Not sure wat to fix with HJT

Unknown · April 2005

My internet ecplorer is messed up. The homepage is always about:blank. I tried the removal guide of dexter butit didn't work. I'm not sure of what to fix with Hijack This. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:46:38 PM, on 4/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ZPOINT32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\odbeyna.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\sysxy32.exe
C:\WINDOWS\sdkvu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ymsmn.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {B7E372AA-5214-5339-1C44-04A6C88B6A13} - C:\WINDOWS\system32\sysen.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Winspl] C:\WINDOWS\System32\winsplx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\System32\ZPOINT32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\odbeyna.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\nhwhf.exe
O4 - HKLM\..\Run: [sysxy32.exe] C:\WINDOWS\sysxy32.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [mfcxj32.exe] C:\WINDOWS\system32\mfcxj32.exe
O4 - HKLM\..\RunOnce: [sdkvu.exe] C:\WINDOWS\sdkvu.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {3E4DD028-CCAF-4204-8906-AAA12FAABF44} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E4DD028-CCAF-4204-8906-AAA12FAABF44} - (no file) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaec.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe

Can anyone figure mine out? Thnx.

A2I · April 2005

Can you start a

http://housecall.trendmicro.com/housecall/start_corp.asp

http://download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe update ur definition files b4 running a scan plz.

Its important when ur working with microsoft Antispyware that you double check in Tools\Advanced Tools\System Explorers\IE Settings or Browser Hijack Settings Restore if all the Default url are filled in correct if not copy paste from right Bar that means to the far right examples under details given and save as default.

for example: arm your Antispyware IE default URL/site: with the next settings correctly

Start PageInternet Explorer default setting: http://www.msn.com (anything you whish as your homepage is fine)
Search PageInternet Explorer default setting: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search BarInternet Explorer default setting: http://home.microsoft.com/search/lobby/search.asp
Start Page (all users)Internet Explorer default setting: http://www.msn.com
Search Page (all users)Internet Explorer default setting: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default Search URL (all users)Internet Explorer default setting: http://home.microsoft.com/search/search.asp
Customize Search (all users)Internet Explorer default setting: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Search Assistant (all users)Internet Explorer default setting: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Blank PageInternet Explorer default setting: res://mshtml.dll/blank.htm
Desktop Navigation FailureInternet Explorer default setting: res://shdoclc.dll/navcancl.htm
Navigation CanceledInternet Explorer default setting: res://shdoclc.dll/navcancl.htm
Navigation FailureInternet Explorer default setting: res://shdoclc.dll/navcancl.htm
Offline InformationInternet Explorer default setting: res://shdoclc.dll/offcancl.htm
Post Not CachedInternet Explorer default setting: res://mshtml.dll/repost.htm

save

Any changes afterwards need to be approved by ur own actions first.
So take care there what you tick, if unknown just block ofcourse you can still put ur homepage to the one you like.. (Manage by going to Tools\Realtime Protection\System agents Activate all services windows services check with 4example with managed allowed\blocked.)

Most important This is your core of correct functioning of this program

Go to Tools\RealTime Protection\Application Agent\view Application Agent Checkpoint MAKE SURE EVERYTHING IS EMPTY, hit manage allowed/blocked... that is on the right bottum of your program, highlight the checkpoint details b4 you hit manage allowed/blocked... double check them all, and empty if it contains allready items. WHEN YOU START WITH THIS PROGRAM ANYTHING EVEN UNKNOWN WHAT TRIES TO FORCE SOMETHING WILL BE ASKED DIRECTLY TO YOU WHAT TO TAKE ACTION ON FOR. So make sure you do that correct.

Next Try run a scan with

http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10373771.html (Webroot Spy Sweeper 3.5 update ur definitions b4 you start the scan)

Can you update ur windows with the next underneat sp2

http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en 272MB

after that install tick update ur windows Autoupdates on enable.

Post a new log if you did all the options I sugguested above.

And the problems still occur.

ty.

manoy385 · April 2005

Here is my log after following your instructions. I haven't upgraded to sp2 yet but my browser is fine. Thnx a lot!!!!

Logfile of HijackThis v1.99.1
Scan saved at 9:38:32 PM, on 4/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {3E4DD028-CCAF-4204-8906-AAA12FAABF44} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E4DD028-CCAF-4204-8906-AAA12FAABF44} - (no file) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe

Anything wrong with this one?

A2I · April 2005

Could you do me a favour can you go to Tools\Spyware Scan\View Spyware Scan History (in ur ms Antispyware) could you highlight ur last scan and click on view full details of scan click in the more information ctrl+a (select all) then ctrl+c copy in ur post here plz.

thnx.

ps. I highly recommend you do install the servicepack2 for XP the setup and link I put will not give you problems with installing if it does just post here plz.

I can fix it.

http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

manoy385 · April 2005

Here it is:

Spyware Scan Details
Start Date: 4/3/2005 7:32:20 PM
End Date: 4/3/2005 7:34:32 PM
Total Time: 2 mins 12 secs

Detected Threats

ShopAtHome Spyware more information...
Details: ShopAtHome installs itself in the Winsock layer of your system and redirects your browser to merchant sites to take advantage of the affiliate fees.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.exe

AdStatus Remote Access Trojan more information...
Details: Displays a Fireworks and simultanlously starts in the backround. AdStatus sends user passwords encrypted via e-mail.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
C:\Program Files\Windows AdStatus\WinStatComm.dll

Possible Browser Hijack Browser Modifier more information...
Details: Possible Browser Hijack redirects Internet Explorer.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Topconverting Crazywinnings Adware more information...
Details: Topconverting Crazywinnings installs via online games through ActiveX drive-by-download.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\downloaded program files\loader2.ocx

eXact.BargainBuddy Adware more information...
Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
C:\temp\Bargains.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy Changed 0

Cydoor Adware more information...
Details: Cydoor downloads advertisements from a remote server and displays them on your computer.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\system32\adcache\b_434_0_1_571600.gif
c:\windows\system32\adcache\b_434_0_1_614100.htm
c:\windows\system32\adcache\b_434_2_2_551400.htm
c:\windows\system32\adcache\b_434_2_2_551400.swf
c:\windows\system32\adcache\b_434_2_2_552900.htm
c:\windows\system32\adcache\b_434_2_2_552900.swf
c:\windows\system32\adcache\b_434_2_2_583400.htm
c:\windows\system32\adcache\b_434_2_2_587300.htm
c:\windows\system32\adcache\b_434_2_2_600100.htm
c:\windows\system32\adcache\b_434_2_2_617700.htm
c:\windows\system32\adcache\b_434_2_2_631900.htm
c:\windows\system32\adcache\b_434_2_2_638700.gif
c:\windows\system32\adcache\b_434_0_1_614100.swf
c:\windows\system32\adcache\b_434_2_2_638700.htm
c:\windows\system32\adcache\b_434_2_2_640800.gif
c:\windows\system32\adcache\b_434_2_2_640800.htm
c:\windows\system32\adcache\b_434_2_2_643700.htm
c:\windows\system32\adcache\b_434_2_2_661400.htm
c:\windows\system32\adcache\b_434_2_2_678300.htm
c:\windows\system32\adcache\b_434_2_3_558100.htm
c:\windows\system32\adcache\b_434_2_3_558100.swf
c:\windows\system32\adcache\b_434_2_3_558500.htm
c:\windows\system32\adcache\b_434_2_3_558500.swf
c:\windows\system32\adcache\b_434_0_1_626200.htm
c:\windows\system32\adcache\b_434_2_3_617700.htm
c:\windows\system32\adcache\b_434_2_3_622000.htm
c:\windows\system32\adcache\b_434_2_3_623600.htm
c:\windows\system32\adcache\b_434_2_3_651100.htm
c:\windows\system32\adcache\b_434_2_3_667700.gif
c:\windows\system32\adcache\b_434_2_3_667700.htm
c:\windows\system32\adcache\b_434_2_3_667800.gif
c:\windows\system32\adcache\b_434_2_3_667800.htm
c:\windows\system32\adcache\b_434_2_3_667900.gif
c:\windows\system32\adcache\b_434_2_3_667900.htm
c:\windows\system32\adcache\b_434_0_1_626200.swf
c:\windows\system32\adcache\b_434_2_4_517700.htm
c:\windows\system32\adcache\b_434_2_4_517700.swf
c:\windows\system32\adcache\b_434_2_4_661900.htm
c:\windows\system32\adcache\b_434_2_4_661900.jpg
c:\windows\system32\adcache\b_434_2_4_662500.gif
c:\windows\system32\adcache\b_434_2_4_662500.htm
c:\windows\system32\adcache\b_559400.htm
c:\windows\system32\adcache\b_656700.htm
c:\windows\system32\adcache\b_434_0_1_628000.htm
c:\windows\system32\adcache\b_434_0_1_628000.swf
c:\windows\system32\adcache\b_434_0_1_630700.htm
c:\windows\system32\adcache\b_434_0_1_630700.swf
c:\windows\system32\adcache\b_434_0_1_630800.htm
c:\windows\system32\adcache\b_434_0_1_630800.swf
c:\windows\system32\adcache\b_434_0_1_579100.gif
c:\windows\system32\adcache\b_434_0_1_630900.htm
c:\windows\system32\adcache\b_434_0_1_630900.swf
c:\windows\system32\adcache\b_434_0_1_631100.htm
c:\windows\system32\adcache\b_434_0_1_631100.swf
c:\windows\system32\adcache\b_434_0_1_655900.gif
c:\windows\system32\adcache\b_434_0_1_656000.gif
c:\windows\system32\adcache\b_434_0_1_656200.gif
c:\windows\system32\adcache\b_434_0_1_656300.gif
c:\windows\system32\adcache\b_434_0_1_656500.gif
c:\windows\system32\adcache\b_434_0_2_506200.htm
c:\windows\system32\adcache\b_434_0_1_579300.gif
c:\windows\system32\adcache\b_434_0_2_506200.swf
c:\windows\system32\adcache\b_434_0_2_510600.htm
c:\windows\system32\adcache\b_434_0_2_510600.swf
c:\windows\system32\adcache\b_434_0_2_514100.htm
c:\windows\system32\adcache\b_434_0_2_514100.swf
c:\windows\system32\adcache\b_434_0_2_559000.gif
c:\windows\system32\adcache\b_434_0_2_570000.gif
c:\windows\system32\adcache\b_434_0_2_664200.htm
c:\windows\system32\adcache\b_434_0_2_664200.swf
c:\windows\system32\adcache\b_434_0_2_667500.gif
c:\windows\system32\adcache\b_434_0_1_580200.gif
c:\windows\system32\adcache\b_434_0_3_579100.gif
c:\windows\system32\adcache\b_434_0_3_612400.gif
c:\windows\system32\adcache\b_434_0_3_612800.htm
c:\windows\system32\adcache\b_434_0_3_612800.swf
c:\windows\system32\adcache\b_434_0_3_613000.htm
c:\windows\system32\adcache\b_434_0_3_613000.swf
c:\windows\system32\adcache\b_434_0_3_614100.htm
c:\windows\system32\adcache\b_434_0_3_614100.swf
c:\windows\system32\adcache\b_434_0_3_664200.htm
c:\windows\system32\adcache\b_434_0_3_664200.swf
c:\windows\system32\adcache\b_434_0_1_612400.gif
c:\windows\system32\adcache\b_434_0_3_664400.htm
c:\windows\system32\adcache\b_434_0_3_664400.swf
c:\windows\system32\adcache\b_434_0_4_517600.gif
c:\windows\system32\adcache\b_434_0_4_596200.htm
c:\windows\system32\adcache\b_434_0_4_596200.swf
c:\windows\system32\adcache\b_434_0_4_608700.gif
c:\windows\system32\adcache\b_434_0_4_633500.gif
c:\windows\system32\adcache\b_434_0_4_655500.gif
c:\windows\system32\adcache\b_434_0_4_661300.gif
c:\windows\system32\adcache\b_434_2_0_573300.htm
c:\windows\system32\adcache\b_434_0_1_612800.htm
c:\windows\system32\adcache\b_434_2_1_511000.htm
c:\windows\system32\adcache\b_434_2_1_511000.jpg
c:\windows\system32\adcache\b_434_2_1_511500.gif
c:\windows\system32\adcache\b_434_2_1_511500.htm
c:\windows\system32\adcache\b_434_2_1_517700.htm
c:\windows\system32\adcache\b_434_2_1_517700.swf
c:\windows\system32\adcache\b_434_2_1_521200.htm
c:\windows\system32\adcache\b_434_2_1_521200.jpg
c:\windows\system32\adcache\b_434_2_1_532500.htm
c:\windows\system32\adcache\b_434_2_1_532500.swf
c:\windows\system32\adcache\b_434_0_1_612800.swf
c:\windows\system32\adcache\b_434_2_1_535400.htm
c:\windows\system32\adcache\b_434_2_1_535400.swf
c:\windows\system32\adcache\b_434_2_1_551400.htm
c:\windows\system32\adcache\b_434_2_1_551400.swf
c:\windows\system32\adcache\b_434_2_1_552900.htm
c:\windows\system32\adcache\b_434_2_1_552900.swf
c:\windows\system32\adcache\b_434_2_1_553600.htm
c:\windows\system32\adcache\b_434_2_1_553600.jpg
c:\windows\system32\adcache\b_434_2_1_562300.htm
c:\windows\system32\adcache\b_434_2_1_562300.jpg
c:\windows\system32\adcache\b_434_0_1_613000.htm
c:\windows\system32\adcache\b_434_2_1_563400.htm
c:\windows\system32\adcache\b_434_2_1_563400.jpg
c:\windows\system32\adcache\b_434_2_1_584800.gif
c:\windows\system32\adcache\b_434_2_1_584800.htm
c:\windows\system32\adcache\b_434_2_1_593200.gif
c:\windows\system32\adcache\b_434_2_1_593200.htm
c:\windows\system32\adcache\b_434_2_1_612100.gif
c:\windows\system32\adcache\b_434_2_1_612100.htm
c:\windows\system32\adcache\b_434_2_1_617700.htm
c:\windows\system32\adcache\b_434_2_1_622000.htm
c:\windows\system32\adcache\b_434_0_1_613000.swf
c:\windows\system32\adcache\b_434_2_1_623600.htm
c:\windows\system32\adcache\b_434_2_1_627200.gif
c:\windows\system32\adcache\b_434_2_1_627200.htm
c:\windows\system32\adcache\b_434_2_1_633800.htm
c:\windows\system32\adcache\b_434_2_1_633800.swf
c:\windows\system32\adcache\b_434_2_1_651100.htm
c:\windows\system32\adcache\b_434_2_1_661400.htm
c:\windows\system32\adcache\b_434_2_1_664000.gif
c:\windows\system32\adcache\b_434_2_1_664000.htm
c:\windows\system32\adcache\b_434_2_1_680500.htm

Infected folders detected
c:\windows\system32\adcache

Security iGuard Under Investigation more information...
Details: Security iGuard claims to be a security product but is installed via a known Internet Explorer exploit.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected folders detected
c:\documents and settings\manuel\application data\rex-services
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\startmenucurrentuser
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\browserobjects
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\packages
c:\documents and settings\manuel\application data\rex-services\security iguard
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\hkcu
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\hkcu\runonce
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\hklm
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\hklm\runonce
c:\documents and settings\manuel\application data\rex-services\security iguard\quarantine\autorun\startmenuallusers

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\Software\Rex-Services
HKEY_LOCAL_MACHINE\Software\Rex-Services MGuid {60DF5104-D814-4906-B877-79DE12961DA9}

Detected Spyware Cookies
No spyware cookies were found during this scan.

Not sure wat to fix with HJT

Comments