Jump to content


Photo

Multiple Garbage


  • Please log in to reply
2 replies to this topic

#1 almostclueless

almostclueless

    Member

  • New Member
  • Pip
  • 1 posts

Posted 21 July 2004 - 07:10 PM

I've read FAQ multiple times and I've tried to comply. I think I'm as far as I can go without further help. I originally had the hijack where it would go about:blank and then hijack my browser. I read somewhere here about using 127.0.0.1 to stop it and at least got my home page back. Then WinTools came into the picture. I followed the directions I could on that and so far seem to have disabled it.

I kept running Ad-aware and Spybot and they kept finding the same things. Then I updated Ad-aware and it found a whole host of new stuff including CoolWebSearch. I deleted the 100 things it found and I've now run a new Hijack this log.

When I get on-line and try to go to any web site, search engines pop up on a new screen and redirect me. I close the screen and I'm back at the site I wanted to go to. One of these is odyseemarketing and another is webcounter or webtracker something like that. I also get a popup box that says "search for your favorite porn". That one I can't get rid of. I just ignore it but it stays minimized until I get complete off-line and close ie.

When Norton scans, it finds 12 compressed files in the C:_/Restore/Archive directory. Some are infected with the Trojan.Bookmark I virus while others are infected with Download.Trojan. Any suggestions on how to delete those as Nortan can't quarantine or delete them.

Like I said, all kinds of garbage.

So, here's my hijack this log (hope I did this part right) and I'll wait for your guidance.

Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 7:28:40 PM, on 7/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMON32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jetnet.aa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://jetnet.aa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...,4.0&bm,ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\THINKPAD\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [53KKMJ72A9TB@6] C:\WINDOWS\SYSTEM\ZVZU10.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Control Pad (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...nt/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.co.../AcpControl.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#2 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 21 July 2004 - 07:16 PM

Don't feel bad!

I'm COMPLETELY clueless!!!
I have a similar situation when I go to a search engine; which is google in my case... It will search and then as the google page comes up, I get another page pop up over top of the google page called Searching the Search Engines... It is some kind of search hijacker... In my programs list there has been something added called Search Extender and I know that is responsible... It's driving me nuts as I don't know about the way these things work within... Hope you get some help soon....

#3 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 07 September 2004 - 04:25 PM

Sorry for the delay, if you still have problems post a fresh log please




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button