0

Hi - this looks like the lifeline i've needed for my pc for ages !

I hope somebody can inform me of which things i need to delete from this hijack log !

Here goes....

Logfile of HijackThis v1.99.1
Scan saved at 12:44:01, on 22/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\temp\salm.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gabupdxhrsumggtjmg.com/EMCzvZEuoK0M/JcHwT9UjXO5MzPJJkyi0TD/FD1F5NDyEukb9mcaqqHD2mASJdkg.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rwdmag.com/forums
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 213.159.117.217 www.0190-dialer.com
O1 - Hosts: 213.159.117.217 www.22469.com
O1 - Hosts: 213.159.117.217 www.3wisp.com
O1 - Hosts: 213.159.117.217 www.adult-cinema.org
O1 - Hosts: 213.159.117.217 www.adultfreehosting.com
O1 - Hosts: 213.159.117.217 www.adulthosting.com
O1 - Hosts: 213.159.117.217 www.adultlinks1.com
O1 - Hosts: 213.159.117.217 www.adultmegamovies.com
O1 - Hosts: 213.159.117.217 www.adultsexmovie.net
O1 - Hosts: 213.159.117.217 www.adultwall.com
O1 - Hosts: 213.159.117.217 www.afro-sex.com
O1 - Hosts: 213.159.117.217 www.agreathost.net
O1 - Hosts: 213.159.117.217 www.alehina.com
O1 - Hosts: 213.159.117.217 www.allnichestgp.com
O1 - Hosts: 213.159.117.217 www.allowednet.com
O1 - Hosts: 213.159.117.217 www.amateurlips.com
O1 - Hosts: 213.159.117.217 www.amateurnudephoto.com
O1 - Hosts: 213.159.117.217 www.amateursgonebad.com
O1 - Hosts: 213.159.117.217 www.ambersamateurhardcore.com
O1 - Hosts: 213.159.117.217 www.anyamateur.com
O1 - Hosts: 213.159.117.217 www.apornhost.com
O1 - Hosts: 213.159.117.217 www.findmodels.com
O1 - Hosts: 213.159.117.217 www.asianscum.com
O1 - Hosts: 213.159.117.217 www.awethumbs.com
O1 - Hosts: 213.159.117.217 www.badassxxx.com
O1 - Hosts: 213.159.117.217 www.badbimbo.com
O1 - Hosts: 213.159.117.217 www.beautifulbondage.com
O1 - Hosts: 213.159.117.217 www.bestpornhost.com
O1 - Hosts: 213.159.117.217 www.biggestdickinporn.net
O1 - Hosts: 213.159.117.217 www1.3wisp.com
O1 - Hosts: 213.159.117.217 www1.kinghost.com
O1 - Hosts: 213.159.117.217 www1.ndhosting.com
O1 - Hosts: 213.159.117.217 www1.sexls.com
O1 - Hosts: 213.159.117.217 www1.smutserver.com
O1 - Hosts: 213.159.117.217 www1.toptgphost.com
O1 - Hosts: 213.159.117.217 www1.xfreehosting.com
O1 - Hosts: 213.159.117.217 www10.kinghost.com
O1 - Hosts: 213.159.117.217 www10.smutserver.com
O1 - Hosts: 213.159.117.217 www11.kinghost.com
O1 - Hosts: 213.159.117.217 www11.smutserver.com
O1 - Hosts: 213.159.117.217 www12.kinghost.com
O1 - Hosts: 213.159.117.217 www12.smutserver.com
O1 - Hosts: 213.159.117.217 www13.smutserver.com
O1 - Hosts: 213.159.117.217 www14.smutserver.com
O1 - Hosts: 213.159.117.217 www15.smutserver.com
O1 - Hosts: 213.159.117.217 www16.smutserver.com
O1 - Hosts: 213.159.117.217 www17.smutserver.com
O1 - Hosts: 213.159.117.217 www18.smutserver.com
O1 - Hosts: 213.159.117.217 www19.smutserver.com
O1 - Hosts: 213.159.117.217 www2.3wisp.com
O1 - Hosts: 213.159.117.217 www2.kinghost.com
O1 - Hosts: 213.159.117.217 www2.ndhosting.com
O1 - Hosts: 213.159.117.217 www2.smutserver.com
O1 - Hosts: 213.159.117.217 www2.toptgphost.com
O1 - Hosts: 213.159.117.217 www2.xfreehosting.com
O1 - Hosts: 213.159.117.217 www2.zpornstars.com
O1 - Hosts: 213.159.117.217 www20.smutserver.com
O1 - Hosts: 213.159.117.217 www21.smutserver.com
O1 - Hosts: 213.159.117.217 www22.smutserver.com
O1 - Hosts: 213.159.117.217 www23.smutserver.com
O1 - Hosts: 213.159.117.217 www24.smutserver.com
O1 - Hosts: 213.159.117.217 www25.smutserver.com
O1 - Hosts: 213.159.117.217 www26.smutserver.com
O1 - Hosts: 213.159.117.217 www27.smutserver.com
O1 - Hosts: 213.159.117.217 www28.smutserver.com
O1 - Hosts: 213.159.117.217 www29.smutserver.com
O1 - Hosts: 213.159.117.217 www3.kinghost.com
O1 - Hosts: 213.159.117.217 www3.ndhosting.com
O1 - Hosts: 213.159.117.217 www3.smutserver.com
O1 - Hosts: 213.159.117.217 www3.xfreehosting.com
O1 - Hosts: 213.159.117.217 www3.zpornstars.com
O1 - Hosts: 213.159.117.217 www30.smutserver.com
O1 - Hosts: 213.159.117.217 www31.smutserver.com
O1 - Hosts: 213.159.117.217 www32.smutserver.com
O1 - Hosts: 213.159.117.217 www4.kinghost.com
O1 - Hosts: 213.159.117.217 www4.smutserver.com
O1 - Hosts: 213.159.117.217 www4.xfreehosting.com
O1 - Hosts: 213.159.117.217 www4.zpornstars.com
O1 - Hosts: 213.159.117.217 www5.kinghost.com
O1 - Hosts: 213.159.117.217 www5.smutserver.com
O1 - Hosts: 213.159.117.217 www6.kinghost.com
O1 - Hosts: 213.159.117.217 www6.smutserver.com
O1 - Hosts: 213.159.117.217 www7.kinghost.com
O1 - Hosts: 213.159.117.217 www7.smutserver.com
O1 - Hosts: 213.159.117.217 www8.kinghost.com
O1 - Hosts: 213.159.117.217 www8.smutserver.com
O1 - Hosts: 213.159.117.217 www9.kinghost.com
O1 - Hosts: 213.159.117.217 www9.smutserver.com
O1 - Hosts: 213.159.117.217 www.bigmovies.com
O1 - Hosts: 213.159.117.217 www.bigpornvideos.com
O1 - Hosts: 213.159.117.217 www.big-xxx-movies.com
O1 - Hosts: 213.159.117.217 www.samplehosting.com
O1 - Hosts: 213.159.117.217 www.blinghosting.com
O1 - Hosts: 213.159.117.217 www.blitz-hosting.com
O1 - Hosts: 213.159.117.217 www.boyanxxx.com
O1 - Hosts: 213.159.117.217 www.bustyx.com
O1 - Hosts: 213.159.117.217 www.cleanadulthost.com
O1 - Hosts: 213.159.117.217 www.cleanpornhost.com
O1 - Hosts: 213.159.117.217 www.cyberxxxhost.com
O1 - Hosts: 213.159.117.217 www.dialcom.com
O1 - Hosts: 213.159.117.217 www.eldererotica.tv
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ddm3dia.dll
O2 - BHO: NetPal Class - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\REED\My Documents\WH5_1843007.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {5AB24008-494A-869F-3A79-FB0C9B24263E} - C:\DOCUME~1\REED\APPLIC~1\batmeow\Flagdash.exe
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Doxhtzf] C:\Program Files\Mxdugvd\Bppszzv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hmdox] C:\WINDOWS\hmdox.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ThisPlatform] C:\DOCUME~1\REED\APPLIC~1\PlanHope\CornCool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: LimeWire 3.6.15.lnk = C:\Program Files\LimeWire\3.6.15\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Erotic - {2648BB17-1868-48d3-9A85-7C77F13A2288} - http://www.erotic.co.uk?ref=9999 (file missing)
O9 - Extra 'Tools' menuitem: Erotic... - {2648BB17-1868-48d3-9A85-7C77F13A2288} - http://www.erotic.co.uk?ref=9999 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: IQ Test - {D9FA68E1-AEE2-48d8-B03D-C37DC602554E} - http://www.personaltest.co.uk (file missing)
O9 - Extra 'Tools' menuitem: IQ Test... - {D9FA68E1-AEE2-48d8-B03D-C37DC602554E} - http://www.personaltest.co.uk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c283.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

Another thing I have noticed lately in my task manager is that it says I am running about 5 IEXPLORE.EXE when in fact I only have one window open - when I try to "End Process" another one pops up in the task manager instantly. I've also noticed a dodgy file called "EXTRA DEAD.EXE" - any info on that one ?

Many thanks in advance !

3
Contributors
2
Replies
3
Views
12 Years
Discussion Span
Last Post by steosaur(oWn)
0

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe

1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found

Download & instal Spybot S&D 1.3 from here. Update it before scanning.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

Reboot when done and post another log please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.