| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 61269 | 2005-08-30 08:24:00 | Eeem Help please | Ninjabear (2948) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 384637 | 2005-08-30 08:24:00 | My friend has installed msn block checker removed but advertisment keeps popping up. Ran Hijack this and showed this Logfile of HijackThis v1.99.1 Scan saved at 7:15:18 p.m., on 30/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Block Checker\block-checker.exe C:\Program Files\Warez P2P Client\warez.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\SPYWAR~1\swdoctor.exe C:\WINDOWS\slrundll.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\kero\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Paradise.net R3 - URLSearchHook: HyperSearchHook - {37941D0E-B1AD-46C8-BD13-DE69F2DF8618} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext.dll O2 - BHO: (no name) - {F8724B6B-2E1C-2B5B-7669-1490DBB26280} - C:\DOCUME~1\kero\APPLIC~1\nameonce\mpeg flag.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [Platformtonsonecash] C:\Documents and Settings\All Users\Application Data\ping move platform tons\Buildshow.exe O4 - HKCU\..\Run: [setupcorn] C:\DOCUME~1\kero\APPLIC~1\FOURON~1\TITLE INSIDE BAT.exe O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - www.musicnotes.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{391A2B25-2981-4BB6-8707-49FBA80DA864}: NameServer = 203.96.152.4 203.96.152.12 O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe What should be removed? |
Ninjabear (2948) | ||
| 384638 | 2005-08-30 08:41:00 | Lol, its a case of what shouldn't be removed :p Tell your friend to download and update Spybot, then run it in safe mode. New.net is a definate must go. I would also suggest a change to Firefox, rather than using Maxtor on top of IE. |
Myth (110) | ||
| 384639 | 2005-08-30 09:11:00 | Close the browsers. Tick these and tick fix checked. . Then reboot. C:\Program Files\Block Checker\block-checker.exe Get rid of block checker for a start. Its one big bit of spyware by the looks of it. R3 - URLSearchHook: HyperSearchHook - {37941D0E-B1AD-46C8-BD13-DE69F2DF8618} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {F8724B6B-2E1C-2B5B-7669-1490DBB26280} - C:\DOCUME~1\kero\APPLIC~1\nameonce\mpeg flag.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [Platformtonsonecash] C:\Documents and Settings\All Users\Application Data\ping move platform tons\Buildshow.exe O4 - HKCU\..\Run: [setupcorn] C:\DOCUME~1\kero\APPLIC~1\FOURON~1\TITLE INSIDE BAT.exe 010 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net 010 - Hijacked Internet access by New.Net O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - www.musicnotes.com Go to add/remove programs and find new.net and uninstall it. And get this www.simplysup.com Install it run it and scan And then select the 3rd to 7th option under utils to fix the LSP entries etc. |
Speedy Gonzales (78) | ||
| 384640 | 2005-08-30 09:19:00 | C:\Program Files\Warez P2P Client\warez.exe Whose a naughty boy then. Getting rid of that would probably help the cause as well |
bartsdadhomer (80) | ||
| 384641 | 2005-08-30 12:42:00 | C:\Program Files\Warez P2P Client\warez.exe Whose a naughty boy then. Getting rid of that would probably help the cause as well Lol actually naughty girl.She downloaded the program so she could download songs but I think that program is quite dodgy |
Ninjabear (2948) | ||
| 384642 | 2005-08-30 22:42:00 | I think that program is quite dodgy A master of understatement:D |
bartsdadhomer (80) | ||
| 384643 | 2005-08-30 23:45:00 | i would suggest ad-aware and avg, lavasoftusa.com and grisoft.com if u get those just run a scan in both of them maybe in safe mode also i like a little program called scurity tast manager its helped me get rid of viruses avgh and ad-aware couldnt.... its at neuber.com/taskmanager/index.html | CorbinH (37) | ||
| 1 | |||||