0

Can't get to internet; can't download etc, etc. PLEASE HELP!

Logfile of HijackThis v1.98.2
Scan saved at 12:34:41 PM, on 11/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\winserv.exe
C:\WINDOWS\system32\winser32.exe
C:\WINDOWS\System32\flcss.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\system32\windnsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winserv.exe
C:\WINDOWS\system32\winser32.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\Dialer\Dialer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\windnsd.exe
C:\WINDOWS\system32\msmsgs.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\BHOList.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [MSNMSGRE] C:\swef.bat
O4 - HKLM\..\Run: [MSNMSGRR] C:\swin.bat
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Windows System Serivce] winserv.exe
O4 - HKLM\..\Run: [Windows32 Serivces] winser32.exe
O4 - HKLM\..\Run: [F-Secure Anti-FunLove] C:\WINDOWS\System32\flcss.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\flqzx.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Windows System Serivce] winserv.exe
O4 - HKLM\..\RunServices: [Windows32 Serivces] winser32.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Windows System Serivce] winserv.exe
O4 - HKCU\..\Run: [Windows32 Serivces] winser32.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d7c4f6ebc1840688509f16461fe1981d17bf73aea341224e1bb3eb866fe7ae4275035b3366c2b05d50a71fc4a191bb3f8f13d69a89:eba680bc1be2e220a7ec58ff8178110e
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097435596750
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A51717-1D1C-4A83-87D2-BED26B68B76E}: NameServer = 209.244.0.3 209.244.0.4

3
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by caperjack
0

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070

0

Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Also before you fix anything with hijackthis do the following .

,,
Make sure all browser and all Windows Explorer windows are closed before fixing.

0

There is alot more going on in that log than the few things mentioned in the posts above ,please do the following .,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Try these programs to check for Spyware .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.zerosrealm.com/downloads.php
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

1. Downloaded and Install Spybot S&D, accepting the Default Settings
(Please ensure you have version 1.3 final.)
Home - The home of Spybot-S&D!: SpyBot download


2. Go to Start > Programs >Spybot – Search & Destroy and choose Spybot S&D

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ and download and install the Updates.

5. Next click the button ‘Check for Problems’

6. When Spybot is complete, it will be showing 'RED' (RED) entries ‘BLACK’ entries and ‘GREEN’ (GREEN) entries in the window

7. Unsure there is a check mark beside the RED (RED) entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED (RED) entries.

9. REBOOT

================================================
Scanning in Ad-Aware:
(please ensure you have version 6 build 6. 181)
Downloads - Support - Lavasoft#free: http://www.lavasoftusa.com/support/download/#free

The following explains how to set Ad-aware's settings to perform a "Full Scan."
And some settings that should be made prior to using the first time.

In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning

In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot

UNCHECK Automatically try to unregister objects prior to deletion

Click Proceed to save these settings.
Now press "check for updates Now" Always check before scanning.
Click start [x] choose use default scanning options
click next and let it fix anything it finds

Reboot
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

0

Hi I did download Hijack This prior to posting the log on this forum. Should I "fix" the ones that were in green on the prior post??? I can not download, access any sites, get my email from that computer. I am using another computer to post. I can download to a cd and then install on the computer. I already have HJT,Spybot, AD-Aware, F-Prot on the system and have used it for scans, etc. There were some programs on my C: that I don't know what they are and posted those for help. I'm so frustrated but appreciate the help. Thanks in advance.

0

actuall i errored in my first post .i just wanted to tell you to close all browser and Ecplorer windows before fixing with hijackthis ,Yes you can fix the things in Mikeandikes post .then post back a new log .sorry to confuse you .
Also I could be wrong but I think if you ran spy-Bot and Ad-aware it would fix a lot of the bad stuff in you log ,be sure to click to fix the things both programs find .also a couple of online scan to run too.

,,,,,,,,,,,,

Please run these free online Virus scan

Be sure to Check off Auto Fix on this site

http://housecall.trendmicro.com/housecall/start_corp.asp
please run this one also to be sure .

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.