Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello,
I have done all the things you put in the last reply and I am still having problems with my search page.
it still brings up a boompage.jsp
like this one for this web site
http://search.netscape.com/ns/boomframe.jsp?query=server224.smartbotpro&page=1&offset=0&result_url=redir%3Fsrc%3Dwebsearch%26amp%3BrequestId%3Dea97d2669ff0df57%26amp%3BclickedItemRank%3D1%26amp%3BuserQuery%3Dserver224.smartbotpro%26amp%3BclickedItemURN%3Dhttp%253A%252F%252Fwww.computing.net%252Fsecurity%252Fwwwboard%252Fforum%252F7867.html%26amp%3BinvocationType%3D-%26amp%3BfromPage%3DNSCPIndex&remove_url=http%3A%2F%2Fwww.computing.net%2Fsecurity%2Fwwwboard%2Fforum%2F7867.htmlI have deleted wvrything I know of
I need help hetting rid of this server 224 smartbotpro thing
I have scanned and rescanned but none of the spy programs are finding ithere is an updated HJT log
Logfile of HijackThis v1.97.7
Scan saved at 4:01:11 PM, on 12/24/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Program Files\AT&T Global Network Client\ARUpld32.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\ZIP54\0\0\HIJACK~1.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wfu.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wfubmc.edu
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.exe C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.290787037
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1565A8-3127-440F-AEEA-1B63989A2C0D}: NameServer = 165.87.13.129 165.87.201.244I need help
thanks
johnny B
Hi JB. please go to
http://www.computing.net/security/wwwboard/forum/6433.html
and follow the instructions.
Good luck & merry Xmas
V...
0 
 |
 HijackThis Log
|
windows services trying 2...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
