Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE won't come up


  • Please log in to reply
1 reply to this topic

#1 shoisch

shoisch

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 05 May 2005 - 10:46 AM

One of my computers at work is suddenly unable to get into IE. Nothing happens
when he double-clicks the shortcut.

Here is my log--I appreciate your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:22 AM, on 05/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cusrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NWTRAY.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\printkey.exe
C:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mdpintra/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Oscar\Application Data\Mozilla\Profiles\default\rwuujl8d.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Oscar\Application Data\Mozilla\Profiles\default\rwuujl8d.slt\prefs.js)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Startup: PRINTKEY.lnk = C:\WINNT\PRINTKEY.EXE
O4 - Startup: Shortcut to Microsoft Outlook.lnk = ?
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{33595777-D0C1-49D5-AEBA-ED15069FC950}: NameServer = 64.60.0.17,64.60.0.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{89916610-0185-45BE-B9D0-43923C95B034}: NameServer = 64.60.0.17,64.60.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{33595777-D0C1-49D5-AEBA-ED15069FC950}: NameServer = 64.60.0.17,64.60.0.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{33595777-D0C1-49D5-AEBA-ED15069FC950}: NameServer = 64.60.0.17,64.60.0.18
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:14 PM

Posted 05 May 2005 - 11:20 AM

You have malware on your computer - ebates moemoneymaker among what could be others.

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)


I suggest you make a Hijack This submission in the proper part of the Bleeping Computer forum.

"Overview:
eBates Moe MoneyMaker not only displays pop up ads but it interferes with many programs that try to prevent it from working properly. On top of this it also hijacks your browser and redirects you to sites where it can make money off of you. Removing this is a MUST.

From the developer:
" In downloading and/or installing the Moe Money Maker Software, you agree to the following:
1)Ebates and its agents may pop up brief alerts when you can save money by shopping through Ebates or by using the Moe Money Maker Software.

2)Ebates may direct your traffic to the merchant of your choice. This may be done
a)by presenting a choice in a pop up alert asking whether you wish to save by shopping through Ebates, thereby directing your browser through Ebates in order to ensure you earn a reward, or
b)by automatically routing you through Ebates and automatically earning you a cash-back discount with no further action on your part being necessary.

3)Ebates may disable or uninstall any other product or software tool that might interfere with the operability of the Moe Money Maker Software or otherwise preempt or render inoperative the Moe Money Maker Software in a manner that might jeopardize the ability of Ebates to earn you cash back discounts or coupon savings offered by Ebates. In installing the Moe Money Maker Software, you authorize Ebates to disable, uninstall, or delete any application or software that might, in Ebates' opinion nullify its function and put you at risk of loosing the cash-back savings that Moe Money Maker Software is designed to earn you.
http://www.iamnotageek.com/a/390-p1.php

Edited by Enthusiast, 05 May 2005 - 11:21 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users