MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: website viewer issues
December 06, 2019, 06:38:42 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 06, 2019, 06:38:42 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: website viewer issues  (Read 4311 times)
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« on: October 21, 2004, 03:59:12 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



windows xp

I cannot delete website viewer, which has taken over my homepage and causes some free xxx to pop up all the time on my desktop. The computer directs me to this website 213.159.and so on. I am unable to download adaware, however I do have spot and destroy and that isnt working either. please help me someone!!!!!!!!!!
Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: October 21, 2004, 04:11:46 AM »

Would you please download Hijackthis 1.98.2---Important---Create a permanent folder for hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important

Additionally, when you post back with the hijackthis log

Could you also open Hijackthis>>>>Config>>>Misc Tools>>>Open Hosts File Manager
Click the button "Open in Notepad"
Copy and paste the Whole contents of that new text window too, thanks
Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #2 on: October 21, 2004, 04:13:27 AM »

By the way, here is my log for Website viewer problems, maiabon



Logfile of HijackThis v1.98.2
Scan saved at 12:10:23 AM, on 10/21/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\NEW\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\NEW\System32\zpfujj.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\NEW\System32\systime.exe
C:\NEW\System32\msrexe.exe
C:\NEW\System32\lexpps.exe
C:\NEW\System32\systime.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NEW\system32\rundll32.exe
c:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maia Garcia\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\NEW\mxTarget.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\NEW\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1.NEW\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6BF9305D-E34D-7F95-8757-165505F27E40} - C:\NEW\System32\zdhxhi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\NEW\questmod.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: (no name) - {988013BE-7AB7-48f4-992E-44C309D65A48} - C:\NEW\System32\nlsman.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [aguhjvkn] C:\NEW\System32\zpfujj.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKLM\..\Run: [System Service] C:\NEW\System32\msrexe.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\NEW\wupdt.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv124/x.chm::/load.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/399.chm::/file.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: October 21, 2004, 04:16:55 AM »

Can you read the instructions to make a permanent folder for hijackthis

It's important to save it in a permanent folder as backups will be stored there
Redownload hijackthis and post back a fresh log
and let me see that info from Hosts file manager in hijackthis

Try this link
Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back a new hijackthis log AFTER you run Ad-Aware if possible
Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #4 on: October 21, 2004, 04:18:09 AM »

ok I tried to do open hosts file manager but there was no host
Logged

maia
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #5 on: October 21, 2004, 04:25:50 AM »

Logfile of HijackThis v1.98.2
Scan saved at 12:23:59 AM, on 10/21/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\NEW\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\NEW\System32\zpfujj.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\NEW\System32\systime.exe
C:\NEW\System32\msrexe.exe
C:\NEW\System32\lexpps.exe
C:\NEW\System32\systime.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NEW\system32\rundll32.exe
c:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maia Garcia\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\NEW\mxTarget.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\NEW\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1.NEW\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6BF9305D-E34D-7F95-8757-165505F27E40} - C:\NEW\System32\zdhxhi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\NEW\questmod.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: (no name) - {988013BE-7AB7-48f4-992E-44C309D65A48} - C:\NEW\System32\nlsman.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [aguhjvkn] C:\NEW\System32\zpfujj.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKLM\..\Run: [System Service] C:\NEW\System32\msrexe.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\NEW\wupdt.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv124/x.chm::/load.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/399.chm::/file.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: October 21, 2004, 04:43:25 AM »

READ EVERYTHING I AM POSTING TO YOU AND RESPOND WITH APPROPRIATE INFORMATION

No.1---Go back and redownload Hijackthis---SAVE TO A PERMANENT FOLDER
Choose SAVE TO DISK rather than OPEN when downloading from the links I supplied

NO.2-- Did you try downloading and running Ad-Aware from that link I supplied?

No.3--Access your Add/Remove Programs via Control Panel and Remove if found
TV MEDIA

RESTART your computer if you removed it

No.4 Open Spybot---Click on HELP>>>ABOUT>>>
Let me know Spybot version and Latest Detection Update date

No.5 Post back with a Fresh hijackthis log, make sure you save hijackthis to a Permanent folder



Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #7 on: October 21, 2004, 04:25:20 PM »

i couldnt download adaware. My spot/destroy is version 1.3 with the latest update 10-14-2004. i couldnt find tv media in control panel. i keep saving hijack this to a perm folder and it automat goes to a temp folder!!!!!!!!!! please help. ive saved it to c/ drive 3 times.
Logfile of HijackThis v1.98.2
Scan saved at 12:23:43 PM, on 10/21/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\NEW\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\NEW\Explorer.EXE
C:\NEW\System32\wuauclt.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\NEW\System32\systime.exe
C:\NEW\System32\msrexe.exe
C:\NEW\System32\systime.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WebSiteViewer\125029.dlr
C:\Documents and Settings\Maia Garcia\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\NEW\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1.NEW\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6BF9305D-E34D-7F95-8757-165505F27E40} - C:\NEW\System32\zdhxhi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\NEW\questmod.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: (no name) - {988013BE-7AB7-48f4-992E-44C309D65A48} - C:\NEW\System32\nlsman.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKLM\..\Run: [System Service] C:\NEW\System32\msrexe.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv124/x.chm::/load.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/399.chm::/file.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: October 22, 2004, 12:02:29 AM »

Ahh, now I see why you don't have hijackthis in a Permanent folder

The links that I supplied are for an .exe download, you keep trying to download a zip file from a different link
C:\Documents and Settings\Maia Garcia\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

Try this--Either use the links I supplied or use the zipped version from the link below, but first

Double click on MyComputer>>>>Click Tools>>>Folder Options>>>File Types>>
Look for an entry "Zip" under extensions
Left click to highlight ZIP
Then click on the "Advanced" button
Put a check in "Confirm open after download" if it's not there

Next try the link below to save the file to desktop
and Unzip it to a permanent folder
http://www.majorgeeks.com/download3155.html

After you have done that, carry on whether you could or not

I would like to know, does the version of McAfee's you have come with a Firewall?

Set Windows to Show Hidden Files and Folders

RESTART your Computer in SAFE MODE

Open Hijackthis>>>Config>>>Misc Tools>>>Open Process Manager
Kill these processes if still running in safe mode
C:\NEW\System32\systime.exe
C:\NEW\System32\msrexe.exe
C:\NEW\System32\systime.exe
C:\Program Files\WebSiteViewer\125029.dlr

Stay in safe mode, find and delete these files or folders if they exist
C:\NEW\System32\systime.exe <--file
C:\NEW\System32\msrexe.exe <--file

C:\Program Files\WebSiteViewer <--folder
C:\Program Files\TV Media <--folder

Navigate to these Temp folders and delete the Whole contents, Including sub-folders, or whatever you can, but Don't delete the Temp directories themselves

==C:\Windows\Temp\
==C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\
==C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
==C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
==C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
==Empty your "Recycle Bin"

Again, stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\NEW\systb.dll (file missing)

O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1.NEW\APPLIC~1\Setup\Setup.dll

O2 - BHO: (no name) - {6BF9305D-E34D-7F95-8757-165505F27E40} - C:\NEW\System32\zdhxhi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\NEW\questmod.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: (no name) - {988013BE-7AB7-48f4-992E-44C309D65A48} - C:\NEW\System32\nlsman.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKLM\..\Run: [System Service] C:\NEW\System32\msrexe.exe

O4 - HKCU\..\Run: [SysTime] C:\NEW\System32\systime.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv124/x.chm::/load.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/399.chm::/file.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab


RESTART your computer in Normal Mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Could you also look for these files on restart and delete them if they
exist
C:\NEW\System32\zdhxhi.dll
C:\NEW\questmod.dll
C:\NEW\System32\ir50_qcf.dll
C:\NEW\System32\nlsman.dll
C:\DOCUME~1\ALLUSERS\NEW\APPLICATION DATA\Setup\Setup.dll

Could you try downloading Ad-Aware from that link I supplied and follow the instructions to update and run a scan
RESTART your computer if you can

You should also do an online virus scan at
Housecall's---Set to Autoclean
http://housecall.trendmicro.com/
and/or at Panda's
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

After you are all done the above, Post back a fresh log from hijackthis

Removed request Smiley
« Last Edit: October 22, 2004, 03:44:59 AM by benditup » Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #9 on: October 22, 2004, 12:24:45 PM »

I couldnt delete the ir50 qfc file. Also, when I opened hosts manager it said i didnt have a host so i hit create host. It seems to be almost fixed!!!!

Logfile of HijackThis v1.98.2
Scan saved at 8:12:52 AM, on 10/22/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\NEW\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\NEW\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\hijack this\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: October 23, 2004, 05:40:09 PM »

Sorry it took so long to get back Maia
Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Quote box to notepad
In notepad click File>>Save as
Name the file as search.reg
Change the Save as Type to All Files.
Save this file on the desktop
This will help to Restore your default search settings

quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""


Let's try this
Go to START>>>RUN
copy and paste the bolded text into the open field or type it in manually, DON'T hit Enter until
you have ALL browser windows shut down

regsvr32 /u C:\NEW\System32\ir50_qcf.dll

Keep all other windows closed
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R3 - Default URLSearchHook is missing

O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll


Optionally, fix the next ones too, their not threats, but not needed on startup, programs work fine without them
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


After you have fix checked and close hijackthis
Double click on search.reg and allow it to merge to the registry

RESTART your computer
access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"

 Post back a fresh hijackthis log
Are you on dialup or broadband connection?
Why are you so far behind on Windows updates
Don't update yet, just asking....

EDIT>>Did you manage to download Ad-Aware from that link I supplied?
If you can, would you do that also
« Last Edit: October 23, 2004, 06:14:35 PM by benditup » Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #11 on: October 24, 2004, 02:31:17 AM »

Hey I did everything you asked...!! its working I think!but that damn irqcf50 is still there. how do you know all this? i downloaded adaware like you asked. thanks


Logfile of HijackThis v1.98.2
Scan saved at 10:26:15 PM, on 10/23/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\NEW\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\NEW\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack this\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: October 24, 2004, 03:56:12 AM »

Can't understand why it keeps coming back
I need you to restart in safe mode so can you print this out or save this to a notepad file on your desktop for easy access later

Download and Install Registrar Lite from here:
http://www.resplendence.com/download/reglite.exe
This is a great reg. editor, you may want to hold on to it

Create a folder on your hard drive somewhere called "backups"

Disconnect completely from the Internet and close down All browser windows

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed, including this one

O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll

RESTART your computer into safe mode

Open Registrar Lite
Click on Search at the top of the program
Then Click on Search Registry

In the "Text to Search for" box
Enter {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C}

In the "Search in" Box
Enter Registry
Then click the Spyglass at the bottom to start searching

Keys found will be on the right hand side
left click to Highlight the top entry and then Right click on it
and "Jump to" location

At the new location, Left click on the CLSID
{92AE66B0-68D1-CEB1-3817-9D3FD6B2036C}
to highlight it and then right click on it and export it to the backups folder you created earlier
(this is just to make backups)
Then right click on it again and Delete the entry

Go back to SEARCH>>>SEARCH Registry
Your search results should still be on the right hand side
Do the same procedure for the next entry, and so on

Stay in safe mode when your done
Open hijackthis and do another scan and fix that entry if present again

In safe mode
Open Hijackthis>>>Config>>>Misc Tools>>>Delete file on Reboot
Manually enter this or copy and paste this from the Notepad file you saved on desktop the Bolded entry into the File name field
C:\NEW\System32\ir50_qcf.dll

Click OPEN>>This should tell you the file will be deleted on reboot

RESTART your computer back into Normal Mode

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link==Download link
Scroll down and click on IE-SPYAD.EXE Free!

Post back a fresh hijackthis log afterwards

I
Logged

 
maiabon1
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #13 on: October 24, 2004, 07:00:58 PM »

i couldnt follow all the steps. when I tried to export, nothing would save in the file name box. I would right click on export but then there was nothing to save. Am I doing something wrong? by the way i can't access the internet under the other user names, only under mine. what is this file ir50?Huh???

Maia

Logfile of HijackThis v1.98.2
Scan saved at 3:00:43 PM, on 10/24/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW\System32\smss.exe
C:\NEW\system32\winlogon.exe
C:\NEW\system32\services.exe
C:\NEW\system32\lsass.exe
C:\NEW\system32\svchost.exe
C:\NEW\System32\svchost.exe
C:\NEW\system32\LEXBCES.EXE
C:\NEW\system32\spoolsv.exe
C:\NEW\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\NEW\system32\pctspk.exe
C:\NEW\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\NEW\Explorer.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NEW\System32\wuauclt.exe
C:\Program Files\hijack this\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ir50_qcf - {92AE66B0-68D1-CEB1-3817-9D3FD6B2036C} - C:\NEW\System32\ir50_qcf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\NEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Logged

maia
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #14 on: October 24, 2004, 07:30:03 PM »

Can you do me a favor
Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Quote box to notepad
In notepad click FILE>>>Save as
Name the file as start.bat
Change the Save as Type to All Files.
Save this on your desktop
Double click to run Start.bat
It will produce a log called look.txt
Copy and paste the contents of that log here, thanks

quote:

regedit /e ok1.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
regedit /e ok2.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regedit /e ok3.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regedit /e ok4.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
regedit /e ok6.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
regedit /e ok13.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
regedit /e ok14.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
regedit /e ok16.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
regedit /e ok19.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
copy ok1.txt + ok2.txt + ok3.txt + ok4.txt + ok6.txt + ok13.txt + ok14.txt + ok16.txt + ok19.txt = look.txt
del ok1.txt
del ok2.txt
del ok3.txt
del ok4.txt
del ok6.txt
del ok13.txt
del ok14.txt
del ok16.txt
del ok19.txt
look.txt



Could you also try and post a hijackthis log from another user
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 25, 2018, 02:23:59 PM