|
| ||
| Help w/ searchfeed and http://kon4ay.biz/ Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\veilkd.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\WINDOWS\binml.exe C:\WINDOWS\System32\dineman.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\System32\dhci2.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe c:\windows\nic\install.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\nic\System.exe C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe C:\WINDOWS\ntrvs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\nic\taskmgr.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Q92194.exe C:\WINDOWS\system.exe C:\WINDOWS\explorer.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app...DQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/y...redir=ymmapi10 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC O1 - Hosts: 69.60.111.224 www.doubleclick.net O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems O1 - Hosts: 69.60.111.224 ad.preferences.com O1 - Hosts: 69.60.111.224 ads.doubleclick.com O1 - Hosts: 69.60.111.224 ads.infospace.com O1 - Hosts: 69.60.111.224 ads.msn.com O1 - Hosts: 69.60.111.224 ads.switchboard.com O1 - Hosts: 69.60.111.224 ads.doubleclick.net O1 - Hosts: 69.60.111.224 ad2.doubleclick.net O1 - Hosts: 69.60.111.224 ad3.doubleclick.net O1 - Hosts: 69.60.111.224 ad4.doubleclick.net O1 - Hosts: 69.60.111.224 ad5.doubleclick.net O1 - Hosts: 69.60.111.224 ad6.doubleclick.net O1 - Hosts: 69.60.111.224 ad7.doubleclick.net O1 - Hosts: 69.60.111.224 ad8.doubleclick.net O1 - Hosts: 69.60.111.224 ad9.doubleclick.net O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linkexchange.com O1 - Hosts: 69.60.111.224 ads.enliven.com O1 - Hosts: 69.60.111.224 oz.valueclick.com O1 - Hosts: 69.60.111.224 banner.linkexchange.com O1 - Hosts: 69.60.111.224 commonwealth.riddler.com O1 - Hosts: 69.60.111.224 ad-up.com O1 - Hosts: 69.60.111.224 ad.adsmart.net O1 - Hosts: 69.60.111.224 ad.atlas.cz O1 - Hosts: 69.60.111.224 ad.blm.net O1 - Hosts: 69.60.111.224 ad.dogpile.com O1 - Hosts: 69.60.111.224 ad.infoseek.com O1 - Hosts: 69.60.111.224 ad.net-service.de O1 - Hosts: 69.60.111.224 adbot.com O1 - Hosts: 69.60.111.224 ads.criticalmass.com O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com O1 - Hosts: 69.60.111.224 ads.filez.com O1 - Hosts: 69.60.111.224 ads.imagine-inc.com O1 - Hosts: 69.60.111.224 ads.imdb.com O1 - Hosts: 69.60.111.224 ads.jwtt3.com O1 - Hosts: 69.60.111.224 ads.newcitynet.com O1 - Hosts: 69.60.111.224 ads.realcities.com O1 - Hosts: 69.60.111.224 ads.realmedia.com O1 - Hosts: 69.60.111.224 ads.tripod.com O1 - Hosts: 69.60.111.224 ads.usatoday.com O1 - Hosts: 69.60.111.224 ads.web.de O1 - Hosts: 69.60.111.224 ads.web21.com O1 - Hosts: 69.60.111.224 adserv.newcentury.net O1 - Hosts: 69.60.111.224 adservant.guj.de O1 - Hosts: 69.60.111.224 adservant.mediapoint.de O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com O1 - Hosts: 69.60.111.224 advert.heise.de O1 - Hosts: 69.60.111.224 banners.internetextra.com O1 - Hosts: 69.60.111.224 bannerswap.com O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net O1 - Hosts: 69.60.111.224 ad.preferances.com O1 - Hosts: 69.60.111.224 ad.doubleclick.com O1 - Hosts: 69.60.111.224 adforce.adtech.de O1 - Hosts: 69.60.111.224 adforce.imgis.com O1 - Hosts: 69.60.111.224 adimage.blm.net O1 - Hosts: 69.60.111.224 adlink.deh.de O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linksynergy.com O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net O1 - Hosts: 69.60.111.224 ad.sma.punto.net O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net O1 - Hosts: 69.60.111.224 ad08.focalink.com O1 - Hosts: 69.60.111.224 adcontroller.unicast.com O1 - Hosts: 69.60.111.224 adimg.egroups.com O1 - Hosts: 69.60.111.224 admedia.xoom.com O1 - Hosts: 69.60.111.224 adremote.pathfinder.com O1 - Hosts: 69.60.111.224 ads.bfast.com O1 - Hosts: 69.60.111.224 ads.clickhouse.com O1 - Hosts: 69.60.111.224 adpick.switchboard.com O1 - Hosts: 69.60.111.224 ads.fairfax.com.au O1 - Hosts: 69.60.111.224 ads.fool.com O1 - Hosts: 69.60.111.224 ads.freshmeat.net O1 - Hosts: 69.60.111.224 ads.hollywood.com O1 - Hosts: 69.60.111.224 ads.i33.com O1 - Hosts: 69.60.111.224 ads.infi.net O1 - Hosts: 69.60.111.224 ads.link4ads.com O1 - Hosts: 69.60.111.224 ads.lycos.com O1 - Hosts: 69.60.111.224 ads.madison.com O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au O1 - Hosts: 69.60.111.224 ads.seattletimes.com O1 - Hosts: 69.60.111.224 ads.smartclicks.com O1 - Hosts: 69.60.111.224 ads.smartclicks.net O1 - Hosts: 69.60.111.224 ads.sptimes.com O1 - Hosts: 69.60.111.224 ads.web.aol.com O1 - Hosts: 69.60.111.224 ads.x10.com O1 - Hosts: 69.60.111.224 ads.xtra.co.nz O1 - Hosts: 69.60.111.224 ads.zdnet.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe O4 - HKLM\..\Run: [4s5g39W] dineman.exe O4 - HKLM\..\Run: [SearchAssistant] c:\Q92194.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKCU\..\Run: [LBumRVame] dhci2.exe O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106721527810 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ Hijack This needs to be in its own file! Please move it to a file labeled HiJack This or somthing simmilar. |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ Quote:
C:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following: Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do. One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else! Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc. ------------------------------------------------------------------------------------------------------------------- C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe The log entries above indicates that you had at least 2 instances of Internet Explorer running when you ran HijackThis. Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running. Please take care of the above and post a new log. |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ ok i think i got it now Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\veilkd.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\WINDOWS\binml.exe C:\WINDOWS\System32\dineman.exe C:\Q92194.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\System32\dhci2.exe C:\WINDOWS\system.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\Program Files\Verizon Online\bin\mpbtn.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe c:\windows\nic\install.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\nic\System.exe C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe C:\WINDOWS\ntrvs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\nic\taskmgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Norton AntiVirus\OPScan.exe C:\Documents and Settings\Jason\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app...DQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/y...redir=ymmapi10 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC O1 - Hosts: 69.60.111.224 www.doubleclick.net O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems O1 - Hosts: 69.60.111.224 ad.preferences.com O1 - Hosts: 69.60.111.224 ads.doubleclick.com O1 - Hosts: 69.60.111.224 ads.infospace.com O1 - Hosts: 69.60.111.224 ads.msn.com O1 - Hosts: 69.60.111.224 ads.switchboard.com O1 - Hosts: 69.60.111.224 ads.doubleclick.net O1 - Hosts: 69.60.111.224 ad2.doubleclick.net O1 - Hosts: 69.60.111.224 ad3.doubleclick.net O1 - Hosts: 69.60.111.224 ad4.doubleclick.net O1 - Hosts: 69.60.111.224 ad5.doubleclick.net O1 - Hosts: 69.60.111.224 ad6.doubleclick.net O1 - Hosts: 69.60.111.224 ad7.doubleclick.net O1 - Hosts: 69.60.111.224 ad8.doubleclick.net O1 - Hosts: 69.60.111.224 ad9.doubleclick.net O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linkexchange.com O1 - Hosts: 69.60.111.224 ads.enliven.com O1 - Hosts: 69.60.111.224 oz.valueclick.com O1 - Hosts: 69.60.111.224 banner.linkexchange.com O1 - Hosts: 69.60.111.224 commonwealth.riddler.com O1 - Hosts: 69.60.111.224 ad-up.com O1 - Hosts: 69.60.111.224 ad.adsmart.net O1 - Hosts: 69.60.111.224 ad.atlas.cz O1 - Hosts: 69.60.111.224 ad.blm.net O1 - Hosts: 69.60.111.224 ad.dogpile.com O1 - Hosts: 69.60.111.224 ad.infoseek.com O1 - Hosts: 69.60.111.224 ad.net-service.de O1 - Hosts: 69.60.111.224 adbot.com O1 - Hosts: 69.60.111.224 ads.criticalmass.com O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com O1 - Hosts: 69.60.111.224 ads.filez.com O1 - Hosts: 69.60.111.224 ads.imagine-inc.com O1 - Hosts: 69.60.111.224 ads.imdb.com O1 - Hosts: 69.60.111.224 ads.jwtt3.com O1 - Hosts: 69.60.111.224 ads.newcitynet.com O1 - Hosts: 69.60.111.224 ads.realcities.com O1 - Hosts: 69.60.111.224 ads.realmedia.com O1 - Hosts: 69.60.111.224 ads.tripod.com O1 - Hosts: 69.60.111.224 ads.usatoday.com O1 - Hosts: 69.60.111.224 ads.web.de O1 - Hosts: 69.60.111.224 ads.web21.com O1 - Hosts: 69.60.111.224 adserv.newcentury.net O1 - Hosts: 69.60.111.224 adservant.guj.de O1 - Hosts: 69.60.111.224 adservant.mediapoint.de O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com O1 - Hosts: 69.60.111.224 advert.heise.de O1 - Hosts: 69.60.111.224 banners.internetextra.com O1 - Hosts: 69.60.111.224 bannerswap.com O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net O1 - Hosts: 69.60.111.224 ad.preferances.com O1 - Hosts: 69.60.111.224 ad.doubleclick.com O1 - Hosts: 69.60.111.224 adforce.adtech.de O1 - Hosts: 69.60.111.224 adforce.imgis.com O1 - Hosts: 69.60.111.224 adimage.blm.net O1 - Hosts: 69.60.111.224 adlink.deh.de O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linksynergy.com O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net O1 - Hosts: 69.60.111.224 ad.sma.punto.net O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net O1 - Hosts: 69.60.111.224 ad08.focalink.com O1 - Hosts: 69.60.111.224 adcontroller.unicast.com O1 - Hosts: 69.60.111.224 adimg.egroups.com O1 - Hosts: 69.60.111.224 admedia.xoom.com O1 - Hosts: 69.60.111.224 adremote.pathfinder.com O1 - Hosts: 69.60.111.224 ads.bfast.com O1 - Hosts: 69.60.111.224 ads.clickhouse.com O1 - Hosts: 69.60.111.224 adpick.switchboard.com O1 - Hosts: 69.60.111.224 ads.fairfax.com.au O1 - Hosts: 69.60.111.224 ads.fool.com O1 - Hosts: 69.60.111.224 ads.freshmeat.net O1 - Hosts: 69.60.111.224 ads.hollywood.com O1 - Hosts: 69.60.111.224 ads.i33.com O1 - Hosts: 69.60.111.224 ads.infi.net O1 - Hosts: 69.60.111.224 ads.link4ads.com O1 - Hosts: 69.60.111.224 ads.lycos.com O1 - Hosts: 69.60.111.224 ads.madison.com O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au O1 - Hosts: 69.60.111.224 ads.seattletimes.com O1 - Hosts: 69.60.111.224 ads.smartclicks.com O1 - Hosts: 69.60.111.224 ads.smartclicks.net O1 - Hosts: 69.60.111.224 ads.sptimes.com O1 - Hosts: 69.60.111.224 ads.web.aol.com O1 - Hosts: 69.60.111.224 ads.x10.com O1 - Hosts: 69.60.111.224 ads.xtra.co.nz O1 - Hosts: 69.60.111.224 ads.zdnet.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe O4 - HKLM\..\Run: [4s5g39W] dineman.exe O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe " O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKCU\..\Run: [LBumRVame] dhci2.exe O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106721527810 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: b - Unknown owner - c:\windows\nic\install.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ You've almost got it; right-click on your desktop, select New, Folder; name the new folder something like HJT or hijackthis; drag the hijackthis.exe icon that is on your desktop into that new folder. Go to Add/Remove Programs in your Control Panel and remove (if found): ISTsvc, IST, or something similar Scan with hijjackthis and have it fix the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/....redir=ymmapi10 O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC O1 - Hosts: 69.60.111.224 www.doubleclick.net O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems O1 - Hosts: 69.60.111.224 ad.preferences.com O1 - Hosts: 69.60.111.224 ads.doubleclick.com O1 - Hosts: 69.60.111.224 ads.infospace.com O1 - Hosts: 69.60.111.224 ads.msn.com O1 - Hosts: 69.60.111.224 ads.switchboard.com O1 - Hosts: 69.60.111.224 ads.doubleclick.net O1 - Hosts: 69.60.111.224 ad2.doubleclick.net O1 - Hosts: 69.60.111.224 ad3.doubleclick.net O1 - Hosts: 69.60.111.224 ad4.doubleclick.net O1 - Hosts: 69.60.111.224 ad5.doubleclick.net O1 - Hosts: 69.60.111.224 ad6.doubleclick.net O1 - Hosts: 69.60.111.224 ad7.doubleclick.net O1 - Hosts: 69.60.111.224 ad8.doubleclick.net O1 - Hosts: 69.60.111.224 ad9.doubleclick.net O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linkexchange.com O1 - Hosts: 69.60.111.224 ads.enliven.com O1 - Hosts: 69.60.111.224 oz.valueclick.com O1 - Hosts: 69.60.111.224 banner.linkexchange.com O1 - Hosts: 69.60.111.224 commonwealth.riddler.com O1 - Hosts: 69.60.111.224 ad-up.com O1 - Hosts: 69.60.111.224 ad.adsmart.net O1 - Hosts: 69.60.111.224 ad.atlas.cz O1 - Hosts: 69.60.111.224 ad.blm.net O1 - Hosts: 69.60.111.224 ad.dogpile.com O1 - Hosts: 69.60.111.224 ad.infoseek.com O1 - Hosts: 69.60.111.224 ad.net-service.de O1 - Hosts: 69.60.111.224 adbot.com O1 - Hosts: 69.60.111.224 ads.criticalmass.com O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com O1 - Hosts: 69.60.111.224 ads.filez.com O1 - Hosts: 69.60.111.224 ads.imagine-inc.com O1 - Hosts: 69.60.111.224 ads.imdb.com O1 - Hosts: 69.60.111.224 ads.jwtt3.com O1 - Hosts: 69.60.111.224 ads.newcitynet.com O1 - Hosts: 69.60.111.224 ads.realcities.com O1 - Hosts: 69.60.111.224 ads.realmedia.com O1 - Hosts: 69.60.111.224 ads.tripod.com O1 - Hosts: 69.60.111.224 ads.usatoday.com O1 - Hosts: 69.60.111.224 ads.web.de O1 - Hosts: 69.60.111.224 ads.web21.com O1 - Hosts: 69.60.111.224 adserv.newcentury.net O1 - Hosts: 69.60.111.224 adservant.guj.de O1 - Hosts: 69.60.111.224 adservant.mediapoint.de O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com O1 - Hosts: 69.60.111.224 advert.heise.de O1 - Hosts: 69.60.111.224 banners.internetextra.com O1 - Hosts: 69.60.111.224 bannerswap.com O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net O1 - Hosts: 69.60.111.224 ad.preferances.com O1 - Hosts: 69.60.111.224 ad.doubleclick.com O1 - Hosts: 69.60.111.224 adforce.adtech.de O1 - Hosts: 69.60.111.224 adforce.imgis.com O1 - Hosts: 69.60.111.224 adimage.blm.net O1 - Hosts: 69.60.111.224 adlink.deh.de O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net O1 - Hosts: 69.60.111.224 ad.linksynergy.com O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net O1 - Hosts: 69.60.111.224 ad.sma.punto.net O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net O1 - Hosts: 69.60.111.224 ad08.focalink.com O1 - Hosts: 69.60.111.224 adcontroller.unicast.com O1 - Hosts: 69.60.111.224 adimg.egroups.com O1 - Hosts: 69.60.111.224 admedia.xoom.com O1 - Hosts: 69.60.111.224 adremote.pathfinder.com O1 - Hosts: 69.60.111.224 ads.bfast.com O1 - Hosts: 69.60.111.224 ads.clickhouse.com O1 - Hosts: 69.60.111.224 adpick.switchboard.com O1 - Hosts: 69.60.111.224 ads.fairfax.com.au O1 - Hosts: 69.60.111.224 ads.fool.com O1 - Hosts: 69.60.111.224 ads.freshmeat.net O1 - Hosts: 69.60.111.224 ads.hollywood.com O1 - Hosts: 69.60.111.224 ads.i33.com O1 - Hosts: 69.60.111.224 ads.infi.net O1 - Hosts: 69.60.111.224 ads.link4ads.com O1 - Hosts: 69.60.111.224 ads.lycos.com O1 - Hosts: 69.60.111.224 ads.madison.com O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au O1 - Hosts: 69.60.111.224 ads.seattletimes.com O1 - Hosts: 69.60.111.224 ads.smartclicks.com O1 - Hosts: 69.60.111.224 ads.smartclicks.net O1 - Hosts: 69.60.111.224 ads.sptimes.com O1 - Hosts: 69.60.111.224 ads.web.aol.com O1 - Hosts: 69.60.111.224 ads.x10.com O1 - Hosts: 69.60.111.224 ads.xtra.co.nz O1 - Hosts: 69.60.111.224 ads.zdnet.com O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing) O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe O4 - HKLM\..\Run: [4s5g39W] dineman.exe O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe " O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe O4 - HKCU\..\Run: [LBumRVame] dhci2.exe O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/gam...nts/y/jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/gam...nts/y/kt4_x.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-17.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1106721527810 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab (Don't worry if any of these O16 entries are ones you use, if they are legit, they will return next time you go to the site -- it's just easier to fix them all rather then research each one) O23 - Service: b - Unknown owner - c:\windows\nic\install.exe O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing) O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe Go to the following folders and delete the highlighted file or folder: C:\Q92194.exe C:\Program Files\ISTsvc C:\WINDOWS\system.exe C:\WINDOWS\nic C:\WINDOWS\binml.exe C:\WINDOWS\ntrvs.exe C:\WINDOWS\System32\dineman.exe C:\WINDOWS\System32\veilkd.exe C:\WINDOWS\System32\dhci2.exe C:\WINDOWS\System32\SDKc55rezzz2.exe Also do a search for SDKc55rezzz2.exe and delete any instances found I hope I didn't miss anything! Make sure all windows are closed other than hijackthis before hitting the Fix button. Empty your recycle bin. Get SpywareBlaster, update it, and have it enable all protection; link to it in this thread: http://www.daniweb.com/techtalkforums/thread5690.html You should review and consider some of the other utilities there as well. You may want 'Customize' your ActiveX settings: The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example: This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.): Download signed ActiveX controls -- Prompt Download unsigned ActiveX controls -- Disable Initialize and script ActiveX controls not marked as safe -- Disable Run ActiveX controls and plug-ins -- Enable Script ActiveX controls marked safe for scripting -- Enable The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference. Reboot Close all browser windows, scan with hijackthis, and this time post the entire log (including the information at the top that shows your version of hijackthis, operating system, etc.) |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ Logfile of HijackThis v1.99.1 Scan saved at 12:03:11 PM, on 2/27/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe C:\WINDOWS\ntrvs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\nic\taskmgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Documents and Settings\Jason\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ i am also now gettin a runner error when i first start up the computer it says Runner Error Invalid Backweb application id 8876480 Thanks Brad |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ Did you remove this if you did you might wanna replace it if you backed up your files/ O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ i must have because i tried 2 open it and it gave me that message. thanks |
| ||
| Re: Help w/ searchfeed and http://kon4ay.biz/ its still in the last log you posted O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe |
| All times are GMT -4. The time now is 3:56 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC