automatic bookmarks

Discussion in 'adware, spyware & hijack cleaning' started by rosiep, Jan 28, 2004.

Thread Status:
Not open for further replies.
  1. rosiep

    rosiep Guest

    I am about ready to download hijackthis as I have already done as-aware and spybot. EVERY time I go to internet explorer I have automatic bookmarks, and some quite appropriate ones. They appear no matter what I do to delete them. The are also on other uses names as well. Will hijackthis get rid of them and how do I get support for this? I was told that I shouldn't delete everything that is brought up by this program. Thanks so much for any help. These bookmark invasions are driving me crazy. I also do not have my saved home page but something else--every time i go to ie!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi rosiep,

    From your description I would advise you to download and run CWShredder
    then follow the directions posted here: http://www.wilderssecurity.com/showthread.php?t=15913
    and someone will be happy to help you analyze your HijackThis log.

    Regards,

    Pieter
     
  3. rosiep

    rosiep Registered Member

    Joined:
    Jan 28, 2004
    Posts:
    1
    Here is the log I received. Any help pleaseo_O THANKS!!!!

    Logfile of HijackThis v1.97.7
    Scan saved at 5:46:15 PM, on 1/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Navnt\navapw32.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINNT\system32\crypserv.exe
    C:\PROGRA~1\Navnt\navapsvc.exe
    C:\PROGRA~1\Navnt\npssvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\Navnt\alertsvc.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\program files\GlobalDialer\domer00084\gd-dial.exe
    C:\Program Files\Navnt\navapw32.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Navnt\navwnt.exe
    C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\WS_FTP\WS_FTP95.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINNT\explorer.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/panel_search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/panel_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\Winnt\System32\SYSTEM~2.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [qwjldrgr] C:\WINNT\ncimhapg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Antivirus] C:\WINNT\av.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Aosa] C:\Documents and Settings\Administrator\Application Data\olss.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = Navnt\navapw32.exe
    O4 - Global Startup: winlogon.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38002.5371875
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4317/mcfscan.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi rosiep,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/panel_search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/panel_search.html

    R3 - Default URLSearchHook is missing
    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\Winnt\System32\SYSTEM~2.DLL <= KEYLOGGER

    O4 - HKLM\..\Run: [qwjldrgr] C:\WINNT\ncimhapg.exe

    O4 - HKLM\..\Run: [Antivirus] C:\WINNT\av.exe

    O4 - HKCU\..\Run: [Aosa] C:\Documents and Settings\Administrator\Application Data\olss.exe

    O4 - Global Startup: winlogon.exe

    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

    Then reboot, into safe mode
    and delete:
    C:\WINNT\ncimhapg.exe
    C:\WINNT\av.exe
    C:\Documents and Settings\Administrator\Application Data\olss.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe <= only the one in that directory, do NOT delete any other files with that name.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.