Dang About:Blank Home Search Hyjack

  1. 15-10-2004  #11
    WConkel
    WConkel is offline Newbie

    Re: Dang About:Blank Home Search Hyjack

    You did it.
    infection free. as far as I know anyway
    Thank you for all your time....

  3. 16-10-2004  #12
    owen
    owen is offline D-A-L Team Member (UK)
    Could you post a fresh Hijack This log to the forum so I can double check please.
  4. 18-10-2004  #13
    WConkel
    WConkel is offline Newbie
    Here You Go,

    Logfile of HijackThis v1.98.2
    Scan saved at 614 PM, on 10/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    E:\NavNT\vptray.exe
    D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    D:\PROGRA~1\PESTPA~1\PPControl.exe
    D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\Program Files\Internet Optimizer\optimize.exe
    D:\WINDOWS\System32\witlwbe.exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    E:\NavNT\defwatch.exe
    E:\NavNT\rtvscan.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Internet Optimizer\actalert.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\Documents and Settings\Owner.DADSTOY\Desktop\hijackthis.exe

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem219.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem301.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [vptray] E:\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Ad-watch] D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [jruooeeq] D:\WINDOWS\System32\witlwbe.exe
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

  5. 19-10-2004  #14
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem219.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem301.dll
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [jruooeeq] D:\WINDOWS\System32\witlwbe.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    D:\Program Files\ISTsvc
    D:\WINDOWS\System32\witlwbe.exe

    Reboot and post a fresh log
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Time to do the 'rents a favour: | take a look at log? »