Tech Support Guy banner
Cancel

browser redirect

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 3 of 3 Posts
T

· Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Im having problems with constant redirects. Everytime i try to change my host file, it changes right back. Heres some log files.

Logfile of HijackThis v1.98.2
Scan saved at 5:17:48 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\DOCUME~1\TOMVOS~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicmademe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicmademe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ORYBFILO] C:\WINDOWS\ORYBFILO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Tom Vose\Local Settings\Temp\{027A6363-9959-4CDB-9FB4-A9E1CDEB44F2}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/updater//EARTPX.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/updater//MaxisSimCity4PatcherX.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

ActiveX
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

RaptisoftGameLoader (RaptisoftGameLoader)
DPF name: RaptisoftGameLoader
CLSID name:

{0000000A-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Path: C:\WINDOWS\System32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 1/19/2005 4:34:56 PM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 0.2.0.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 6/24/2003 10:45:20 PM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 9/9/2004 3:49:12 PM
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 0.10.0.1

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 9/8/2004 8:07:48 AM
Date (last access): 1/19/2005 4:04:42 PM
Date (last write): 9/8/2004 8:07:48 AM
Filesize: 319752
Attributes: archive
MD5: 82FE6C5846C53A68A98B4CB1178688C6
CRC32: 98637D72
Version: 0.0.0.5

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/7/2004 3:29:46 PM
Date (last access): 1/19/2005 4:04:46 PM
Date (last write): 11/7/2004 3:29:46 PM
Filesize: 173168
Attributes: archive
MD5: 4C0658E518FA9D08E884DB717A7087AE
CRC32: FFDA1549
Version: 7.212.0.11

{3334504D-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft MPEG4 Video Codec
classification: Legitimate
known filename: MPEG4AX.CAB
info link:
info source: Patrick M. Kolla

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 3:10:30 AM
Date (last access): 1/19/2005 4:08:32 PM
Date (last write): 8/27/2003 3:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0

{41F17733-B041-4099-A042-B518BB6A408C} ()
DPF name:
CLSID name:

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Path: C:\WINDOWS\System32\
Long name: mcinsctl.dll
Short name:
Date (created): 7/26/2004 7:13:00 PM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 7/26/2004 7:13:00 PM
Filesize: 341064
Attributes: archive
MD5: 0EFDE57E367B9A02943B4AF664FD7BD5
CRC32: 0BF8EDF9
Version: 0.4.0.0

{54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class)
DPF name:
CLSID name: EARTPatchX Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EARTPX.dll
Short name:
Date (created): 3/4/2003 5:35:40 PM
Date (last access): 1/19/2005 4:04:42 PM
Date (last write): 3/4/2003 5:35:40 PM
Filesize: 133936
Attributes: archive
MD5: 935C911EBF671FA490AB9908CE6FD1DE
CRC32: 557FDE93
Version: 0.1.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 10:44:46 PM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 2/22/2004 10:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4

{8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class)
DPF name:
CLSID name: CustomerCtrl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: customerclient.dll
Short name: CUSTOM~1.DLL
Date (created): 7/11/2003 10:04:36 AM
Date (last access): 1/19/2005 4:04:42 PM
Date (last write): 7/11/2003 10:04:36 AM
Filesize: 143360
Attributes: archive
MD5: D759918B3902534DF998FF297FF4253B
CRC32: 760C17DD
Version: 0.3.0.5

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} ()
DPF name:
CLSID name:

{94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class)
DPF name:
CLSID name: TLIEFlashObj Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: TLIEFlashCtrlU.dll
Short name: TLIEFL~1.DLL
Date (created): 4/30/2003 11:34:20 AM
Date (last access): 1/19/2005 4:04:44 PM
Date (last write): 4/30/2003 11:34:20 AM
Filesize: 122880
Attributes: archive
MD5: 318BB053AEE45ED0D8E52CCE82D152C9
CRC32: 3A66069C
Version: 0.1.0.0

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object)
DPF name:
CLSID name: SassCln Object
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SassCln.dll
Short name:
Date (created): 5/3/2004 2:39:54 PM
Date (last access): 1/19/2005 4:04:44 PM
Date (last write): 5/3/2004 2:39:54 PM
Filesize: 118784
Attributes: archive
MD5: A1C8571FA4B64CFC5C0CDA672F3C2D21
CRC32: 06EBA55B
Version: 0.1.0.0

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Path: C:\WINDOWS\System32\
Long name: McGDMgr.dll
Short name:
Date (created): 7/22/2004 11:57:56 AM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 7/22/2004 11:57:56 AM
Filesize: 279624
Attributes: archive
MD5: 0CCF6E82A3E90EAADCD9A89EAE5FF09F
CRC32: 23397BFE
Version: 0.1.0.0

{C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control)
DPF name:
CLSID name: MaxisSimCity4PatcherX Control
Path: C:\WINDOWS\DOWNLO~1\
Long name: MaxisSimCity4PatcherX.ocx
Short name: MAXISS~1.OCX
Date (created): 9/16/2003 4:28:18 PM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 9/16/2003 4:28:18 PM
Filesize: 95080
Attributes: archive
MD5: D57B5B28547EF45A091715A9DF08CDFE
CRC32: EA842C85
Version: 0.1.0.0

{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 10:44:46 PM
Date (last access): 1/19/2005 5:01:44 PM
Date (last write): 2/22/2004 10:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 12/8/2003 2:01:58 PM
Date (last access): 1/19/2005 4:44:30 PM
Date (last write): 12/8/2003 2:01:58 PM
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 0.7.0.0

{EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control)
DPF name:
CLSID name: Microsoft Search Settings Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: searchsettings.ocx
Short name: SEARCH~1.OCX
Date (created): 11/20/1997 9:25:34 PM
Date (last access): 1/19/2005 4:31:52 PM
Date (last write): 11/20/1997 9:25:34 PM
Filesize: 34816
Attributes: archive
MD5: B1768E6B4AD6FFD032F429D00E3507B4
CRC32: 69AFD1F5
Version: 0.1.0.0

Help!
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#2 ·
Hi and welcome to TSG :)

It looks like you have a VX2 infection

Go to Control Panel - Add/Remove Programs
Uninstall these:
ares lite
WeatherBug

Then download and run these:

Ad-Aware: http://www.lavasoftusa.com/support/download/

SpyBot: http://majorgeeks.com/download2471.html

Make sure you check for updates for both programs before running them.

Do a full system scan with Ad-Aware. Delete anything it finds.
Fix all Problems SpyBot finds.

Then get the latest version of Hijack This from here: http://www.majorgeeks.com/download3155.html

Make sure it's downloaded to a permanent folder of your creation on the hard drive. Not in the Temp folder or on the desktop.

Then post a new log

We will need a Moderator's assistance after seeing the new log so they can provide the info on removing the Hosts files.
 
crushbone

· Registered
Joined
·
1,137 Posts
#3 ·
Hello tommyboytg and Welcome to TSG! :D

Download SpywareBlaster from here:
http://www.majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef

Install and run SpywareBlaster. Click on "Updates" and then choose "Check for updates". Next choose "Protection" and at the top you will see different tabs which are Internet Explorer, Restricted sites and Mozilla/Firefox. Choose one of them at a time and at the bottom click "Protect Against Checked Items" (make sure that all of the items are checked). Tick the boxes above the items. Make sure you do this for all of the top tabs. Mozilla/Firefox you only need to do if you have the user profiles on your computer. You may now exit out of SpywareBlaster.

Download Spybot S&D from here:
http://users.skynet.be/fa936042/spybotsd13.exe

Install and run Spybot S&D. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

Download Ad-Aware SE from here:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Install and run Ad-Aware SE. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

Download VX2 Cleaner plugin for Ad-Aware:
http://majorgeeks.com/downloadget.php?id=4283&file=11&evp=34312f31f5a8511bfb7cf839b1eaff0b

Install and run Ad-Aware. Click on "Add-ons" and choose "VX2 Cleaner" then "Run Tool". After running the tool, exit out of Ad-Aware.

Restart your computer.

You are running an older version of HijackThis, please download the latest version from here:
http://www.click-now.net/cgi-bin/download.pl?file=0965

Run HijackThis and choose "Do a system scan and save log file".

Post the HijackThis log on this thread.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
3 Participants
Last post:
crushbone
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top