Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Don't Wanna Free Ipod Or Burger King Card!


  • Please log in to reply
1 reply to this topic

#1 shellmisi

shellmisi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 28 February 2006 - 08:36 AM

About every 5th link I click on, I get redirected to sites like consumerpromotionzone.com and many others. I followed your Preparation Guide and now I'm at the final step... post your hijackThis log!

THANKS SO MUCH!



Logfile of HijackThis v1.99.1
Scan saved at 8:34:51 AM, on 2/28/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\ltcm000c.exe
C:\WINNT\System32\hotkey.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\DockApp.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\DIGStream\digstream.exe
C:\VEXPLITE\MONLITE.EXE
C:\Program Files\Wink\Wink.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINNT\system32\PRISMSVR.EXE
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Hotkey] hotkey.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/downloads/hardw...wareControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shared.state.in.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shared.state.in.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shared.state.in.us
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = shared.state.in.us
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: SMS Client Service (clisvc) - Unknown owner - C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: SMS Remote Control Agent (Wuser32) - Unknown owner - C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 Toscane

Toscane

  • Security Colleague
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 05 March 2006 - 12:54 PM

Welcome at BC forum,

Download the trial version of Ewido Security Suite.
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Open HijackThis > click "Do a system scan only"
Place a checkmark next to the entries below.
After you have done that close all browsers and windows except HijackThis, and have HijackThis fix them by clicking Fix Checked:

O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE


Print this advice and/or save it as a text file with Notepad to your desktop for in safe mode there is no internet connection

Make sure your explorer is set to show hidden and system files and folders:
Open Explorer or "My Computer" and click Tools -> Folder Options... and then select the View tab and check the next settings:

Uncheck: Hide protected operating system files
Uncheck: Hide file extensions for known file types
Select: Display the contents of system folders
Select: Show hidden files and folders

Reboot your pc into safe mode

Safe mode for Windows XP
*Restart the computer.
*just before Windows starts to load begin tapping the F8 (or F5) key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.

You can use Windows Explorer to find and delete this folder
(Do not be concerned if they do not exist)
C:\Program Files\Wink

To clean temporary files:
Go > start > run and type cleanmgr and click OK
Scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
Click OK to remove those files.
Click Yes to confirm deletion.

Now scan with Ewido. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Reboot the computer in normal mode

Open HijackThis > click “config” > click “misc tools”> click “open host file manager”> click “open in notepad”.

Copy the complete text en paste/post it in your next reply together with a fresh log using HijackThis and the Ewido scan log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users