« previous next »
Pages: [1]

Author Topic: Hijack This Log  (Read 1717 times)

Offline opie

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hijack This Log
« on: April 13, 2005, 07:19:00 PM »
Hello,

I am at a point where I can't do work from home because of daosearch hijacking my Mozilla Firefox.  I have attached the log below.  Please help!
 

Logfile of HijackThis v1.99.1
Scan saved at 8:17:41 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\cdfview5.exe
C:\WINDOWS\system32\Services\{EAE1FCB7-9355-4038-B0FE-6788D01B3A91}\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\Zaiy0X6.exe
C:\WINDOWS\System32\Oval61.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Beth\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=121
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {860FEF31-05F2-267A-879B-06A2D8D36990} - C:\WINDOWS\system32\qksgl.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\system32\spm8274.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll
O2 - BHO: (no name) - {D4180D21-AFA9-C75D-CF5C-CD57D58120A4} - C:\WINDOWS\system32\cxfi.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\WkvZ.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Hji9N4] C:\documents and settings\ken\local settings\temp\Hji9N4.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [d18f58bfbb44] C:\WINDOWS\System32\cdfview5.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{EAE1FCB7-9355-4038-B0FE-6788D01B3A91}\SVCHOST.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)
O12 - Plugin for .MTD: C:\Program Files\Internet Explorer\Plugins\npmusicn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://atlclmail02.prgx.com/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27ba5d4a307add692916/netzip/RdxIE2.cab
O16 - DPF: {DBB2DE32-61F1-4F7F-BEB8-A37F5BC24EE2} (MozillaPluginHostCtrl Class) - http://www.musicnotes.com/download/adaptor.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...wave/wtinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #1 on: April 14, 2005, 12:45:00 AM »
Hi Opie,
I need you to run some tools on your computer before we tackle your log
You have a few problems that need addressed

==From my signature below, download and save too a folder or desktop> CWShredder.exe

==Download and save to a folder or desktop The STINGER
By McAfee's
Don't run it yet

==Download and save to a folder or desktop PeperFix.exe
From that link
Don't run it yet

==Download and Install this small program
to help clean your temp folders,cookies, recylebin
Windows Cleanup
Install for now, don't run a scan yet

==Download and save to a folder or desktop
FixAprop.exe
by Symantec's
Don't run it yet

Let's do some cleaning
Please Print this out or save these instructions to a Notepad file and save it to your Desktop

Access your Add/Remove programs and remove if found
Search Toolbar
Advanced Search

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation

In SAFE MODE

Run CWShredder.exe>>Click the FIX button, let it fix what it finds
Restart your computer afterwards back to safe mode to finish the cleaning if anything was found fixed

Back in safe mode
==Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't Log off

Instead
Run the >Stinger by McAffee's
Let it scan your hard drive and fix whatever it finds
When it's done

Restart your computer, allow to restart back to Safe mode again

Back in safe mode
Double click to Run> PeperFix.exe
Click the> Find and fix< and follow the prompts
When it's done
Restart your computer again back to safe mode

Back in safe mode
Run >FixAprop.exe from Symantec's
Let it finish it's scan and fix what it finds

Afterwards, Restart your computer back to Normal mode

Post back with a fresh Hijackthis log and we'll go from there, we'll still have a bit of cleaning afterwards
« Last Edit: April 14, 2005, 12:54:48 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline opie

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hijack This Log
« Reply #2 on: April 14, 2005, 07:44:03 PM »
Guestolo, thanks for your help!  Okay I followed your instructions and below is the HijackThis log file after I ran all of the tools:

Logfile of HijackThis v1.99.1
Scan saved at 8:39:21 PM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\cdfview5.exe
C:\WINDOWS\system32\Services\{EAE1FCB7-9355-4038-B0FE-6788D01B3A91}\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Beth\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=121
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {860FEF31-05F2-267A-879B-06A2D8D36990} - C:\WINDOWS\system32\qksgl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\system32\spm8274.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll
O2 - BHO: (no name) - {D4180D21-AFA9-C75D-CF5C-CD57D58120A4} - C:\WINDOWS\system32\cxfi.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Jlyov72.exe
O4 - HKLM\..\Run: [Hji9N4] C:\documents and settings\ken\local settings\temp\Hji9N4.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [d18f58bfbb44] C:\WINDOWS\System32\cdfview5.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{EAE1FCB7-9355-4038-B0FE-6788D01B3A91}\SVCHOST.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)
O12 - Plugin for .MTD: C:\Program Files\Internet Explorer\Plugins\npmusicn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://atlclmail02.prgx.com/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27ba5d4a307add692916/netzip/RdxIE2.cab
O16 - DPF: {DBB2DE32-61F1-4F7F-BEB8-A37F5BC24EE2} (MozillaPluginHostCtrl Class) - http://www.musicnotes.com/download/adaptor.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...wave/wtinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #3 on: April 14, 2005, 08:38:05 PM »
Let's get some more cleaning done on your computer

Do another scan with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/index.php?id=11258

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=121

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {860FEF31-05F2-267A-879B-06A2D8D36990} - C:\WINDOWS\system32\qksgl.dll

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\system32\spm8274.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll
O2 - BHO: (no name) - {D4180D21-AFA9-C75D-CF5C-CD57D58120A4} - C:\WINDOWS\system32\cxfi.dll (file missing)

O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [windows auto update] msblast.exe

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Jlyov72.exe
O4 - HKLM\..\Run: [Hji9N4] C:\documents and settings\ken\local settings\temp\Hji9N4.exe

O4 - HKLM\..\Run: [d18f58bfbb44] C:\WINDOWS\System32\cdfview5.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{EAE1FCB7-9355-4038-B0FE-6788D01B3A91}\SVCHOST.EXE

O9 - Extra button: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7240213B-CD6D-4923-BDAA-1DF4367EF4C4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9A9F2025-478A-4CA6-9EA3-E9F6416D36D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACFF7CCD-F768-4B14-898F-8989B686FB62} - (no file) (HKCU)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27ba5d4a307add692916/netzip/RdxIE2.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...wave/wtinst.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

Back in Windows
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete these files or folders if found
C:\WINDOWS\System32\cdfview5.exe <-file
C:\WINDOWS\system32\qksgl.dll
C:\WINDOWS\system32\spm8274.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\SYSTEM\WLDR.DLL

C:\Program Files\Security iGuard <-folder
C:\WINDOWS\system32\Services <-folder

I see you have Spybot installed, what version is it?
Could you also
Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
I know that you have Norton's installed but could you
also do a free online virus scan at Panda's
Let the scan finish
Afterwards save the Incident report
Please use this link to run the online scan
It may be best to temporarily disable Norton's Autoprotect before running the scan
http://www.pandasoftware.com/products/acti...n_principal.htm

Post back a fresh Hijackthis log afterwards, also the Report from Panda's
Let me know if you have any problems afterwards
Did Stinger find anything?
« Last Edit: April 14, 2005, 08:39:22 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline opie

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hijack This Log
« Reply #4 on: April 15, 2005, 05:00:59 PM »
That is much better!  Okay, AdAware did not seem to work right.  It would begin a scan and get stuck at "Peforming Conditional Scans" and would hang.  I let it hang all day and nothing has happened.  Also, couldn't get Panda to download, even after disabling Norton.  Nevertheless, here is my HijackThis log.  Thanks for your help, it looks like we are close to getting everything off!

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:57:52 PM, on 4/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Beth\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .MTD: C:\Program Files\Internet Explorer\Plugins\npmusicn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://atlclmail02.prgx.com/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {DBB2DE32-61F1-4F7F-BEB8-A37F5BC24EE2} (MozillaPluginHostCtrl Class) - http://www.musicnotes.com/download/adaptor.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #5 on: April 16, 2005, 01:09:37 AM »
That's looking better
By the way, good work  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Can you do the following for me please
Check for updates with Ad-Aware
If any updates download them

Restart into safe mode

Before running a full system scan
Uncheck "Search for Neglible Risk entries"

Now try the scan with Ad-Aware

After fixing all Criticals found

Restart back into normal mode

Back in Windows

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

=== Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Run ActiveX controls and plug-ins (Enabled)
o Script ActiveX controls marked safe for scripting (Prompt)

Try the scan at Panda's again, you must use Internet Explorer
Sorry, I see you use Firefox, so do I, but the scan at Panda's needs to install the
Active X control, which is only supported by IE

If Panda won't work for you
Try one at Trend Micro's Housecall>>Set to Autoclean
http://housecall.trendmicro.com/

Post back a fresh Hijackthis log afterwards

Could you also Open Hijackthis>>Open Misc Tools Sections>>Open Host File Manager
Click the "Open In Notepad"
Copy and paste back the whole contents of the Hosts text file
Do this regardless if you can run either online virus scan
« Last Edit: April 16, 2005, 01:11:46 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline opie

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hijack This Log
« Reply #6 on: April 17, 2005, 08:06:06 PM »
Thanks again for all your help.  I still could not get AdAware or either online virus scan to work at all.  With Adaware, after unchecking the options you outline, it still got hung up at "Performing Conditional Scans".  The virus scans would not work either.  Here is the hosts file:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

127.0.0.1       www.f1organizer.com #removed adware url
127.0.0.1       www.netpalnow.com   #removed adware url
127.0.0.1       www.addictivetechnologies.com #removed adware url
127.0.0.1       www.mindseti.com #removed adware url
127.0.0.1       www.mindsetinteractive.com #removed adware url
127.0.0.1  coolwebsearch.com
127.0.0.1  stats.coolwebsearch.com
127.0.0.1  www.coolwebsearch.com #[cws/iefeats]
127.0.0.1  1-se.com #[cws.aboutblank][w32.tuoba.trojan]
127.0.0.1  www.1-se.com #[vbs.startpage.c]
127.0.0.1  1stpagehere.com
127.0.0.1  www.1stpagehere.com
127.0.0.1  www.31234.com #[cws.msconfig]
127.0.0.1  356563.net #[win32.winshow.g]
127.0.0.1  www.356563.net
127.0.0.1  4-counter.com #[cws.winproc32][icanfindit.net]
127.0.0.1  75tz.com #[win32.winshow.g]
127.0.0.1  www.75tz.com
127.0.0.1  8ad.com #[parasite.winshow]
127.0.0.1  www.8ad.com
127.0.0.1  adasearch.com
127.0.0.1  www.adasearch.com
127.0.0.1  adulthyperlinks.com #[parasite.coolwebsearch]
127.0.0.1  www.adulthyperlinks.com
127.0.0.1  acc.count-all.com #[cws.tapicfg]
127.0.0.1  aifind.biz
127.0.0.1  www.aifind.biz #[aifind.cc][troj/startpg-bg]
127.0.0.1  aifind.com
127.0.0.1  www.aifind.com
127.0.0.1  aifind.info #[cws.xmlmimefilter][trojan.bookmarker.b,f]
127.0.0.1  allhyperlinks.com #[cws.dnsrelay]
127.0.0.1  www.allhyperlinks.com #[cws.oslogo][cws.oemsyspnp]
127.0.0.1  alfa-search.com #[cws.alfasearch]
127.0.0.1  www.alfa-search.com
127.0.0.1  allneedsearch.com #[troj_startpage.b][find-itnow.com]
127.0.0.1  approvedlinks.com #[super-spider.com]
127.0.0.1  best-search.info #[cws.smartfinder.2]
127.0.0.1  blanksearch.biz #[cws.jksearch]
127.0.0.1  cashsearch.biz #[cws.jksearch]
127.0.0.1  www.clearsearch.net
127.0.0.1  www.coolfreehost.com
127.0.0.1  coolwebsearch.biz
127.0.0.1  www.crooder.com
127.0.0.1  defaultsearching.com #[cws.sounddrv][searchmeup.com]
127.0.0.1  www.e-finder.cc #[cws.addclass.2][startpage-da]
127.0.0.1  ehttp.cc #[cws.addclass][troj_startpage.d]
127.0.0.1  enjoysearch.info #[cws.xxxvideo]
127.0.0.1  www.enjoysearch.info
127.0.0.1  e-plus.cc #[adware.worldsearch]
127.0.0.1  fastsearch.cc #[cws.tapicfg.2][adware.searchcounter]
127.0.0.1  fast-search.us #[cws.docobj]
127.0.0.1  fastwebfinder.com #[app/fastweb-a][adware.fastwebfinder]
127.0.0.1  www.fastwebfinder.com #[cws.aff.tooncomics.2][search.targetwords.com]
127.0.0.1  findemnow.com
127.0.0.1  www.findemnow.com
127.0.0.1  find-itnow.com #[w32.bizten][cws.alfasearch.2]
127.0.0.1  just.find-itnow.com #[startpage-au]
127.0.0.1  www.find-itnow.com #[w32.hostidel.trojan][troj_hostidel.a]
127.0.0.1  findloss.com #[umaxsearch.com]
127.0.0.1  www.findloss.com
127.0.0.1  find-online.net #[troj_startpag.gy]
127.0.0.1  www.find-online.net
127.0.0.1  firstbookmark.com #[parasite.clientman]
127.0.0.1  www.firstbookmark.com
127.0.0.1  www.geo-traffic.com #[redirects to search.msmn.com]
127.0.0.1  globe-finder.cc #[win32.startpage.n]
127.0.0.1  globe-finder.net #[clearsearch.net]
127.0.0.1  www.globe-finder.net
127.0.0.1  global-finder.com #[cws.msinfo]
127.0.0.1  www.global-finder.com
127.0.0.1  gonnasearch.com #[cws.gonnasearch]
127.0.0.1  www.gonnasearch.com #[supaseek.com]
127.0.0.1  greatsearch.biz #[cws.jksearch]
127.0.0.1  greg-search.com #[trojandropper.win32.small.cw]
127.0.0.1  www.greg-search.com
127.0.0.1  hotbookmark.com #[troj/iestart-f]
127.0.0.1  www.hotbookmark.com
127.0.0.1  idgsearch.com #[googlems search helper][cws.googlems]
127.0.0.1  www.idgsearch.com #[trojan.digits]
127.0.0.1  icansearch.net
127.0.0.1  www.icansearch.net
127.0.0.1  ie-search.com #[cws.loadbat][umaxsearch.com]
127.0.0.1  www.ie-search.com
127.0.0.1  iefeadsl.com #[win32.winshow.g]
127.0.0.1  jksearch.biz #[cws.jksearch][startpage-dc]
127.0.0.1  lookfor.cc #[troj_iefeats.a]
127.0.0.1  www.lookfor.cc
127.0.0.1  luckysearch.net #[cws.tapicfg]
127.0.0.1  www.luckysearch.net
127.0.0.1  lustler.com
127.0.0.1  www.lustler.com
127.0.0.1  madfinder.com #[backdoor.madfind][madfinder]
127.0.0.1  www.madfinder.com #[cws.aff.madfinder][downloader-eu]
127.0.0.1  martfinder.com #[adware.startpage][troj/startpa-gh]
127.0.0.1  www.martfinder.com
127.0.0.1  404.msmn.com
127.0.0.1  search.msmn.com
127.0.0.1  gotosearch.msmn.com
127.0.0.1  bjvvhk.t.muxa.cc #[adware.raxums][random sub-domains]
127.0.0.1  myexexex.com #[cws.jsconsole]
127.0.0.1  www.myexexex.com
127.0.0.1  ntsearch.com
127.0.0.1  www.ntsearch.com #[trojan.win32.spooner.d][adware-nsearch]
127.0.0.1  omega-search.com #[cws.olehelp][trojan.bookmarker.d]
127.0.0.1  best.omega-search.com
127.0.0.1  www.omega-search.com
127.0.0.1  payfortraffic.net #[cws.dnsrelay.3][cws.msole]
127.0.0.1  www.payfortraffic.net
127.0.0.1  power-search.info #[trojan.bookmarker.g]
127.0.0.1  www.power-search.info
127.0.0.1  real-yellow-page.com #[cws.realyellowpage]
127.0.0.1  rightfinder.net #[cws.addclass.2]
127.0.0.1  www.rightfinder.net #[troj/startpg-ay]
127.0.0.1  riviera.cc
127.0.0.1  opti.riviera.cc
127.0.0.1  runsearch.com #[cws.mupdate]
127.0.0.1  www.runsearch.com
127.0.0.1  searchcentral.cc
127.0.0.1  searchdesire.com
127.0.0.1  search-dot.com #[cws.systeminit][adware.searchdot]
127.0.0.1  www.search-dot.com
127.0.0.1  searchx.cc #[cws.searchx][trojan.win32.startpage.fw]
127.0.0.1  searchpage.cc
127.0.0.1  search-town.net #[riviera.cc]
127.0.0.1  slawsearch.com #[cws.svchost32]
127.0.0.1  www.slawsearch.com #[cws.ctfmon32]
127.0.0.1  solongas.com #[cws.hputi]
127.0.0.1  start-space.com #[cws.qttasks]
127.0.0.1  www.start-space.com #[search-space.com][navext]
127.0.0.1  supersearch.com
127.0.0.1  www.supersearch.com #[cws.msoffice.3]
127.0.0.1  super-spider.com #[cws.control][troj_krepper.i]
127.0.0.1  tadstore.cc #[cws.addclass.2][rightfinder.net]
127.0.0.1  t.rack.cc #[troj_seeker.b]
127.0.0.1  roquvp.t.rack.cc
127.0.0.1  thebestse.com #[searchmeup.com]
127.0.0.1  www.thebestse.com
127.0.0.1  the-exit.com
127.0.0.1  www.the-exit.com
127.0.0.1  www.the-huns-yellow-pages.com
127.0.0.1  search.thestex.com #[cws.yexe]
127.0.0.1  topfivesearch.com
127.0.0.1  www.topfivesearch.com
127.0.0.1  toteen.com #[trojan.bookmarker.g]
127.0.0.1  out.true-counter.com #[trojan.bootconf][cws.msinfo]
127.0.0.1  true-counter.com #[trojan.slog]
127.0.0.1  www.true-counter.com
127.0.0.1  in.webcounter.cc #[cws.tapicfg.2][adware.searchcounter]
127.0.0.1  www.wholeworldmarket.com #[cws.systeminit.2]
127.0.0.1  www.windowws.cc #[cws.control][search2004.net]
127.0.0.1  world-search.biz #[adware.worldsearch][e-plus.cc]
127.0.0.1  yellow-pages.ws #[searchmeup.com]
127.0.0.1  adult.yellow-pages.ws
127.0.0.1  search.yellow-pages.ws
127.0.0.1  www.yellow500.com #[troj/iestart-f]
127.0.0.1  www.yopta.info #[trojan.bookmarker.c][smart-finder.biz]
127.0.0.1  www.youfindall.com #[cws.aff.winshow]
127.0.0.1  www.your-search.info #[trojan.bookmarker.gen][cws.systeminit]
127.0.0.1  xwebsearch.biz #[cws.svcinit][cws.dreplace][backdoor.sinit
127.0.0.1  search-1.net
127.0.0.1  search-about.net
127.0.0.1  www.search-about.net
127.0.0.1  search-aid.com
127.0.0.1  www.search-aid.com #[coolwebsearch.iefeatsl]
127.0.0.1  search-click.com
127.0.0.1  www.search-click.com
127.0.0.1  search-company.com
127.0.0.1  www.search-company.com
127.0.0.1  search-direct.net
127.0.0.1  www.search-direct.net
127.0.0.1  www.search-and-find.net

127.0.0.1  audioseek.net
127.0.0.1  www.audioseek.net
127.0.0.1  conspy.com
127.0.0.1  conf.conspy.com
127.0.0.1  www.conspy.com
127.0.0.1  searchmyrequest.com #[startpage-bs]
127.0.0.1  conf.searchmyrequest.com #[cws.therealsearch.2]
127.0.0.1  therealsearch.com #[cws.therealsearch]
127.0.0.1  conf.therealsearch.com
127.0.0.1  www.therealsearch.com #[fastwebfinder.com][trojan.realsrch.a]
127.0.0.1  any-find.com
127.0.0.1  www.any-find.com
127.0.0.1  bizonio.com
127.0.0.1  www.bizonio.com
127.0.0.1  dubolom.com
127.0.0.1  www.dubolom.com
127.0.0.1  find4u.net #[cws.ieengine]
127.0.0.1  pilot.find4u.net
127.0.0.1  www.find4u.net
127.0.0.1  free-spy-cam.net
127.0.0.1  getthis4free.com
127.0.0.1  www.getthis4free.com
127.0.0.1  terra.hbison.com
127.0.0.1  hcworld.com
127.0.0.1  free.hcworld.com
127.0.0.1  terra.hcworld.com
127.0.0.1  klounada.com
127.0.0.1  www.klounada.com
127.0.0.1  mypoiskovik.com
127.0.0.1  www.mypoiskovik.com
127.0.0.1  topotun.com #[adware.topotun]
127.0.0.1  www.topotun.com
127.0.0.1  web-cams-chat.com
127.0.0.1  your-searcher.com #[cws.ieengine]
127.0.0.1  activexupdate.com #[cws.oemsyspnp]
127.0.0.1  www.activexupdate.com
127.0.0.1  adult-friends-finder.net
127.0.0.1  coolsearcher.info #[coolsearcher toolbar]
127.0.0.1  www.coolsearcher.info
127.0.0.1  www.coolwebsearch.org
127.0.0.1  fdadfswr.com #[adware.freecomm]
127.0.0.1  www.fdadfswr.com
127.0.0.1  www.netcross.cz #[netcross.cz toolbar]
127.0.0.1  searchcomplete.com #[adware.yellowpages]
127.0.0.1  www.searchcomplete.com
127.0.0.1  searchforge.com
127.0.0.1  ie.searchforge.com #[cws.oemsyspnp.3]
127.0.0.1  www.searchforge.com
127.0.0.1  coolpage.cc #[cws.realyellowpage]
127.0.0.1  ww11.coolpage.cc
127.0.0.1  here4search.com #[downloader.tooncom][cws.aff.tooncomics]
127.0.0.1  www.here4search.com
127.0.0.1  hugesearch.net #[cws.msoffice.3]
127.0.0.1  www.hugesearch.net
127.0.0.1  icanfindit.net
127.0.0.1  www.icanfindit.net #[cws.winproc32]
127.0.0.1  list2004.com #[cws.realyellowpage]
127.0.0.1  linklist.cc #[cws.realyellowpage][adware.raxums][coolpage.cc]
127.0.0.1  ww9.linklist.cc
127.0.0.1  www.linklist.cc
127.0.0.1  my-find.com
127.0.0.1  www.my-find.com
127.0.0.1  royalsearch.net
127.0.0.1  www.royalsearch.net #[vbs.bootconf][cws.msoffice.2]
127.0.0.1  www.search-and-go.com
127.0.0.1  searchdot.net #[cws.msoffice]
127.0.0.1  www.searchdot.net
127.0.0.1  searchmeup.com #[cws.svcinit.3]
127.0.0.1  www.searchmeup.com
127.0.0.1  searchmeup.net
127.0.0.1  www.searchmeup.net
127.0.0.1  thesten.com #[cws.aff.winshow.3]
127.0.0.1  umaxsearch.com #[troj_esepor.a][cws.xplugin]
127.0.0.1  affiliates.umaxsearch.com
127.0.0.1  www.umaxsearch.com
127.0.0.1  uni-dialer.com
127.0.0.1  www.uni-dialer.com
127.0.0.1  00hq.com #[adware.winshow][parasite.winshow]
127.0.0.1  www.00hq.com
127.0.0.1  008k.com
127.0.0.1  www.008k.com
127.0.0.1  008i.com
127.0.0.1  www.008i.com
127.0.0.1  opsex.com
127.0.0.1  www.opsex.com
127.0.0.1  searchv.com #[troj_startpage.u][cws.mupdate]
127.0.0.1  www.searchv.com #[cws.bootconf][searchv.winshow]
127.0.0.1  searchxp.com #[cws.bootconf]
127.0.0.1  www.searchxp.com
127.0.0.1  v61.com #[win32.winshow.g]
127.0.0.1  www.v61.com
127.0.0.1  windowupdate.ws #[cws.aboutblank]
127.0.0.1  winshow.biz
127.0.0.1  www.winshow.biz
127.0.0.1  freescratchandwin.com #[parasite.freescratchandwin]
127.0.0.1  www.freescratchandwin.com
127.0.0.1  free-scratch-cards.com
127.0.0.1  www.free-scratch-cards.com
127.0.0.1  fsc2k.com
127.0.0.1  www.fsc2k.com
127.0.0.1  newtopsites.com
127.0.0.1  servedby.newtopsites.com
127.0.0.1  www.newtopsites.com
127.0.0.1  2nd-thought.com #[parasite.pugi][trojan.win32.secondthought.c]
127.0.0.1  www.2nd-thought.com #[adw_secthought.a][adware.secondthought]
127.0.0.1  xzoomy.com #[freescratchandwin]
127.0.0.1  www.xzoomy.com
127.0.0.1  commonname.com
127.0.0.1  www.commonname.com
127.0.0.1  commonnames.com
127.0.0.1  www.commonnames.com
127.0.0.1  xpsn.com
127.0.0.1  www.xpsn.com
127.0.0.1  info.browserdirect.net
127.0.0.1  search.findsall.info
127.0.0.1  find.greatsearch.info
127.0.0.1  result.goodsearch.info
127.0.0.1  www.esearchandfind.org
127.0.0.1  hit.lookupanything.biz #[qsrch.net]
127.0.0.1  www.new.chat.new.net
127.0.0.1  eps.new.search.new.net
127.0.0.1  client.newdotnet.net
127.0.0.1  upgrade.newdotnet.net
127.0.0.1  www.newdotnet.com
127.0.0.1  www.new.net #[adware.ndotnet]
127.0.0.1  www.onestepsearch.net
127.0.0.1  www.onestepsearch.biz
127.0.0.1  www.qsrch.net
127.0.0.1  bgw.qsrch.com
127.0.0.1  moniker.qsrch.com
127.0.0.1  newnet.qsrch.com
127.0.0.1  regfly.qsrch.com
127.0.0.1  rg.qsrch.com
127.0.0.1  worldwide.qsrch.com
127.0.0.1  www.qsrch.com
127.0.0.1  data.quicksearches.net
127.0.0.1  www.mysearchnet.org
127.0.0.1  web.yoursearchfinder.com
127.0.0.1  windowpatch.info
127.0.0.1  windowpatch.net
127.0.0.1  delfinproject.com
127.0.0.1  content.delfinproject.com
127.0.0.1  mm.delfinproject.com #[delfin media viewer]
127.0.0.1  www.delfinproject.com #[promulgate][kb811270]
127.0.0.1  pgate-basic.com #[pgate-basic]
127.0.0.1  www.pgate-basic.com
127.0.0.1  centralmedia.ws #[flashlightsearch.com]
127.0.0.1  ads.centralmedia.ws
127.0.0.1  c.centralmedia.ws
127.0.0.1  www.centralmedia.ws
127.0.0.1  memorymeter.com #[adware-tvelocity][totalvelocity.memorymeter]
127.0.0.1  www.memorymeter.com
127.0.0.1  totalvelocity.com #[tv t-media display]
127.0.0.1  www.totalvelocity.com
127.0.0.1  zsearchtoolbar.com
127.0.0.1  www.zsearchtoolbar.com
127.0.0.1  bluehavenmedia.com
127.0.0.1  www.bluehavenmedia.com
127.0.0.1  download.bulletproofsoft.com
127.0.0.1  www.bulletproofsoft.com
127.0.0.1  bigbrother.gigatechsoftware.com
127.0.0.1  download.gigatechsoftware.com
127.0.0.1  www.gigatechsoftware.com
127.0.0.1  www.greasycow.com
127.0.0.1  www.nuker.com #[netsource101]
127.0.0.1  www.no-pops.com
127.0.0.1  nopop.net
127.0.0.1  www.nopop.net
127.0.0.1  www.trekblue.com
127.0.0.1  crossroad.trekdata.com
127.0.0.1  1ad2srvr-cpt-v1.com
127.0.0.1  www.srv2cpt.com
127.0.0.1  www.spywarenuker.com #[adware.spywarenuker]
127.0.0.1  twistedhumor.com #[parasite.cometcursor/toolbar]
127.0.0.1  www.twistedhumor.com
127.0.0.1  www.crazydrinks.com
127.0.0.1  www.em5000.com
127.0.0.1  www.rankyou.com
127.0.0.1  www.wayweird.com
127.0.0.1  www.newtonknows.com #[newton knows.bar]
127.0.0.1  virtumundo.com
127.0.0.1  ads3.virtumundo.com
127.0.0.1  ads4.virtumundo.com
127.0.0.1  dyn.virtumundo.com
127.0.0.1  pchi-vtrk.virtumundo.com
127.0.0.1  updates.desktop.virtumundo.com #[targetsoft.inetadpt]
127.0.0.1  vtrack.virtumundo.com
127.0.0.1  www.virtumundo.com
127.0.0.1  www.webhancer.com
127.0.0.1  a1.webhancer.com
127.0.0.1  d.webhancer.com
127.0.0.1  a1.webhancer.com
127.0.0.1  d2.webhancer.com
127.0.0.1  d3.webhancer.com
127.0.0.1  download.webhancer.com
127.0.0.1  prime.webhancer.com
127.0.0.1  reports.webhancer.com
127.0.0.1  server.webhancer.com
127.0.0.1  update.webhancer.com
127.0.0.1  b1-v2-bell.webhancer.com
127.0.0.1  vr1-v1.webhancer.com
127.0.0.1  vws-1.webhancer.com
127.0.0.1  www.realenduser.com
127.0.0.1  www.aadcom.com
127.0.0.1  addictivetechnologies.net
127.0.0.1  www.addictivetechnologies.net #[favoriteman]
127.0.0.1  www.acustat.com
127.0.0.1  www.mindsetinteractive.com
127.0.0.1  mindseti.com #[parasite.transponder]
127.0.0.1  www.mindseti.com
127.0.0.1  netpalnow.com #[adware.netpal]
127.0.0.1  www.netpalnow.com
127.0.0.1  netpaloffers.net #[parasite.netpal]
127.0.0.1  www.netpaloffers.net
127.0.0.1  look2me.com #[spyware.look2me]
127.0.0.1  www.look2me.com #[trojan.loome][download.look2me]
127.0.0.1  www.look2me2.com
127.0.0.1  www.lovetraffic.com
127.0.0.1  nictechnetworks.com
127.0.0.1  www.nictechnetworks.com
127.0.0.1  similarsingles.com
127.0.0.1  www.similarsingles.com
127.0.0.1  zestyfind.com #[adtomi.yahoostocks][adware.adtomi]
127.0.0.1  www.zestyfind.com #[adware.zestyfind]
127.0.0.1  datastorm.biz
127.0.0.1  ipend.datastorm.biz #[parasite.clientman]
127.0.0.1  www.datastorm.biz
127.0.0.1  kazanon.com #[kazanon]
127.0.0.1  www.kazanon.com
127.0.0.1  omi-update.net
127.0.0.1  www.omi-update.net #[adware.omi]
127.0.0.1  messagebroadcaster.net #[messenger pop-up scam]
127.0.0.1  www.messagebroadcaster.net
127.0.0.1  netpopup.net #[messenger pop-up scam]
127.0.0.1  www.netpopup.net
127.0.0.1  odysseusmarketing.com
127.0.0.1  www.odysseusmarketing.com
127.0.0.1  searchassistant.net
127.0.0.1  alpha.searchassistant.net #[7search.com]
127.0.0.1  beta.searchassistant.net #[goclick.com]
127.0.0.1  cassandra.searchassistant.net
127.0.0.1  epsilon.searchassistant.net #[goclick.com]
127.0.0.1  www.searchassistant.net
127.0.0.1  www.unitedvending.net #[affiliate]
127.0.0.1  www.world-portal.com
127.0.0.1  ads.vx2.cc
127.0.0.1  download.vx2.cc
127.0.0.1  internal.vx2.cc
127.0.0.1  mail.vx2.cc
127.0.0.1  transctl.vx2.cc
127.0.0.1  transctl-dev.vx2.cc
127.0.0.1  ns1.vx2.cc
127.0.0.1  ns2.vx2.cc
127.0.0.1  z1.vx2.cc
127.0.0.1  www.vx2.cc #[parasite.transponder]
127.0.0.1  sputnik.vx2.cc
127.0.0.1  abetterinternet.com #[downloader.stubby.a]
127.0.0.1  belt.abetterinternet.com
127.0.0.1  c.abetterinternet.com #[adware-betterinet application]
127.0.0.1  download.abetterinternet.com #[adware.stoppopupadsnow]
127.0.0.1  download2.abetterinternet.com #[parasite.transponder]
127.0.0.1  s.abetterinternet.com
127.0.0.1  thinstall.abetterinternet.com
127.0.0.1  www.abetterinternet.com
127.0.0.1  cleangetaway.biz #[abetterinternet.d]
127.0.0.1  www.cleangetaway.biz
127.0.0.1  msview.cc #[parasite.transponder]
127.0.0.1  www.msview.cc
127.0.0.1  mypanicbutton.com #[abetterinternet.c]
127.0.0.1  stop-popup-ads-now.com #[parasite.transponder]
127.0.0.1  cr.stop-popup-ads-now.com
127.0.0.1  update.stop-popup-ads-now.com
127.0.0.1  www.stop-popup-ads-now.com #[adware.binet]
127.0.0.1  www.tps108.org #[parasite.transponder]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #7 on: April 17, 2005, 08:13:59 PM »
Did you purposely add a custom host file?

When you tried the scan at Housecall's and Panda's did you use Internet Explorer?
Don't use Firefox

Lavasoft forums seems to be down right now
I'll check back there later

Run Windows CleanUp! that you installed earlier, don't worry about logging off right now

Can you open Ad-Aware and check for updates

Perform a full system scan
Again ensure that "Search for Negligible risk entries is unchecked"
Start the scan, if you are finding Critical Objects
and get to about 30 objects found>>Cancel the scan and fix those 30 Critical objects found
Restart the computer
Run Ad-aware again
At 30 objects, stop the scan and fix the Criticals and restart

Continue this procedure until all are fixed
Let me know if that helps
« Last Edit: April 18, 2005, 12:09:35 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline opie

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Hijack This Log
« Reply #8 on: April 18, 2005, 08:22:39 PM »
That worked!  Finally got AdAware to run.  

I have never fooled around with the hosts file on this pc, so I don't know how it could have been altered.  Also, I ran the two virus programs from IE, but could not get either to run.

Thanks for all of your help, making a donation now...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #9 on: April 18, 2005, 09:39:34 PM »
Could you do the following for me please

Download Hoster from This link
Unzip The contents to a folder

Open the folder and open HOSTER and click the
Restore Original Hosts

Afterwards, with IE try running the scan at either Panda's or Housecall's
If you can run it save the log and post it back here with a fresh Hijackthis log

Oh, and thanks for the donation offer  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

RYAn Daniels

  • Guest
Hijack This Log
« Reply #10 on: April 27, 2005, 07:59:18 PM »
~Log Removed--guestolo~

Please, Read This
« Last Edit: April 27, 2005, 08:04:44 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hijack This Log
« Reply #11 on: April 27, 2005, 08:12:03 PM »
Locking this thread as the original poster has not responded back

If the original poster needs it reopened
Please PM a Mod or the site admin and supply a link to this thread
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »