Homepage hijacked - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Homepage hijacked

  1. #21
    Junior Member
    Join Date
    Jul 2004
    Posts
    14
    im not sure so im just going to post a new log anyway. haha. is that cool? thanks soo much you guys. here it is:


    Logfile of HijackThis v1.98.0
    Scan saved at 4:12:49 PM, on 7/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\sysud.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\WINDOWS\system32\ipzu.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloaded Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = no
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgeae.dll/sp.html#27063
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lgeae.dll/index.html#27063
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lgeae.dll/index.html#27063
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lgeae.dll/sp.html#27063
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgeae.dll/sp.html#27063
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lgeae.dll/index.html#27063
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - C:\WINDOWS\crqt32.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [sysud.exe] C:\WINDOWS\sysud.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
    O4 - HKLM\..\RunOnce: [ipzu.exe] C:\WINDOWS\system32\ipzu.exe
    O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\d3bd.exe
    O4 - HKLM\..\RunOnce: [crba.exe] C:\WINDOWS\system32\crba.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...6/sdcregie.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...p/RdxIE601.cab
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802

  2. #22
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Ok, here we go again

    Download About:Buster by Rubber Ducky.

    Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button.


    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - C:\WINDOWS\crqt32.dll
    O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\RunOnce: [ipzu.exe] C:\WINDOWS\system32\ipzu.exe
    O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\d3bd.exe
    O4 - HKLM\..\RunOnce: [crba.exe] C:\WINDOWS\system32\crba.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10f...ip/RdxIE601.cab



    Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!!

    Run AboutBuster.exe, click ok, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log.

    Reboot and post a new HijackThis log along with the two reports from About:Buster.

    This fix is a little simpler, but it will take care of the service you were having problems finding.

  3. #23
    Junior Member
    Join Date
    Jul 2004
    Posts
    14
    First About:Buster Log

    -- Scan 1 --------
    About:Buster Version 1.27
    Error Removing! : C:\WINDOWS\atlvs.dll
    Removed! : C:\WINDOWS\auyyb.dll
    Removed! : C:\WINDOWS\bsugr.dll
    Removed! : C:\WINDOWS\crqt32.dll
    Removed! : C:\WINDOWS\dygmq.dat
    Removed! : C:\WINDOWS\edixd.dat
    Removed! : C:\WINDOWS\erlgb.dll
    Removed! : C:\WINDOWS\fewdq.dat
    Removed! : C:\WINDOWS\fonrn.dat
    Removed! : C:\WINDOWS\hxsxdf.dat
    Removed! : C:\WINDOWS\ialuqm.dat
    Removed! : C:\WINDOWS\imeswb.dat
    Removed! : C:\WINDOWS\jjmct.dat
    Removed! : C:\WINDOWS\jpopjh.dat
    Removed! : C:\WINDOWS\kfgjgi.dat
    Removed! : C:\WINDOWS\kuums.dat
    Removed! : C:\WINDOWS\lgeae.dll
    Removed! : C:\WINDOWS\lizfto.dat
    Removed! : C:\WINDOWS\lpnjfn.dat
    Removed! : C:\WINDOWS\msffsu.dat
    Removed! : C:\WINDOWS\qxipnw.dat
    Removed! : C:\WINDOWS\saalid.dat
    Removed! : C:\WINDOWS\slaov.dat
    Removed! : C:\WINDOWS\stgfk.dat
    Removed! : C:\WINDOWS\stvmk.dat
    Error Removing! : C:\WINDOWS\sysud.exe
    Removed! : C:\WINDOWS\unbps.dat
    Removed! : C:\WINDOWS\voewh.dll
    Removed! : C:\WINDOWS\zctwq.dat
    Removed! : C:\WINDOWS\zpkke.dat
    Removed! : C:\WINDOWS\System32\ahpmg.dat
    Removed! : C:\WINDOWS\System32\cgbkg.dat
    Removed! : C:\WINDOWS\System32\eaehd.dat
    Removed! : C:\WINDOWS\System32\ipzu.exe
    Removed! : C:\WINDOWS\System32\ktred.dat
    Removed! : C:\WINDOWS\System32\lnzgc.dat
    Removed! : C:\WINDOWS\System32\nenej.dat
    Removed! : C:\WINDOWS\System32\phrjm.dat
    Removed! : C:\WINDOWS\System32\qlbfh.dat
    Removed! : C:\WINDOWS\System32\tllav.dat
    Removed! : C:\WINDOWS\System32\udwvi.dat
    Error Removing! : C:\WINDOWS\System32\winmt.dll
    Removed! : C:\WINDOWS\System32\zrnco.dat
    Attempted Clean Of Temp folder.
    Removed Uninstall Key (HSA)
    Removed Uninstall Key (SE)
    Removed Uninstall Key (SW)
    Pages Reset... Done!

    Second About:Buster Log

    -- Scan 1 --------
    About:Buster Version 1.27
    Error Removing! : C:\WINDOWS\atlvs.dll
    Removed! : C:\WINDOWS\auyyb.dll
    Removed! : C:\WINDOWS\bsugr.dll
    Removed! : C:\WINDOWS\crqt32.dll
    Removed! : C:\WINDOWS\dygmq.dat
    Removed! : C:\WINDOWS\edixd.dat
    Removed! : C:\WINDOWS\erlgb.dll
    Removed! : C:\WINDOWS\fewdq.dat
    Removed! : C:\WINDOWS\fonrn.dat
    Removed! : C:\WINDOWS\hxsxdf.dat
    Removed! : C:\WINDOWS\ialuqm.dat
    Removed! : C:\WINDOWS\imeswb.dat
    Removed! : C:\WINDOWS\jjmct.dat
    Removed! : C:\WINDOWS\jpopjh.dat
    Removed! : C:\WINDOWS\kfgjgi.dat
    Removed! : C:\WINDOWS\kuums.dat
    Removed! : C:\WINDOWS\lgeae.dll
    Removed! : C:\WINDOWS\lizfto.dat
    Removed! : C:\WINDOWS\lpnjfn.dat
    Removed! : C:\WINDOWS\msffsu.dat
    Removed! : C:\WINDOWS\qxipnw.dat
    Removed! : C:\WINDOWS\saalid.dat
    Removed! : C:\WINDOWS\slaov.dat
    Removed! : C:\WINDOWS\stgfk.dat
    Removed! : C:\WINDOWS\stvmk.dat
    Error Removing! : C:\WINDOWS\sysud.exe
    Removed! : C:\WINDOWS\unbps.dat
    Removed! : C:\WINDOWS\voewh.dll
    Removed! : C:\WINDOWS\zctwq.dat
    Removed! : C:\WINDOWS\zpkke.dat
    Removed! : C:\WINDOWS\System32\ahpmg.dat
    Removed! : C:\WINDOWS\System32\cgbkg.dat
    Removed! : C:\WINDOWS\System32\eaehd.dat
    Removed! : C:\WINDOWS\System32\ipzu.exe
    Removed! : C:\WINDOWS\System32\ktred.dat
    Removed! : C:\WINDOWS\System32\lnzgc.dat
    Removed! : C:\WINDOWS\System32\nenej.dat
    Removed! : C:\WINDOWS\System32\phrjm.dat
    Removed! : C:\WINDOWS\System32\qlbfh.dat
    Removed! : C:\WINDOWS\System32\tllav.dat
    Removed! : C:\WINDOWS\System32\udwvi.dat
    Error Removing! : C:\WINDOWS\System32\winmt.dll
    Removed! : C:\WINDOWS\System32\zrnco.dat
    Attempted Clean Of Temp folder.
    Removed Uninstall Key (HSA)
    Removed Uninstall Key (SE)
    Removed Uninstall Key (SW)
    Pages Reset... Done!

    -- Scan 2 --------
    About:Buster Version 1.27
    Error Removing! : C:\WINDOWS\atlvs.dll
    Removed! : C:\WINDOWS\sysud.exe
    Removed! : C:\WINDOWS\System32\msfr32.dll
    Error Removing! : C:\WINDOWS\System32\winmt.dll
    Attempted Clean Of Temp folder.
    Pages Reset... Done!

    HijackThis After About:Buster

    Logfile of HijackThis v1.98.0
    Scan saved at 5:28:06 PM, on 7/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Downloaded Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = no
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: (no name) - {01761BE6-257C-4823-20B6-25AAC2D21D2B} - C:\WINDOWS\system32\msfr32.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...6/sdcregie.cab
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802

  4. #24
    Junior Member
    Join Date
    Jul 2004
    Posts
    14
    whoa. dude. is it fixed? my homepage is Google now!

  5. #25
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Whoa!! You had a bunch of infected files...

    Fix the following lines with HJT:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = no
    O2 - BHO: (no name) - {01761BE6-257C-4823-20B6-25AAC2D21D2B} - C:\WINDOWS\system32\msfr32.dll (file missing)
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"


    Hopefully you are clean after that...funny more files didn't show up in your running processes though.

    I'll keep my fingers crossed. BTW, get some protection on that thing.

  6. #26
    Junior Member
    Join Date
    Jul 2004
    Posts
    14
    ok i fixed those problems. what do u mean by protection?

  7. #27
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    regprot, spywareblaster, a-squared,winpatrol, IEspyad, sygate..

    Just having an AV isn't enough to do it anymore. I'd hate to see you get reinfected again.

  8. #28
    Junior Member
    Join Date
    Jul 2004
    Posts
    14
    haha thanks Doc! thank you sooo much for all of your help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides