Options
Problem : Ads 234 Removal....help!
Hello ,
This problem really irritate me!!! Everytime I open up an IE window, Ads 234 hijacks the home page. Here is my hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:59:44 PM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SV00LSV.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Save\Save.exe
C:\documents and settings\christy\local settings\temp\3vHNXS.exe
C:\documents and settings\christy\local settings\temp\2aH.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINDOWS\system32\KAVFP.EXE
C:\Program Files\Common Files\KingSoft\KSG\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClockSync\Sync.exe
C:\Documents and Settings\Christy\Application Data\acwu.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Kingsoft\FASTAI~1\KTEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lоgonui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Christy\LOCALS~1\Temp\Rar$EX00.362\HijackThis.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\SV00LSV.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\3???BT????èí?t\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: (no name) - {39F91327-E716-2AC1-D504-115505F17310} - C:\WINDOWS\system32\swkzjhaa.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christy\Local Settings\Temp\ZR2p5kkcq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\KingSoft\KSG\client.exe
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Wvladqf] C:\WINDOWS\system32\l§àgonui.exe
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://c:\3???BT????èí?t\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: use FlashGet to download - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: use FlashGet to download all the link
- C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ???¢óê??í¨ - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094695107296
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
Thank you very much for helping me!!!
This problem really irritate me!!! Everytime I open up an IE window, Ads 234 hijacks the home page. Here is my hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:59:44 PM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SV00LSV.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Save\Save.exe
C:\documents and settings\christy\local settings\temp\3vHNXS.exe
C:\documents and settings\christy\local settings\temp\2aH.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINDOWS\system32\KAVFP.EXE
C:\Program Files\Common Files\KingSoft\KSG\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClockSync\Sync.exe
C:\Documents and Settings\Christy\Application Data\acwu.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Kingsoft\FASTAI~1\KTEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lоgonui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Christy\LOCALS~1\Temp\Rar$EX00.362\HijackThis.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\SV00LSV.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\3???BT????èí?t\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: (no name) - {39F91327-E716-2AC1-D504-115505F17310} - C:\WINDOWS\system32\swkzjhaa.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christy\Local Settings\Temp\ZR2p5kkcq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\KingSoft\KSG\client.exe
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Wvladqf] C:\WINDOWS\system32\l§àgonui.exe
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://c:\3???BT????èí?t\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: use FlashGet to download - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: use FlashGet to download all the link
- C:\Program Files\FlashGet\jc_all.htmO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ???¢óê??í¨ - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094695107296
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
Thank you very much for helping me!!!
0
Comments