Jump to content


Photo

THANK YOU, THANK YOU, THANK YOU!!!


  • Please log in to reply
1 reply to this topic

#1 dfwbill71

dfwbill71

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 August 2004 - 03:49 AM

I POSTED THIS ON THE ABOUT:BUSTER FORUM AND THOUGHT I'D SHARE IT HERE TOO........................


WARNING: THIS POSTING IS QUITE LONG AND DETAILED>>>>>Grab a nice cold beverage before continuing past this point!



Back on 7/25 I started noticing some strange stuff with my I.E. homepage changing all the time, and TONS of .exe programs listed in the Task Mgr. Im pretty savvy with troubleshooting my comp. but when it comes to REGISTRY stuff, Im not too confident.........and that's where the root of a lot of the 'browser hijack' problems are located!

So I searched around the net for solution sites/forums/HELP in any way, shape or form! I already had Ad-aware installed, and had used that often, but it didnt locate too much. I then found out about SpywareBlaster, SpyBot, HijackThis, Panda online scan, and re-did that other one that starts with a T....is it Trend?
(It's 3:11am right now, Im kinda fried after this comp. stuff, but wanted to get this posted while it's still fresh!)

So anyhow, I ran those and was able to remove just a few things, but always had stuff come back as "unable to clean" or WARNING or just plain "you're screwed bud"! LOL

I upgraded my DSL with SBC and got a new Portal rather than using my old DSL external modem, so I installed the SBC/Yahoo browser and THANK GOD I didnt have the probs of 'browser hijacking' like I had with I.E....................but I knew I couldnt just look away from the I.E. probs.......and that's when after long, LONG hours of searching I found ABOUT:BUSTER!!!!!!!!!!!!!!!!!!!!!!!!

I read directions in another forum on how to use it, and read many threads detailing the probs others are having, although none of my prob files/apps were the same as theirs, I got the basic drift of what to end up doing to see the light at the end of the tunnel!

Here's my first About:Buster log...........................GET READY!

-- Scan 1 --------
About:Buster Version 2.0
Deleted Service Key Successfully!
Removed! : C:\WINDOWS\absyhm.dat
Removed! : C:\WINDOWS\addft.exe
Removed! : C:\WINDOWS\addps.exe
Removed! : C:\WINDOWS\aewfeo.dat
Removed! : C:\WINDOWS\aohab.dat
Removed! : C:\WINDOWS\apifq.exe
Removed! : C:\WINDOWS\apihd32.exe
Removed! : C:\WINDOWS\apipm.exe
Removed! : C:\WINDOWS\apiuf32.exe
Removed! : C:\WINDOWS\appbz.exe
Removed! : C:\WINDOWS\appid.exe
Removed! : C:\WINDOWS\appof32.exe
Removed! : C:\WINDOWS\appxg32.exe
Removed! : C:\WINDOWS\appxi32.exe
Removed! : C:\WINDOWS\aqqhjg.dat
Removed! : C:\WINDOWS\atijmx.dat
Removed! : C:\WINDOWS\atlsp.exe
Removed! : C:\WINDOWS\atlux.exe
Removed! : C:\WINDOWS\atlwc.exe
Removed! : C:\WINDOWS\bfvtgk.dat
Removed! : C:\WINDOWS\blosxo.dat
Removed! : C:\WINDOWS\blubjw.dat
Removed! : C:\WINDOWS\boutbu.dat
Removed! : C:\WINDOWS\buwbkt.dat
Removed! : C:\WINDOWS\buwell.dat
Removed! : C:\WINDOWS\bwvxnk.dat
Removed! : C:\WINDOWS\ckdrj.dat
Removed! : C:\WINDOWS\crec.exe
Removed! : C:\WINDOWS\crep.exe
Removed! : C:\WINDOWS\crhf.exe
Removed! : C:\WINDOWS\crjr32.exe
Removed! : C:\WINDOWS\crnt32.exe
Removed! : C:\WINDOWS\crtv32.exe
Removed! : C:\WINDOWS\crwp32.exe
Removed! : C:\WINDOWS\crzh.exe
Removed! : C:\WINDOWS\cwdbwz.dat
Removed! : C:\WINDOWS\cywabl.dat
Removed! : C:\WINDOWS\czmwby.dat
Removed! : C:\WINDOWS\d3gn32.exe
Removed! : C:\WINDOWS\d3it.exe
Removed! : C:\WINDOWS\d3jw32.exe
Removed! : C:\WINDOWS\d3ol32.exe
Removed! : C:\WINDOWS\d3pu32.exe
Removed! : C:\WINDOWS\d3ss.exe
Removed! : C:\WINDOWS\d3ut.exe
Removed! : C:\WINDOWS\d3wq32.exe
Removed! : C:\WINDOWS\daasod.dat
Removed! : C:\WINDOWS\dbeafd.dat
Removed! : C:\WINDOWS\dnllkg.dat
Removed! : C:\WINDOWS\dzppzm.dat
Removed! : C:\WINDOWS\ebsrfx.dat
Removed! : C:\WINDOWS\edammy.dat
Removed! : C:\WINDOWS\eelhrb.dat
Removed! : C:\WINDOWS\efbjrx.dat
Removed! : C:\WINDOWS\elwkpl.dat
Removed! : C:\WINDOWS\fkptws.dat
Removed! : C:\WINDOWS\flxpoz.dat
Removed! : C:\WINDOWS\fqzlmq.dat
Removed! : C:\WINDOWS\fvaprr.dat
Removed! : C:\WINDOWS\gcpjhv.dat
Removed! : C:\WINDOWS\ghmkwy.dat
Removed! : C:\WINDOWS\gjhbri.dat
Removed! : C:\WINDOWS\gljpuq.dat
Removed! : C:\WINDOWS\glxaqg.dat
Removed! : C:\WINDOWS\gtdzlb.dat
Removed! : C:\WINDOWS\gumiyz.dat
Removed! : C:\WINDOWS\hdqnpq.dat
Removed! : C:\WINDOWS\hekubj.dat
Removed! : C:\WINDOWS\iebc32.exe
Removed! : C:\WINDOWS\iegq.exe
Removed! : C:\WINDOWS\iemp.exe
Removed! : C:\WINDOWS\ieou.exe
Removed! : C:\WINDOWS\ijujav.dat
Removed! : C:\WINDOWS\ikhozk.dat
Removed! : C:\WINDOWS\ineisp.dat
Removed! : C:\WINDOWS\ipax32.exe
Removed! : C:\WINDOWS\ipec.exe
Removed! : C:\WINDOWS\ipew32.exe
Removed! : C:\WINDOWS\ipjm.exe
Removed! : C:\WINDOWS\iplb32.exe
Removed! : C:\WINDOWS\ipom.exe
Removed! : C:\WINDOWS\iprc.exe.bak
Removed! : C:\WINDOWS\ipre.exe
Removed! : C:\WINDOWS\ipyc.exe
Removed! : C:\WINDOWS\iqcrxm.dat
Removed! : C:\WINDOWS\ivjva.dat
Removed! : C:\WINDOWS\ivjva.dll
Removed! : C:\WINDOWS\iwriuu.dat
Removed! : C:\WINDOWS\javaff.exe
Removed! : C:\WINDOWS\javamj32.exe
Removed! : C:\WINDOWS\javarc.exe
Removed! : C:\WINDOWS\jesggc.dat
Removed! : C:\WINDOWS\jhcmdg.dat
Removed! : C:\WINDOWS\jighhu.dat
Removed! : C:\WINDOWS\jnvhis.dat
Removed! : C:\WINDOWS\jpaibg.dat
Removed! : C:\WINDOWS\jqlfsn.dat
Removed! : C:\WINDOWS\jttnvi.dat
Removed! : C:\WINDOWS\jvdtrj.dat
Removed! : C:\WINDOWS\kcruoo.dat
Removed! : C:\WINDOWS\khgddk.dat
Removed! : C:\WINDOWS\kilbby.dat
Removed! : C:\WINDOWS\kjdsun.dat
Removed! : C:\WINDOWS\ktsljb.dat
Removed! : C:\WINDOWS\leuntc.dat
Removed! : C:\WINDOWS\ltxpco.dat
Removed! : C:\WINDOWS\lvuyxl.dat
Removed! : C:\WINDOWS\lvvfvz.dat
Removed! : C:\WINDOWS\lwvxfx.dat
Removed! : C:\WINDOWS\lxjgeo.dat
Removed! : C:\WINDOWS\lyuhdb.dat
Removed! : C:\WINDOWS\maiaha.dat
Removed! : C:\WINDOWS\mfcdp.exe
Removed! : C:\WINDOWS\mfcfw32.exe
Removed! : C:\WINDOWS\mfcgj.exe
Removed! : C:\WINDOWS\mfcgn.exe.bak
Removed! : C:\WINDOWS\mfckq32.exe
Removed! : C:\WINDOWS\mfctn32.exe
Removed! : C:\WINDOWS\mslw32.exe
Removed! : C:\WINDOWS\msmd32.exe
Removed! : C:\WINDOWS\msonbt.dat
Removed! : C:\WINDOWS\mszf32.exe
Removed! : C:\WINDOWS\muljup.dat
Removed! : C:\WINDOWS\mwrcmk.dat
Removed! : C:\WINDOWS\nbgclc.dat
Removed! : C:\WINDOWS\ndibdy.dat
Removed! : C:\WINDOWS\netbo.exe
Removed! : C:\WINDOWS\nettp.exe
Removed! : C:\WINDOWS\nnhaeq.dat
Removed! : C:\WINDOWS\ntbz32.exe.bak
Removed! : C:\WINDOWS\ntet32.exe
Removed! : C:\WINDOWS\nttl32.exe
Removed! : C:\WINDOWS\ntup.exe
Removed! : C:\WINDOWS\nvfgsp.dat
Removed! : C:\WINDOWS\odapuh.dat
Removed! : C:\WINDOWS\odplxm.dat
Removed! : C:\WINDOWS\orcwz.dat
Removed! : C:\WINDOWS\orcwza.dat
Removed! : C:\WINDOWS\owsfcj.dat
Removed! : C:\WINDOWS\pakptc.dat
Removed! : C:\WINDOWS\pdnrav.dat
Removed! : C:\WINDOWS\ptozlt.dat
Removed! : C:\WINDOWS\qdlwlj.dat
Removed! : C:\WINDOWS\qetuxn.dat
Removed! : C:\WINDOWS\qnsmw.dat
Removed! : C:\WINDOWS\rgzger.dat
Removed! : C:\WINDOWS\rnhstd.dat
Removed! : C:\WINDOWS\rweppr.dat
Removed! : C:\WINDOWS\rzjamr.dat
Removed! : C:\WINDOWS\sdkab32.exe
Removed! : C:\WINDOWS\sfrwqv.dat
Removed! : C:\WINDOWS\skjsfi.dat
Removed! : C:\WINDOWS\smlbfs.dat
Removed! : C:\WINDOWS\srfapv.dat
Removed! : C:\WINDOWS\sulgfj.dat
Removed! : C:\WINDOWS\syimyg.dat
Removed! : C:\WINDOWS\sysbp.exe
Removed! : C:\WINDOWS\sysej32.exe
Removed! : C:\WINDOWS\sysij.exe
Removed! : C:\WINDOWS\sysnv32.exe
Removed! : C:\WINDOWS\syspd32.exe
Removed! : C:\WINDOWS\sysqk32.exe
Removed! : C:\WINDOWS\tbilxp.dat
Removed! : C:\WINDOWS\thhjhy.dat
Removed! : C:\WINDOWS\tlupll.dat
Removed! : C:\WINDOWS\tuwfzt.dat
Removed! : C:\WINDOWS\tzjjgp.dat
Removed! : C:\WINDOWS\ubaowv.dat
Removed! : C:\WINDOWS\uikked.dat
Removed! : C:\WINDOWS\uvklkn.dat
Removed! : C:\WINDOWS\uztoir.dat
Removed! : C:\WINDOWS\vemnwa.dat
Removed! : C:\WINDOWS\vjdsyh.dat
Removed! : C:\WINDOWS\vjmjco.dat
Removed! : C:\WINDOWS\vlugbv.dat
Removed! : C:\WINDOWS\vmfxpw.dat
Removed! : C:\WINDOWS\vwdnym.dat
Removed! : C:\WINDOWS\waeadn.dat
Removed! : C:\WINDOWS\wdiaum.dat
Removed! : C:\WINDOWS\winqn.exe.bak
Removed! : C:\WINDOWS\winvx32.exe
Removed! : C:\WINDOWS\winzz32.exe
Removed! : C:\WINDOWS\wiujsy.dat
Removed! : C:\WINDOWS\wykiii.dat
Removed! : C:\WINDOWS\xaniys.dat
Removed! : C:\WINDOWS\xfbfnv.dat
Removed! : C:\WINDOWS\xforqj.dat
Removed! : C:\WINDOWS\xfzidf.dat
Removed! : C:\WINDOWS\xrztef.dat
Removed! : C:\WINDOWS\yckllc.dat
Removed! : C:\WINDOWS\yfvxxb.dat
Removed! : C:\WINDOWS\yimcab.dat
Removed! : C:\WINDOWS\ylgxkz.dat
Removed! : C:\WINDOWS\zbrxwn.dat
Removed! : C:\WINDOWS\zhrosv.dat
Removed! : C:\WINDOWS\zrxmtk.dat
Removed! : C:\WINDOWS\System32\addar.exe
Removed! : C:\WINDOWS\System32\addbm32.exe
Removed! : C:\WINDOWS\System32\addbq.exe
Removed! : C:\WINDOWS\System32\adddc.exe
Removed! : C:\WINDOWS\System32\addhh.exe
Removed! : C:\WINDOWS\System32\addkd.exe
Removed! : C:\WINDOWS\System32\agmul.dat
Removed! : C:\WINDOWS\System32\apije32.exe
Removed! : C:\WINDOWS\System32\apiml.exe
Removed! : C:\WINDOWS\System32\apire32.exe
Removed! : C:\WINDOWS\System32\apisw32.exe
Removed! : C:\WINDOWS\System32\appgj.exe
Removed! : C:\WINDOWS\System32\apppg32.exe
Removed! : C:\WINDOWS\System32\appqi.exe
Removed! : C:\WINDOWS\System32\appwg32.exe
Removed! : C:\WINDOWS\System32\appxw.exe
Removed! : C:\WINDOWS\System32\atlgu32.exe
Removed! : C:\WINDOWS\System32\crby32.exe
Removed! : C:\WINDOWS\System32\creb.exe
Removed! : C:\WINDOWS\System32\crek.exe
Removed! : C:\WINDOWS\System32\crgq.exe
Removed! : C:\WINDOWS\System32\crpd.exe
Removed! : C:\WINDOWS\System32\crro.exe
Removed! : C:\WINDOWS\System32\crww32.exe
Removed! : C:\WINDOWS\System32\cvrlt.dat
Removed! : C:\WINDOWS\System32\d3er32.exe
Removed! : C:\WINDOWS\System32\d3ii.exe
Removed! : C:\WINDOWS\System32\d3jk.exe
Removed! : C:\WINDOWS\System32\d3lu32.exe
Removed! : C:\WINDOWS\System32\d3ms32.exe
Removed! : C:\WINDOWS\System32\d3pz.exe
Removed! : C:\WINDOWS\System32\d3sr32.exe
Removed! : C:\WINDOWS\System32\ieeg.exe
Removed! : C:\WINDOWS\System32\ieeh32.exe
Removed! : C:\WINDOWS\System32\iegr.exe
Removed! : C:\WINDOWS\System32\iemt.exe
Removed! : C:\WINDOWS\System32\iexk.exe
Removed! : C:\WINDOWS\System32\ipgk32.exe
Removed! : C:\WINDOWS\System32\ipje32.exe
Removed! : C:\WINDOWS\System32\ipqn32.exe
Removed! : C:\WINDOWS\System32\iprv32.exe
Removed! : C:\WINDOWS\System32\ipun.exe
Removed! : C:\WINDOWS\System32\ipuv.exe
Removed! : C:\WINDOWS\System32\javahh.exe
Removed! : C:\WINDOWS\System32\javahm.exe
Removed! : C:\WINDOWS\System32\javaow32.exe
Removed! : C:\WINDOWS\System32\javavn32.exe
Removed! : C:\WINDOWS\System32\javazi.exe
Removed! : C:\WINDOWS\System32\javazw32.exe
Removed! : C:\WINDOWS\System32\mfcac32.exe
Removed! : C:\WINDOWS\System32\mfcdp.exe
Removed! : C:\WINDOWS\System32\mfcfy.exe
Removed! : C:\WINDOWS\System32\mfciw.exe
Removed! : C:\WINDOWS\System32\mfcpc.exe
Removed! : C:\WINDOWS\System32\mfctq.exe
Removed! : C:\WINDOWS\System32\msgm.exe
Removed! : C:\WINDOWS\System32\msht.exe
Removed! : C:\WINDOWS\System32\msjy32.exe
Removed! : C:\WINDOWS\System32\mskq32.exe
Removed! : C:\WINDOWS\System32\msvn.exe
Removed! : C:\WINDOWS\System32\msxg32.exe
Removed! : C:\WINDOWS\System32\netbq32.exe
Removed! : C:\WINDOWS\System32\netkt32.exe
Removed! : C:\WINDOWS\System32\netoj.exe
Removed! : C:\WINDOWS\System32\ntcd32.exe
Removed! : C:\WINDOWS\System32\ntcl.exe
Removed! : C:\WINDOWS\System32\ntfh32.exe
Removed! : C:\WINDOWS\System32\obhqk.dat
Removed! : C:\WINDOWS\System32\sdkuz32.exe
Removed! : C:\WINDOWS\System32\sdkvk.exe
Removed! : C:\WINDOWS\System32\syskt.exe
Removed! : C:\WINDOWS\System32\sysub32.exe
Removed! : C:\WINDOWS\System32\wincx32.exe
Removed! : C:\WINDOWS\System32\winfj32.exe
Removed! : C:\WINDOWS\System32\winil32.exe
Removed! : C:\WINDOWS\System32\winnt.exe
Removed! : C:\WINDOWS\System32\winpl.exe
Removed! : C:\WINDOWS\System32\wintk.exe
Removed! : C:\WINDOWS\System32\winzl32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Attempted Clean Of Temp folder.
Pages Reset... Done!


I WAS FLOORED!!!!!!!!!!!!!!! I knew it was bad, but YOWSA!!!!!!!!!

I counted 275 PROBLEM FILES THERE....................curious, what is the largest number of 'buggers' that About:Buster has uncovered on one P.C. on it's first scan? Maybe Im in the Top 10 of the MOST TROUBLED before A:B??

So, I then ran HJT and this is what it said...........

Logfile of HijackThis v1.98.1
Scan saved at 1:53:50 AM, on 8/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\winug32.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\mskw32.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\BILL 2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivjva.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivjva.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ivjva.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivjva.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivjva.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivjva.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BILL 2 Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E2FF7285-6F6F-9283-CBCD-D4E370856A52} - C:\WINDOWS\ntbz32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [mskw32.exe] C:\WINDOWS\mskw32.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\RunOnce: [winli32.exe] C:\WINDOWS\system32\winli32.exe
O4 - HKLM\..\RunOnce: [apioa.exe] C:\WINDOWS\system32\apioa.exe
O4 - HKLM\..\RunOnce: [iegh.exe] C:\WINDOWS\system32\iegh.exe
O4 - HKLM\..\RunOnce: [sysxg.exe] C:\WINDOWS\sysxg.exe
O4 - HKLM\..\RunOnce: [netae32.exe] C:\WINDOWS\system32\netae32.exe
O4 - HKLM\..\RunOnce: [iprf.exe] C:\WINDOWS\system32\iprf.exe
O4 - HKLM\..\RunOnce: [msdi32.exe] C:\WINDOWS\system32\msdi32.exe
O4 - HKLM\..\RunOnce: [apiai32.exe] C:\WINDOWS\apiai32.exe
O4 - HKLM\..\RunOnce: [addrt32.exe] C:\WINDOWS\addrt32.exe
O4 - HKLM\..\RunOnce: [winav.exe] C:\WINDOWS\system32\winav.exe
O4 - HKLM\..\RunOnce: [mfcil.exe] C:\WINDOWS\mfcil.exe
O4 - HKLM\..\RunOnce: [crxt.exe] C:\WINDOWS\system32\crxt.exe
O4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\apphg32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: www.usofa.org
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab



Which actually was a HUGE improvement from what it was days before........and HJT wouldnt fix anything before I used About:Buster!!!!

So then I kept seeing Spybot tell me that the I.E. homepage was STILL being changed, and everytime I even thought about touching START:EXPLORE Spybot would pop up about 5 or so warnings of all these .exe apps adding themselves to my reg!

I read more on the forum and followed the advice given to another troubled hijacked soul..............and HOLY PORKCHOPS AND APPLESAUCE BATMAN IM FREE FROM THE EVIL HIJACKING!!!!!!!!!! (or I think I am so far!)

Here's the A:B report after changing Ad-aware properties, safe mode, and running A:B, then HJT, then Ad-Aware in that order.........................

-- Scan 1 --------
About:Buster Version 2.0
Removed! : C:\WINDOWS\cwdbwz.dat
Removed! : C:\WINDOWS\ivjva.dat
Removed! : C:\WINDOWS\ivjva.dll
Removed! : C:\WINDOWS\mskw32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Attempted Clean Of Temp folder.
Pages Reset... Done!


Still some buggers in there, but then followed the advice and here's the HJT CLEAN BILL OF HEALTH..........(at least I hope it is!)

Logfile of HijackThis v1.98.1
Scan saved at 2:25:24 AM, on 8/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\BILL 2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BILL 2 Internet
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: www.usofa.org
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab



THANK YOU THANK YOU THANK YOU!!!!!!!!!!! The process of fail, fail, fail, kinda succeed, FAIL AGAIN, then FINDING THIS SITE AND A:B AND TOTAL SUCCESS has been draining, interesting, frustrating, but VERY educational in the long run!

If anyone notices some more buggers in the CLEAN reports I posted.........PLEASE let me know here, or email me: [Email address removed. Not a good idea to show it in a public forum. People can send you email by clicking your E-Mail button, below. - cnm]

Once again THANKS A MILLION!!!!!!!!!!!!!!

Bill M.
Dallas, Texas USA

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,036 posts

Posted 02 August 2004 - 09:42 AM

Nice work, dfwbill71! :D
Seems you may be becoming addicted to the fascinating sport of malware hunting - consider enlisting? The Boot Camp here

Just a little cleanup:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html <--Red Sheriff
Fixing won't affect any other Yahoo functions.

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button