MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Adware, spyware, browser hijack? Please help
November 13, 2019, 03:01:47 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 03:01:47 PM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Adware, spyware, browser hijack? Please help  (Read 1155 times)
darlenetotten
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« on: July 31, 2004, 05:29:37 AM »

Hello,

I would greatly appreciate help.  I've had a lot of problems with adware, spyware and browser hijacking.  I downloaded Spybot S&D as well as Ad-aware and that seemed to get rid of most of the problem, however not all of it.  Here is my my scan from HijackThis. I've deleted O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s33.dll
 but nothing else.  Is there anything else I should delete?

Thank you!


Logfile of HijackThis v1.98.0
Scan saved at 1:09:49 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\aftoah.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\default\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-all.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-all.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-all.net/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-all.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://search-all.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://riviera.cc (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s33.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s33.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DKBEHLOR] C:\WINDOWS\DKBEHLOR.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [dbsojhycmhd] C:\WINDOWS\System32\aftoah.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3CA0DB8-595C-4B24-9703-080851D2FCA9}: NameServer = 206.47.244.110 206.47.244.133

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 31, 2004, 05:43:18 AM »

Download and extract to desktop CWShredder
http://www.majorgeeks.com/download4086.html
Disconnect from the NET
With only CWsredder open let it FIX all problems
RESTART your computer and post back a fresh hijackthis log
Logged

 
darlenetotten
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: July 31, 2004, 06:08:23 AM »

Thanks for your quick reply.

I did what you suggested.  The only question CW Shredder had was regarding C://WINDOWS\conscorr.exe

It didn't know if this filename was random (and neither did I) so I didn't delete it.

It did delete about 12 items, however when I just logged on to IE I got another pop up window along with my homepage.  Any additional advice is appreciated!


Logfile of HijackThis v1.98.0
Scan saved at 2:04:05 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\aftoah.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\default\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s33.dll (file missing)
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DKBEHLOR] C:\WINDOWS\DKBEHLOR.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [dbsojhycmhd] C:\WINDOWS\System32\aftoah.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 31, 2004, 06:14:36 AM »

RESTART your Computer in SAFE MODE

Run CWShredder again and let if FIX ALL problems and restart in
normal mode
Open Ad-Aware---CHECK FOR UPDATES

Set these additional options for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART again
Post back with a fresh hijackthis log
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 06, 2018, 10:16:31 AM