|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-09-2004, 01:07 PM
|
#1 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
HELP!!! Whats wrong with my Internet Explorer? =[
i have some weird spyware/adware things on my comp that messes with IE. whenever i go to a site that doesn't work, it redirects me to this errorplace.com page, and then to a lycos search page. i also get random pop-ups. i ran ad-aware and spybot S&D several times but they didn't get rid of it. i went to errorplace.com and they had this program which is supposed to uninstall the redirecting thing. i don't know if it was a good idea, but i downloaded it and ran it. it said to exit out of IE but i did, and it didn't do anything else. i searched on google for "errorplace.com" but got nothing. help!
|
|
|
|
05-09-2004, 01:14 PM
|
#2 |
|
Lest we forget
Join Date: Jun 2003
Location: Ontario, Canada
Posts: 1,870
|
Run hijackthis in its own folder. Scan and save the log. It will open notepad, copy past it here.
DONT FIX ANYTHING YET!!!!!! most are harmless and even needed http://spywareinfo.com/~merijn/files/HijackThis.exe |
|
|
|
|
05-09-2004, 01:23 PM
|
#3 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
Logfile of HijackThis v1.97.7
Scan saved at 2:22:51 PM, on 5/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\desk98.exe C:\Program Files\Say the Time\SayTime.exe C:\WINDOWS\lktqc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\WINDOWS\System32\gearsec.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Kingsley\Local Settings\Temp\HijackThis.exe O2 - BHO: (no name) - {014BFC64-70F1-4F28-BB6C-4FEC57296940} - C:\WINDOWS\rtrj.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1D356786-C78B-4BF8-B777-E891D0237181} - C:\WINDOWS\cxabyp.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -on O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ATIRmtWndr] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: ATI TV (HKLM) O9 - Extra button: AIM (HKLM) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27e5602a...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...115.6054282407 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx |
|
|
|
|
05-09-2004, 01:51 PM
|
#4 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
run hjt put a check next to these close all browsers and hit fix
O2 - BHO: (no name) - {014BFC64-70F1-4F28-BB6C-4FEC57296940} - C:\WINDOWS\rtrj.dll O2 - BHO: (no name) - {1D356786-C78B-4BF8-B777-E891D0237181} - C:\WINDOWS\cxabyp.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE this one is fishy i can't find any thing on it C:\WINDOWS\lktqc.exe can you find this file right click on it goto properties and tell me what it says under the version tab |
|
|
|
|
05-09-2004, 01:53 PM
|
#5 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
oh adn please post another log
|
|
|
|
|
05-09-2004, 01:58 PM
|
#6 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
company-e
file version- 1.00 internal name- 5-5 language- Englsih (United States) Original File name- 5-5.exe Product name- Project1 Product Version- 1.00 |
|
|
|
|
05-09-2004, 02:07 PM
|
#7 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
are you still getting redirected
ctrl alt del and stop this process lktqc.exe Run an online antivirus check from at least one and preferably 2 of the following sites.... http://www.pandasoftware.com/activescan/ http://housecall.trendmicro.com/ http://www.ravantivirus.com/scan |
|
|
|
|
05-09-2004, 02:26 PM
|
#8 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
that little thing was a tricky bastard. it managed to rename it self into two places before i found it and deleted them.
|
|
|
|
|
05-09-2004, 02:34 PM
|
#9 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
are you still getting redirected ?
|
|
|
|
|
05-09-2004, 04:29 PM
|
#10 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
Logfile of HijackThis v1.97.7
Scan saved at 3:31:38 PM, on 5/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\mgabg.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\WINDOWS\System32\PDesk\PDesk.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\System32\qttask.exe C:\WINDOWS\System32\mqtat32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\mmsystem.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Richie\Local Settings\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe C:\Documents and Settings\Richie\Local Settings\Temp\Temporary Directory 2 for hjt.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoast.com/9891/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file) O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe O4 - HKLM\..\Run: [237O3qi] C:\WINDOWS\System32\mqtat32.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [mmsystem] C:\WINDOWS\System32\mmsystem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: WeatherBug (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...846.6806134259 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab |
|
|
|
|
05-09-2004, 04:53 PM
|
#11 |
|
Member (7 bit)
Join Date: Dec 2002
Location: New York
Posts: 106
|
some help with above post please?
|
|
|
|
|
05-09-2004, 05:25 PM
|
#12 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
ok first i put hjt into its own folder
not into the temp folders and not on the desk top please im going over your log now |
|
|
|
|
05-09-2004, 05:35 PM
|
#13 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
Go to http://www.spywareinfo.com/~merijn/c...tml#cwshredder , and download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds. And remember to click "Fix" (Not "Scan only") reboot Download AdAware 6 181 from here: http://www.lavasoftusa.com/ Before you scan with AdAware, check for updates of the reference file by using the "webupdate". Then ........ Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan" Then...... Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files" Then......... Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot" Then...... click "proceed" to save your settings. Now to scan it´s just to click the "Scan" button. When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu) Then Download Spybot - Search & Destroy from http://security.kolla.de After installing, first press Online, and search for, put a check mark at, and install all updates. Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED reboot Run an online antivirus check from at least one and preferably 2 of the following sites.... Run an online antivirus check from at least one and preferably 2 of the following sites.... http://www.pandasoftware.com/activescan/ http://housecall.trendmicro.com/ http://www.ravantivirus.com/scan/ then post another log please |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
