TheTechGuide Forum

General Category => Tech Clinic => Topic started by: xindragon on April 13, 2005, 07:09:37 PM

Title: all-ru.net/ AND rl.webtracer.cc/-/?bayzm
Post by: xindragon on April 13, 2005, 07:09:37 PM

When I run internet explorer, it begins with rl.webtracer and settles on all-ru.net/

I've done Ad-aware SE, CWShredder, partly done Spybot (but have a "external update application corrupted and need "Updater" update), ran Norton, UNABLE to do Trend Housecall, TDS-3 maybe due to slow internet--dunno.



Can anyone help? ............ Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:26:42 PM, on 4/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HJT.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (http://\"http://rl.webtracer.cc/-/?bayzm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com (http://\"http://www.toshiba.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 (http://\"http://www.seekerbar.com/ie.aspx?tb_id=50154\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (http://\"http://rl.webtracer.cc/-/?bayzm\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 (http://\"http://www.seekerbar.com/ie.aspx?tb_id=50154\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.120.115.226:8848
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 1159680172 auto.search.msn.com
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://superprogdownload.com/download/helps/id/187787/1039389348.chm::/win.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab (http://\"http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab\")
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes...ion=4,3,2,20802 (http://\"http://www.imagestation.com/common/classes...ion=4,3,2,20802\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094529567795 (http://\"http://v5.windowsupdate.microsoft.com/v5co...b?1094529567795\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMesse...pDownloader.cab\")
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Title: all-ru.net/ AND rl.webtracer.cc/-/?bayzm
Post by: guestolo on April 14, 2005, 12:13:31 AM

Can you do the following please

I need to see both of these logs to verify
Create a new folder on your desktop
Right click an empty spot on the desktop
Select NEW>>FOLDER
Name the new folder Locate
Download and save too desktop Locate.zip (http://\"http://www.atribune.org/downloads/locate.zip\")

UNZIP the contents to that newly created folder
Open the Locate folder and Double click to run Locate.bat
Wait for the Report and post it back here

Could you also
download Startdreck.zip startdreck.zip (http://\"http://www.niksoft.at/php/dl.php?f=startdreck.zip\")

UNZIP to a folder. DoubleClick: 'StartDreck.exe'
First click on the config button.
Now click the Unmark all button
Under "System/Drivers, put a check by these boxes only:
*Mark NT Services
*List binaries
*NT Kernel- and FS Drivers
Now click the Save button to save that log. Go to the StartDreck folder and find the Startdreck.log file.

Copy and Paste the contents of that log back here