Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help


  • Please log in to reply
4 replies to this topic

#1 jackijacky

jackijacky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 26 January 2005 - 08:27 AM

Spy Annihilator keeps installing itself and I can't remove it. Please help me. I have learnt that I have to fix it by using HIJACKTHIS. I have it already. This is my log. What should I do? Please help me!!! Thank you in advance.
-------------------
Logfile of HijackThis v1.98.2
Scan saved at 20:25:55, on 26/1/2548
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ALISNDMG.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\IUUKWIJQ.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE
C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANKEEP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM32\ORPES-.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SPSP.EXE
C:\HIJACKTHIS\HIJACKTHIS1982\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {3718F736-40AE-A65B-7875-EC294E4E0933} - C:\WINDOWS\SYSTEM32\MSADBLOCK32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [b0akRr] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKLM\..\Run: [Admanager Controller] C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE
O4 - HKLM\..\Run: [b0+ฟิว่]m๚*เa๎žigYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O15 - Trusted Zone: http://*.xxxtoolbar.com
O15 - Trusted Zone: http://*.windupdates.com
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:24 PM

Posted 26 January 2005 - 08:45 PM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 jackijacky

jackijacky
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 27 January 2005 - 08:46 AM

Last time I post LOG file of HiJackThis but somebody told me that I used the old version and I have to use the new one. I downloaded it and here is the Log file of the new one that I got.

Please help me again.
Thank you very much..

Logfile of HijackThis v1.99.0
Scan saved at 20:48:00, on 27/1/2548
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ALISNDMG.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE
C:\WINDOWS\IUUKWIJQ.EXE
C:\WINDOWS\SYSTEM\1727C53B.EXE
C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANKEEP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\CNOWASX\NWSGK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS199\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {3718F736-40AE-A65B-7875-EC294E4E0933} - C:\WINDOWS\SYSTEM32\MSADBLOCK32.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [b0akRr] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKLM\..\Run: [Admanager Controller] C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE
O4 - HKLM\..\Run: [b0+ฟิว่]m๚*เa๎žigYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\1727C53B.EXE
O4 - HKLM\..\Run: [Tviabtb] C:\PROGRAM FILES\PRVKY\CXLGHWX.EXE
O4 - HKLM\..\Run: [Eljwjopn] C:\PROGRAM FILES\CNOWASX\NWSGK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\1727C53B.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O15 - Trusted Zone: http://*.xxxtoolbar.com
O15 - Trusted Zone: http://*.windupdates.com
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 27 January 2005 - 08:56 PM

Hi jackijacky

I merged your second log with your original thread (Topic). When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

If you have problems finding your original thread, check your email for a link to it or click on My Topics at the top right of any bleepingcomputer forum page. Thanks! :thumbsup:

Grinler will help you when he is available.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:24 PM

Posted 27 January 2005 - 11:52 PM

Thanks Papakid!!


Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Internet Optimizer
Msadcheck
Admanager Controller
IST Service
Sidefind




Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ccount_id=67198
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {3718F736-40AE-A65B-7875-EC294E4E0933} - C:\WINDOWS\SYSTEM32\MSADBLOCK32.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [b0akRr] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Admanager Controller] C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE
O4 - HKLM\..\Run: [b0+ฟิว่]m๚*เa๎žigYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\IUUKWIJQ.EXE
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\1727C53B.EXE
O4 - HKLM\..\Run: [Tviabtb] C:\PROGRAM FILES\PRVKY\CXLGHWX.EXE
O4 - HKLM\..\Run: [Eljwjopn] C:\PROGRAM FILES\CNOWASX\NWSGK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\1727C53B.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O15 - Trusted Zone: http://*.xxxtoolbar.com
O15 - Trusted Zone: http://*.windupdates.com
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\NEM220.DLL
C:\WINDOWS\QUESTMOD.DLL
C:\Program Files\ISTsvc\
C:\WINDOWS\IUUKWIJQ.EXE
C:\Program Files\Internet Optimizer\
C:\PROGRAM FILES\ADMANAGER CONTROLLER\
C:\WINDOWS\IUUKWIJQ.EXE
C:\WINDOWS\SYSTEM\1727C53B.EXE
C:\PROGRAM FILES\PRVKY\
C:\PROGRAM FILES\CNOWASX\
C:\WINDOWS\SYSTEM32\MSADCHECK32.EXE
C:\WINDOWS\SYSTEM\1727C53B.EXE
C:\PROGRAM FILES\SIDEFIND\

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users