hijackthis list: what to fix?

Discussion in 'Computer Support' started by crash, Jul 21, 2004.

  1. crash

    crash Guest

    A couple of weeks ago I went to a site in the bad part of town. The
    next day I had all kinds of spyware/popups. I ran Spybot S&D, and
    Adaware. This fixed the problem for a while, but lately the
    spyware/popup crap has been coming hard and fast. Even when I run
    Spybot, if I run it again a few hours later, the same problems need
    fixing again. I'm a computer moron: but I wonder if one of two things
    is happening?

    1) There's something on my computer that doesn't get erased by
    Spybot/Adaware, and it keeps generating stuff even after I run those
    programs?
    2) When I log on the internet, something recognizes my computer sig
    somehow and re-sends me the same stuff?

    anyway, I ran a hijackthis and got the following: does anyone have
    any opinions on what to fix? Keep in mind I'm a computer moron.
    Thanks in advance.



    Logfile of HijackThis v1.97.7
    Scan saved at 4:03:30 PM, on 7/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\documents and settings\dave\local settings\temp\MzIN.exe
    C:\WINDOWS\bokja.exe
    C:\WINDOWS\wovax.exe
    C:\documents and settings\dave\local settings\temp\K1Uz.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\dave\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    about:blank
    O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} -
    C:\WINDOWS\VoiceIP.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} -
    C:\PROGRA~1\Srng\SNHelper.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} -
    C:\Program Files\SEP\sep.dll
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} -
    C:\Program Files\Common Files\midaddle\midaddle.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} -
    C:\Program Files\SEP\sep.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
    file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program
    Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program
    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program
    Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program
    Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]
    C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program
    Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
    Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [MzIN] C:\documents and settings\dave\local
    settings\temp\MzIN.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [brfwqxylngplk] C:\WINDOWS\System32\meonfz.exe
    O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
    O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe
    O4 - HKLM\..\Run: [K1Uz] C:\documents and settings\dave\local
    settings\temp\K1Uz.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    Files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
    Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL
    Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: Yahoo! Chess -
    http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Poker -
    http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor
    Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1088106440040
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37885.471099537
    crash, Jul 21, 2004
    #1
    1. Advertising

  2. crash

    °Mike° Guest

    Before you proceed, make sure that you have
    SpyBot S&D updated, AND Ad-Aware updated.
    Be sure to download and install the Ad-Aware
    VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

    Download SpHjfix fix.
    http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

    Download AboutBuster
    http://tools.zerosrealm.com/AboutBuster.zip

    Download CWShredder
    http://www.spywareinfo.com/~merijn/cwschronicles.html


    Boot into Safe Mode once that's done. As soon as you
    have booted into Safe Mode, empty your TEMP folder,
    your Temporary Internet Files (including Offline Content),
    and your IE History.

    Continued inline....


    On 21 Jul 2004 14:05:19 -0700, in
    <>
    crash scrawled:

    <snip>

    DO THIS IN SAFE MODE
    =================

    DISCONNECT FROM THE NET
    =====================

    CLOSE ALL OTHER APPLICATIONS EXCEPT HJT
    ==================================

    >Logfile of HijackThis v1.97.7
    >Scan saved at 4:03:30 PM, on 7/21/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:


    >C:\documents and settings\dave\local settings\temp\MzIN.exe
    >C:\WINDOWS\bokja.exe
    >C:\WINDOWS\wovax.exe
    >C:\documents and settings\dave\local settings\temp\K1Uz.exe


    End task the above processes (CTRL+ALT+DEL).


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://www.dellnet.com/
    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://www.dellnet.com/


    If the above two urls are not your preferred home page and
    search page, have HijackThis fix them.


    >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    >=


    Have Hijack this fix the above.


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    >about:blank


    Have Hijack this fix the above.


    >O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} -
    >C:\WINDOWS\VoiceIP.dll


    Have Hijack this fix the above.
    Delete the VoiceIP.dll file and remove it from your recycle bin.


    >O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} -
    >C:\PROGRA~1\Srng\SNHelper.dll (file missing)


    Have Hijack this fix the above.


    >O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} -
    >C:\Program Files\SEP\sep.dll


    >O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} -
    >C:\Program Files\SEP\sep.dll


    Have Hijack this fix the above.
    Delete the sep.dll file and remove it from your recycle bin.


    >O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} -
    >C:\Program Files\Common Files\midaddle\midaddle.dll


    Have Hijack this fix the above.
    Delete the midaddle.dll file and remove it from your recycle bin.


    >O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
    >file)


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe


    Have Hijack this fix the above.
    Delete the id53.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [MzIN] C:\documents and settings\dave\local
    >settings\temp\MzIN.exe


    Have Hijack this fix the above.
    Delete the MzIN.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [brfwqxylngplk] C:\WINDOWS\System32\meonfz.exe


    Have Hijack this fix the above.
    Delete the meonfz.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe


    Have Hijack this fix the above.
    Delete the bokja.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe


    Have Hijack this fix the above.
    Delete the wovax.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [K1Uz] C:\documents and settings\dave\local
    >settings\temp\K1Uz.exe


    Have Hijack this fix the above.
    Delete the K1Uz.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe


    Have Hijack this fix the above.
    Delete the aqadcup.exe file and remove it from your recycle bin.


    >O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    >Files\WinTools\WToolsA.exe


    Have Hijack this fix the above.
    Delete the WToolsA.exe file and remove it from your recycle bin.


    >O4 - Global Startup: Digital Line Detect.lnk = ?


    Have Hijack this fix the above.



    Open your registry editor (Start / Run / Regedit) to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    If you see an entry named '__NS_Service_3' delete it.

    Still in the registry, navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    If you see an entry named 'LEGACY___NS_Service_3' delete it.

    Still in the registry, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    If the subkey {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    exists, delete it.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\
    If the subkey {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    exists, delete it.

    Close your registry editor.


    Do NOT reconnect; do NOT reboot into normal mode, yet.

    Run SpyBot S&D (full scan)

    Run Ad-Aware (full scan)

    Run the Ad-Aware VX2 cleaner plug-in.

    Run the SpHjfix.

    Run CWShredder

    Run AboutBuster

    Re-run HijackThis and rescan.


    If SpyBot S&D and/or Ad-Aware do not run in Safe
    Mode, leave those steps until last and run them
    in normal mode, BEFORE YOU CONNECT.



    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 21, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan
    Replies:
    2
    Views:
    435
    Dan C
    May 10, 2005
  2. Holger Isenberg
    Replies:
    0
    Views:
    760
    Holger Isenberg
    Nov 19, 2003
  3. Mr. Wood

    HijackThis log - what do I fix?

    Mr. Wood, May 30, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    535
    Toolman Tim
    May 30, 2004
  4. Matt

    What to fix in this HijackThis log?

    Matt, Jun 29, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    1,217
    °Mike°
    Jun 29, 2004
  5. Backflip

    HijackThis list - what to fix?

    Backflip, Jun 24, 2010, in forum: Computer Support
    Replies:
    0
    Views:
    1,120
    Backflip
    Jun 24, 2010
Loading...

Share This Page