Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG -- Hadreon


  • Please log in to reply
2 replies to this topic

#1 Hadreon

Hadreon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 09 December 2004 - 11:35 PM

Logfile of HijackThis v1.98.2
Scan saved at 9:21:17 AM, on 12/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Netscape Internet Service\dialer.exe
C:\Program Files\Netscape Internet Service\css.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=nso.proxy.aol.com
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD07433-3770-4BEE-B84C-057F1D919696}: NameServer = 205.188.146.146

---------------------------------------------
As per the requirements of this site and forum prior to posting I assure you that I have completed them all To be more specific, all of my software is current with all of the necessary updates and required patches. All of the tools you recommend have also been dowloaded, configured, updated, and everything is current.

So, the main problem I am looking at is that the R0, R1, 02, and 04 entries are not found as per the online tutorial for removal of the CWS_NS3 BHO. I would also appreciate feedback on how to delete the OEMJI ToolBar even though it is supposed to be a valid plug-in from Yahoo if I am not mistaken?

To get back to the problem, when I run the www.webroot.com spyware sweep it states that my computer is infected with CWS_NS3 & the OEMJI ToolBar. When I run X-Cleaner it does not pickup these two at all. I also do not see the R0, R1, 02, and 04 entries that I described above after running the HiJack This scan. Please see the HJT Log above.

I have noticed that after visiting a site 2 days ago that a very small blank popup window appears and disappears quickly behind the browser window whenever I open up a new browser window or attempt to sign into any web-based portals. If it were not for me noticing this little blank popup window I would not have come across this software pest.

I am very careful and vigilant with all of my online habits and perform routine maintenance, updates, and scans and I always catch things very quickly. However, this is the first time I have had difficulty in completely removing something from my system. I would appreciate any and all suggestions that will assist me in completely removing this unwanted unsolicited garbage from my computer. Thanks.

Hadreon

BC AdBot (Login to Remove)

 


m

#2 Virjil

Virjil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 10 December 2004 - 01:17 AM

Since I am having the same type of problem can someone please post the information as soon as possible so we can resolve this issue all in one shot? Thank you.

Virjil

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 16 December 2004 - 05:04 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log


Virjil,

You would do better to createa new topic that contains your hjt log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users