MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: New HJT log!!! Please Help!!! HJT log included
October 20, 2019, 01:12:02 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 20, 2019, 01:12:02 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: New HJT log!!! Please Help!!! HJT log included  (Read 2423 times)
rusty27
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« on: October 22, 2004, 02:44:01 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: ME
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Oh please help. I am not very good at computers and I think that I have a big problems. It seems everything has gone haywire!! Here is my HJT log.
Thanks!!

Logfile of HijackThis v1.97.7
Scan saved at 8:25:35 PM, on 10/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\BRAJXWW.EXE
C:\WINDOWS\SYSTEM\SNMSTKIT.EXE
C:\WINDOWS\DHBRWSR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOO30.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\KEYWORD.EXE
C:\WINDOWS\SYSTEM\WINST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [gpmxzc] C:\WINDOWS\SYSTEM\gpmxzc.exe
O4 - HKLM\..\Run: [qrhhtph] C:\WINDOWS\brajxww.exe
O4 - HKLM\..\Run: [p88g36R] SNMSTKIT.EXE
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\WINST.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [YzrmRWdpR] SPOO30.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpySpotterInstall.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
« Last Edit: October 22, 2004, 03:17:12 AM by rusty27 » Logged

 
mpfeif101
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 29


Bookmark and Share

View Profile
« Reply #1 on: October 22, 2004, 02:53:47 AM »

1) You are using an outdated version of HijackThis.  Please update to the newest version, 1.98.2 from here.

2) A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

  • Please download LSPFix from
  • here.
  • Run the LSPFix.exe that you have just finished downloading.

  • Check the I know what I'm doing box.

  • In the Keep box you should see one or more instances of lspak.dll.

  • Select every instance of lspak.dll and move each one to the Remove box by clicking the >> button.

  • When you are done click Finish>>.[/*]


3) Post a new log (there are still several malware items we need to remove)
« Last Edit: October 22, 2004, 03:21:40 AM by mpfeif101 » Logged

AntiSpyware Net



Please do not PM me asking for HJT help.  Everyone benefits when it is done on the open forum.
rusty27
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: October 22, 2004, 03:16:08 AM »

I did what you said and here is my new HJT Log.

Thanks again
Logfile of HijackThis v1.98.2
Scan saved at 9:10:00 PM, on 10/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\BRAJXWW.EXE
C:\WINDOWS\SYSTEM\SNMSTKIT.EXE
C:\WINDOWS\DHBRWSR.EXE
C:\WINDOWS\RPPRYK.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\VVSN\VVSN.EXE
C:\WINDOWS\SYSTEM\KEYWORD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOO30.EXE
C:\PROGRAM FILES\MY DAILY HOROSCOPE\MYDAILYHOROSCOPE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=1000474
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [gpmxzc] C:\WINDOWS\SYSTEM\gpmxzc.exe
O4 - HKLM\..\Run: [qrhhtph] C:\WINDOWS\brajxww.exe
O4 - HKLM\..\Run: [p88g36R] SNMSTKIT.EXE
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\rppryk.exe
O4 - HKLM\..\Run: [msbb] c:\windows\system\msbb.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [zkbkj] C:\WINDOWS\zkbkj.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
O4 - HKLM\..\Run: [Create A Monster] C:\Program Files\Kudd.com\createAMonster.exe -run
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\WINST.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [YzrmRWdpR] SPOO30.EXE
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Startup: tkktyl.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpySpotterInstall.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\SYSTEM\LMF32.DLL

Logged

 
mpfeif101
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 29


Bookmark and Share

View Profile
« Reply #3 on: October 22, 2004, 04:03:03 AM »

Hi rusty27,

Good job following directions Smiley  We got rid of those nasty 010's.  Now we gotta get rid of the buttload of malware in this log.

1) I'd prefer you put HJT in a folder in the C: drive instead of just the desktop.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

2) Run HJT again and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=1000474
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [gpmxzc] C:\WINDOWS\SYSTEM\gpmxzc.exe
O4 - HKLM\..\Run: [qrhhtph] C:\WINDOWS\brajxww.exe
O4 - HKLM\..\Run: [p88g36R] SNMSTKIT.EXE
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\rppryk.exe
O4 - HKLM\..\Run: [msbb] c:\windows\system\msbb.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [zkbkj] C:\WINDOWS\zkbkj.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\WINST.EXE
O4 - HKCU\..\Run: [YzrmRWdpR] SPOO30.EXE
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Startup: tkktyl.exe

O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx

O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\SYSTEM\LMF32.DLL

3) Close any open browsers and windows and click "Fix Checked".

***You may want to print out the following instructions as your internet access will be temporarily disabled***

4) Reboot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5) Enable Hidden Files and Folders:
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

6) Check to see if any of these things exist in Add/Remove Programs in the Control Panel.  If they do, uninstall them.

My Daily Horoscope
180 Solutions
Bullseye
WhenU

7) Find and delete the following files and folders: (it's ok if some of them don't exist)

C:\WINDOWS\SYSTEM\stcloader.exe
C:\WINDOWS\Meruoq.exe
C:\WINDOWS\SYSTEM\gpmxzc.exe
C:\WINDOWS\brajxww.exe
C:\WINDOWS\DHUpdt.exe
C:\WINDOWS\dhbrwsr.exe
C:\Program Files\BullsEye Network <-- whole folder
C:\WINDOWS\rppryk.exe
c:\windows\system\msbb.exe
C:\Program Files\ISTsvc <-- whole folder
C:\WINDOWS\zkbkj.exe
C:\WINDOWS\CONSCORR.exe
C:\WINDOWS\wupdt.exe
C:\PROGRAM FILES\POWER SCAN <-- whole folder
C:\PROGRAM FILES\VVSN <-- whole folder
C:\WINDOWS\SYSTEM\MANAGE.exe
C:\WINDOWS\SYSTEM\KEYWORD.exe
C:\WINDOWS\SYSTEM\WINST.EXE
C:\PROGRA~1\MYDAIL~1 <-- whole folder
C:\PROGRAM FILES\YOURSITEBAR <-- whole folder

Cool Reboot into normal mode (simply restart as you usually would)

10) Run HJT again and post a new log.
Logged

AntiSpyware Net



Please do not PM me asking for HJT help.  Everyone benefits when it is done on the open forum.
rusty27
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #4 on: October 24, 2004, 05:16:41 AM »

Thank you, Thank you, Thank you. Here is my new HJT log.

Logfile of HijackThis v1.98.2
Scan saved at 11:08:50 PM, on 10/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
Logged

 
mpfeif101
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 29


Bookmark and Share

View Profile
« Reply #5 on: October 24, 2004, 05:57:16 PM »

Almost there Smiley

Run HJT, close any open browsers and windows and place a check next to:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Hit "Fix Checked".

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.

  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot.  Similar to Ad-Aware, I strongly recommend both to catch most spyware.



Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.

  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system.  It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.  Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.



And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
Logged

AntiSpyware Net



Please do not PM me asking for HJT help.  Everyone benefits when it is done on the open forum.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: October 24, 2004, 06:43:33 PM »

Can you do me a favor Rusty

could you please download Ad-Aware Se Personal
from mpfeif101 Link
After you have it installed
Check for Updates
Can you download and Install The VX2 Cleaner Addon for Ad-Aware

After you have the Addon installed
Start Ad-Aware
 Go to
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 13, 2017, 10:23:46 AM