Trying to remove prosearching

  1. 30-09-2004  #1
    Jasec
    Jasec is offline Newbie

    Trying to remove prosearching

    Can you help me o remove prosearching this is my log file:
    Logfile of HijackThis v1.98.2
    Scan saved at 9:06:48 PM, on 30/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\windriv.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E
    C:\WINDOWS\System32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe
    C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntim e.exe
    C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE
    C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe
    C:\WINDOWS\System32\winx.exe
    C:\WINDOWS\System32\updatex.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Download files\DAL\hijackthis.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jlsmmdtlwtegftbv.com/yNfA...vqRBewhf8g.cgi
    O2 - BHO: (no name) - {00000186-C745-43D2-44F1-01A1C789C738} - C:\Program Files\SB\Smart-Browser\ybd.71.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: (no name) - {A5D4E012-2E3D-2A50-77DF-FE95F11BF4A1} - C:\PROGRA~1\INSIDE~1\TRAYSPAM.exe
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E -r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: A920 Connection Manager.lnk = ?
    O4 - Global Startup: A920 Task Scheduler.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093000219957
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
  2. 30-09-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jlsmmdtlwtegftbv.com/yNf...kvqRBewhf8g.cgi
    O2 - BHO: (no name) - {00000186-C745-43D2-44F1-01A1C789C738} - C:\Program Files\SB\Smart-Browser\ybd.71.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: (no name) - {A5D4E012-2E3D-2A50-77DF-FE95F11BF4A1} - C:\PROGRA~1\INSIDE~1\TRAYSPAM.exe
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Then delete the following files and folders:
    C:\Program Files\INSIDE~1
    C:\WINDOWS\System32\spoolsvr.exe DON'T DELETE THE LEGIT spoolsv.exe
    C:\WINDOWS\System32\windriv.exe
    C:\Program Files\GLUEFL~1
    C:\Documents and Settings\All Users\Application Data\messamenfunkhelp

    Reboot and post a fresh log
  3. 30-09-2004  #3
    Jasec
    Jasec is offline Newbie
    Thankx Owen, that appears to have worked is there anything else that needs o be done this is a newlog file:
    Logfile of HijackThis v1.98.2
    Scan saved at 7:13:20 AM, on 1/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe
    C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe
    C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntim e.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE
    C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe
    C:\Download files\DAL\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sccyogtvhgkgpl.com/yNfAVz...qRBewhf8g.html
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E -r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: A920 Connection Manager.lnk = ?
    O4 - Global Startup: A920 Task Scheduler.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093000219957
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
  4. 30-09-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark and put a checkmark next to the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sccyogtvhgkgpl.com/yNfAV...vqRBewhf8g.html
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe

    Click Fix Checked

    Reboot and post a fresh log
  5. 30-09-2004  #5
    Jasec
    Jasec is offline Newbie
    Owen this is another log thank you heaps for you help:
    Logfile of HijackThis v1.98.2
    Scan saved at 7:48:31 AM, on 1/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe
    C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe
    C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntim e.exe
    C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE
    C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Download files\DAL\hijackthis.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E -r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: A920 Connection Manager.lnk = ?
    O4 - Global Startup: A920 Task Scheduler.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093000219957
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
  6. 01-10-2004  #6
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    If these two files exist, delete them:
    C:\WINDOWS\System32\spoolsvr.exe
    C:\WINDOWS\System32\windriv.exe

    Reboot and post a fresh log
  7. 02-10-2004  #7
    Jasec
    Jasec is offline Newbie
    I have deleted all the files but these are sill there: O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe
    ......
    am I doing something wrong.
    Thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 6:33:23 PM, on 2/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe
    C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe
    C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe
    C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntim e.exe
    C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE
    C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe
    C:\Download files\DAL\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sccyogtvhgkgpl.com/yNfAVz...qRBewhf8g.html
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EX E -r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: A920 Connection Manager.lnk = ?
    O4 - Global Startup: A920 Task Scheduler.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093000219957
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
  8. 02-10-2004  #8
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Boot into Safe Mode.

    Restart Hijack This and put a checkmark next to the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sccyogtvhgkgpl.com/yNfAV...vqRBewhf8g.html
    O4 - HKLM\..\Run: [Winspool] C:\WINDOWS\System32\spoolsvr.exe
    O4 - HKLM\..\Run: [Windriv] C:\WINDOWS\System32\windriv.exe
    O4 - HKLM\..\Run: [logo sign] C:\PROGRA~1\GLUEFL~1\WipeObjBore.exe
    O4 - HKLM\..\Run: [funk help readme load] C:\Documents and Settings\All Users\Application Data\messamenfunkhelp\chinmfcd.exe

    Click Fix Checked

    Then reboot normally and post a fresh Hijack This log.
+ Reply to Thread
« Need Help with the Ads234 Hijack | Hijack This log ads234 removal help »