i hope someone can help me...it seems my browser has been hijacked.if i right click on "address" i get a list of options ,all are checked except "hyeebtssjus" if i check that i get another bar with a bunch of junk on it. i have ran spybot search and destroy and spyware blaster with no luck.....help.......
Hi Jim, Sounds like you found yourself a new variant of lop.com Could you post your HijackThis log Download, Unzip and run HijackTHis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post. Don´t fix anything yet. Most of what it finds is harmless. Regards, Pieter
Logfile of HijackThis v1.93.0 Scan saved at 1:18:59 PM, on 4/27/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=www.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.zoomtown.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=www.zoomtown.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=www.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=www.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=www.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=www.msn.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: (no name) - {8f1a15a7-92b0-4467-ad12-369f60174008} - C:\WINDOWS\APPLICATION DATA\DKBRTFVZ.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] systray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe O4 - HKLM\..\Run: [ZoomTownEXE] d:\autorun\autorun.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe" O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000a\cstray.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1812cdb07d15fa142c21/netzip/RdxIE6.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Hi jbright1, Check the following items in HijackThis, close all IE, OE and explorer windows and click Fix checked: O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: (no name) - {8f1a15a7-92b0-4467-ad12-369f60174008} - C:\WINDOWS\APPLICATION DATA\DKBRTFVZ.DLL O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1812cdb07d15fa142c21/netzip/RdxIE6.cab The second one is the one causing your problem. Please send me a copy of C:\WINDOWS\APPLICATION DATA\DKBRTFVZ.DLL before fixing it. I´ll make sure it gets submitted so it will be included in Spybot S&D´s definitions. Regards, Pieter
ok i found the file that yu want a copy of...do i send the file that was found or do i open it ,and if so what do i open it with .to send?
Do not doubleclick or try to open it. Please send it to the email-addres in my profile (pieter @ wilders.org) After that remove it. Thanx, Pieter
You´re welcome. Thanx for mailing it. AdAware didn´t recognize it either. Will be submitting it immediately. Regards, Pieter