A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Performance and Maintainance of XP
Reload this Page Win Min, Find4U.Net, Hijack, etc, etc...
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Win Min, Find4U.Net, Hijack, etc, etc...


« Previous Thread | Next Thread »

 
 
Thread Tools Display Modes
  #1  
Old May 20th 04, 03:16 PM
MAP
external usenet poster
  
Posts: n/a
Default Win Min, Find4U.Net, Hijack, etc, etc...
If Norton was able to find it,run another scan while
in "safe" mode it should be able to delete it from there.


-----Original Message-----
Hello,

I read every forum response and I still cannot get rid
of the trojan.
I have Spy Sweeper, Adaware, Spybot S&D and Norton
Internet all
installed and running. Norton finds a virus (and other
adware) and
cannot delete them. So, it closes and says my computer
is still
infected. Terrific.

Here is my hijack this entry. Can someone please help?
I tried every
step by step found on the google sites.

Thanks so much.
Keith

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Downloads\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://find4u.net/index.htm
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://find4u.net/index.htm
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost;127.0.0.1;local
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} -
C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} -
C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} -
C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32
\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe
O4 - HKLM\..\Run: [Winsock2 driver] SYSENGR.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton
Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1
\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtscc.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program
Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk =
C:\Program
Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program
Files\Common
Files\efax\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program
Files\Common
Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft
Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel
present
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111111123} -
file://c:\windows\win.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX
Control) -
http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C}
(Specfile Control) -
http://coop.mlxchange.com/Control/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24}
(SISCtrl Class) -
http://coop.mlxchange.com/Control/SISC.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E}
(Interealty
MultiSelect) -
http://coop.mlxchange.com/Control/Mu...ctComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE}
(MLXchange Client
Utils) -
http://coop.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F}
(LiteGridCtl Class)
- http://coop.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}
(GeacRevw Control) -
http://coop.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}
(MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
(Update Class) -
http://v4.windowsupdate.microsoft.co...86/unicode/iuc
tl.CAB?37834.7253472222
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo
Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash
Object) -
http://download.macromedia.com/pub/s.../cabs/flash/sw
flash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}
(FlashXControl
Object) -
https://luckynugget.microgaming.com/...get/FlashAX.ca
b
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj
Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8}
(DropList Class) -
http://coop.mlxchange.com/Control/AspCustomCtrls.cab
.
Ads
 



« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 07:52 AM.

Feed Icon - Contact Us - Windows XP Help Forum home - FAQ - Links - Privacy Statement - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.