} - C:\WINDOWS\System32\diogest.dll (file missing)

O4 - HKLM\..\Run: [0kE] C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [wuinchat.exe] C:\WINDOWS\System32\wuinchat.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [5Iq] C:\WINDOWS\nsxhkw.exe

O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

You are running SpyHunter . This is a program that advertises itself as removing spyware, but it apparently gives false positives to get you to buy it and then does a miserable job. Some even think that it may install malware. I recommend that you remove it in Add/Remove Programs. See this post for details about these programs: http://www.safer-networking.org/index.php?...tail=2004-02-05

If you choose to un installit (I recommend it) fix this item with Hijack This:

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

 

 

reboot into safe mode - How do I boot into "Safe" mode?

 

Delete the folder:

 

C:\PROGRAM FILES\INCRED~1

 

Delete the files:

 

C:\documents and settings\rent-a-center\local settings\temp\0kE.exe

C:\WINDOWS\System32\wuinchat.exe

C:\WINDOWS\System32\cdsm32.dll

C:\WINDOWS\System32\diogest.dll

C:\WINDOWS\realtime.exe

C:\WINDOWS\aqadcup.exe

C:\WINDOWS\msie32.dll

C:\WINDOWS\nsxhkw.exe

C:\WINDOWS\wininet32.exe

C:\WINDOWS\runwin32.exe

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Edited by mmxx66

Share this post


Link to post
Share on other sites

Am I getting anywhere? lol

Logfile of HijackThis v1.97.7

Scan saved at 7:07:18 PM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Save\Save.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\uptodate.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\PROMon.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\IEDriver\IEDriver.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\eautoconv.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\America Online 9.0c\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\WINDOWS\System32\Ccbt.exe

C:\WINDOWS\System32\Ccbt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\America Online 9.0c\waol.exe

C:\Program Files\America Online 9.0c\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\RENT-A-CENTER\My Documents\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\IEDriver\ieupdate.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: (no name) - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [iEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [eautoconv.exe] C:\WINDOWS\System32\eautoconv.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [3SAHCS#4MABT@T] C:\WINDOWS\System32\VchsZQoq.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

Go to this link follow the instructions and post a new log.

Share this post


Link to post
Share on other sites

my computer is saying my current security settings will not allow me to download the file..can you please tell me how to fix it? i am a bit of an idiot when it comes to these things

Share this post


Link to post
Share on other sites

Don´t download it. it´s not safe . Did you updated your CWshredder?

Share this post


Link to post
Share on other sites

Ok, the Peper trojan is back so run uninst.exe while you are online, reboot

and Post a new log.

Share this post


Link to post
Share on other sites

Sorry , but it seems you don´t have an AntiVirus installed in your PC, that´s suicidal. :huh:

GO here http://free.grisoft.com/freeweb.php oe here http://www.avast.com/eng/products/desktop_..._4_home_ed.html to install a free one.

Edited by mmxx66

Share this post


Link to post
Share on other sites

it wont run uninstall.exe. i dont know why I have downloaded it but when i try and open it to make it run it will not do anything. on the file it says read only what does that mean? is there any software I can buy that will effectively remove this thing?

Share this post


Link to post
Share on other sites

Go here http://downloads.subratam.org/PeperFix.exe to download the PeperFix tool.

Save it to your Desktop.

Run PeperFix.exe:

Doubleclick on it.

Click 'Find and Fix'

Reboot if prompted.

Reboot into Safe Mode and run it again.

Reboot if prompted.

 

Post a new log.

 

And please install an antivirus.

Edited by mmxx66

Share this post


Link to post
Share on other sites

I ran one of those antivirus scans you sent me and now when i ran the log i dont see any easy-search.biz stuff. that is a good thing, right? It removed 27 infected folders. i am downloading the last link you sent me would you mind looking at this and telling me if I am getting somewhere? THANKS you are such a sweetheart to help me!!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 6:21:31 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\rundll32.exe

C:\PROGRA~1\Save\Save.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\uptodate.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\PROMon.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\System32\grwitnsthlp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\America Online 9.0c\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\America Online 9.0c\waol.exe

C:\Program Files\America Online 9.0c\shellmon.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\RENT-A-CENTER\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: (no name) - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [iEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [3SAHCS#4MABT@T] C:\WINDOWS\System32\VchsZQoq.exe

O4 - HKLM\..\Run: [grwitnsthlp.exe] C:\WINDOWS\System32\grwitnsthlp.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

ok here is the log after i ran the link you sent (the peper fix one)

Logfile of HijackThis v1.97.7

Scan saved at 6:28:43 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\rundll32.exe

C:\PROGRA~1\Save\Save.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\uptodate.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\PROMon.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\System32\grwitnsthlp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\America Online 9.0c\aoltray.exe

C:\Program Files\AOL Companion\companion.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\America Online 9.0c\waol.exe

C:\Program Files\America Online 9.0c\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\RENT-A-CENTER\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: (no name) - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [iEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [3SAHCS#4MABT@T] C:\WINDOWS\System32\VchsZQoq.exe

O4 - HKLM\..\Run: [grwitnsthlp.exe] C:\WINDOWS\System32\grwitnsthlp.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D80130-6086-45CA-99B6-296C1A1EB1DA}: NameServer = 205.188.146.146

Share this post


Link to post
Share on other sites

Print out these instructions so you can read them while you clean your system.

 

Run PeperFix.exe again:

Doubleclick on it.

Click 'Find and Fix'

Reboot if prompted.

Reboot into Safe Mode and run it again.

Reboot if prompted.

 

Move Hijack This to its own folder.Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Move hijack this there. Hijack this makes backups of everything you fix, these backups are saved in the same folder the program is.

Now close all open windows AND browsers and check these items for HJT to fix:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

O2 - BHO: (no name) - {0D9D497C-7ACC-4524-A864-EAB608ADC82D} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {28E8C9F2-4A5A-42E3-86B7-5DC6B018B1EF} - C:\WINDOWS\msie32.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [iEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe

O4 - HKLM\..\Run: [eautoconv.exe] C:\WINDOWS\System32\eautoconv.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

 

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Go to Add/Remove Programs in Control Panel and uninstall Save or WhenUSave or similar.

 

Delete the folders:

 

C:\Program Files\Save

C:\WINDOWS\System32\IEDriver

 

Delete the files:

 

C:\WINDOWS\System32\cdsm32.dll

C:\WINDOWS\System32\stlbdist.DLL

C:\WINDOWS\System32\eautoconv.exe

C:\WINDOWS\aqadcup.exe

C:\WINDOWS\msie32.dll

C:\WINDOWS\uptodate.exe

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Edited by mmxx66

Share this post


Link to post
Share on other sites

thanks for all your help. i managed to completely lock out my system I couldnt do a thing with it or even get back online. LOL I am such a damn genius lol i took it back where i got it and they wiped it clean and reinstalled all my programs(not to worry, installing anti-virus as I am typing this to you) thanks again I told all my friends about you guys!

Share this post


Link to post
Share on other sites

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0