Author Topic: Need help. have hijack log (Read 1190 times)

Michael DiComo · « **on:** February 24, 2005, 12:19:46 PM »

I've been having a problem: When I open internet explorer, my homepage is automatically reset to about:blank, a search engine like page. It also gives me a popup advertising Antivirus software (how very un-funny and ironic). I dl-ed Hijack ths. Here's the log-

*PS- THANK YOU SO MUCH. i didnt know about hijack this until i found this forum

Logfile of HijackThis v1.99.1
Scan saved at 12:18:55 PM, on 2/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Hijack\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {AD18C0A8-2574-415D-B7C0-1FAC7C64E18B} - C:\WINDOWS\System32\ebpb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll,DllInstall
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105907235765
O18 - Filter: text/html - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll
O18 - Filter: text/plain - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe

guestolo · « **Reply #1 on:** February 24, 2005, 05:30:48 PM »

Could you Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log too, thanks

Guest · « **Reply #2 on:** February 26, 2005, 08:47:25 AM »

Well, I'm not sure if this is good (cuz all my files do exist) or bad(because this might not narrow down the problem), but there were no files in the lower pane, even after the first compare. Here's the log-

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,132 items found: 1,132 files, 0 directories.
Total of file sizes: 230,253,059 bytes 219.59 M

Administrator Account = True

--------------------End log---------------------

I have even tried running the scan with the "check subdirectories" box checked on.

guestolo · « **Reply #3 on:** February 26, 2005, 04:57:29 PM »

Download STARTDRECK

Unzip it to it's own folder

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log

Along with a fresh hijackthis log

Guest · « **Reply #4 on:** February 27, 2005, 12:48:54 PM »

Here are the two logs, StartDrek and Hijack This--

StartDreck (build 2.1.7 public stable) - 2005-02-27 @ 12:45:47 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as DiComo Family at DICOMO

»Registry
»Run Keys
»Current User
»Run
*AIM=C:\Program Files\aim\aim.exe -cnetwait.odl
»RunOnce
»Default User
»Run
*Sygate Personal Firewall=sys.exe
»RunOnce
»Local Machine
»Run
*APVXDWIN="C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
*sp=rundll32 C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll,DllInstall
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*{AD18C0A8-2574-415D-B7C0-1FAC7C64E18B}
`InprocServer32=C:\WINDOWS\System32\ebpb.dll
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+400=\SystemRoot\System32\smss.exe
+456=\??\C:\WINDOWS\system32\csrss.exe
+480=\??\C:\WINDOWS\system32\winlogon.exe
+524=C:\WINDOWS\system32\services.exe
+536=C:\WINDOWS\system32\lsass.exe
+696=C:\WINDOWS\system32\svchost.exe
+740=C:\WINDOWS\system32\svchost.exe
+848=C:\WINDOWS\System32\svchost.exe
+968=C:\WINDOWS\System32\svchost.exe
+1088=C:\WINDOWS\System32\svchost.exe
+1248=C:\WINDOWS\Explorer.EXE
+1280=C:\WINDOWS\system32\spoolsv.exe
+1484=C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
+1500=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
+1508=C:\WINDOWS\system32\rundll32.exe
+1604=C:\WINDOWS\system32\devldr32.exe
+1612=C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
+1648=C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
+1716=C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
+1732=C:\WINDOWS\System32\RioMSC.exe
+1776=C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
+1228=C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
+2096=C:\WINDOWS\System32\alg.exe
+3132=C:\WINDOWS\System32\svchost.exe
+3048=C:\WINDOWS\system32\spider.exe
+2796=C:\Program Files\Internet Explorer\iexplore.exe
+3868=C:\Start Drek\StartDreck.exe
»Application specific

Logfile of HijackThis v1.99.1
Scan saved at 12:48:26 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {AD18C0A8-2574-415D-B7C0-1FAC7C64E18B} - C:\WINDOWS\System32\ebpb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105907235765
O18 - Filter: text/html - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll
O18 - Filter: text/plain - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe

guestolo · « **Reply #5 on:** February 27, 2005, 02:33:41 PM »

Download the Pocket Killbox
UNZIP it to a folder of your choice

Open a blank Notepad file
Start>>run>>type in notepad
Copy and paste the rest of these instructions to it and then save it on your desktop
Close out all browser windows

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {AD18C0A8-2574-415D-B7C0-1FAC7C64E18B} - C:\WINDOWS\System32\ebpb.dll

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll,DllInstall

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O18 - Filter: text/html - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll
O18 - Filter: text/plain - {88FC288B-8202-4A50-9B99-C271CB02D7E9} - C:\WINDOWS\System32\ebpb.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run Pocket KillBox
click on Tools --> Select Delete Temp Files. Click OK.

At the bottom right of the main screen, click on the down arrow to the left of the yellow triangle.
Select the following entry if running rundll32.exe
Now click the yellow triangle to End Task
There may be more than one running, end task on all of them

Again, in Killbox
At the main screen of Pocket Killbox, select the option: Delete on Reboot
Also click
Unregister .dll before deleting
In the Full Path of File to Delete box, copy and paste this entry:

C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll

Press the button with a red circle and a white X
Click Yes to Delete
If asked if you would like to Reboot, select No.

Do the same for this file's path
C:\WINDOWS\System32\ebpb.dll

If asked if you would like to Reboot>>Select "YES"

Allow to Restart or restart your computer anyways

Back in Windows

Do another scan with hijackthis and FIX checked this entry if still found, with all other windows closed
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll,DllInstall

Restart your computer one more time

Back in Windows
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh hijackthis log afterwards
Can you also run DLLCompare again and confirm there are still no files found in the
lower pane
Just run it with the instructions I posted, It's not a bad thing if no files are found

Guest · « **Reply #6 on:** February 28, 2005, 12:45:49 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> YES! A normal home page and NO POPUPS! Here's the hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 12:43:10 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijack\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1613B342-F686-4CE7-9658-3EB9E6303A12} - C:\WINDOWS\System32\ebpb.dll (file missing)
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105907235765
O18 - Filter: text/html - {85F51675-BA75-4109-9B0A-106184398903} - C:\WINDOWS\System32\ebpb.dll
O18 - Filter: text/plain - {85F51675-BA75-4109-9B0A-106184398903} - C:\WINDOWS\System32\ebpb.dll
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe

guestolo · « **Reply #7 on:** February 28, 2005, 03:14:09 PM »

Open Killbox and click on Tools and delete Temp files

Delete this folder if found
C:\!Submit <--this folder

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DICOMO~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1613B342-F686-4CE7-9658-3EB9E6303A12} - C:\WINDOWS\System32\ebpb.dll (file missing)

O18 - Filter: text/html - {85F51675-BA75-4109-9B0A-106184398903} - C:\WINDOWS\System32\ebpb.dll
O18 - Filter: text/plain - {85F51675-BA75-4109-9B0A-106184398903} - C:\WINDOWS\System32\ebpb.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

Access Internet Options via ControlPanel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back one more Hijackthis log
Can you confirm that no files are found with DLLCompare again too
Edit>>I would prefer to see a fresh Startdreck log too, thanks

TheTechGuide Forum

News:

Author Topic: Need help. have hijack log (Read 1190 times)

Michael DiComo

Need help. have hijack log

guestolo

Need help. have hijack log

Guest

Need help. have hijack log

guestolo

Need help. have hijack log

Guest

Need help. have hijack log

guestolo

Need help. have hijack log

Guest

Need help. have hijack log

guestolo

Need help. have hijack log