iambigbrother.com

Discussion in 'adware, spyware & hijack cleaning' started by needcomputerhelp, Jul 11, 2004.

Thread Status:
Not open for further replies.
  1. needcomputerhelp

    needcomputerhelp Registered Member

    Joined:
    Jul 11, 2004
    Posts:
    2
    Re: iambigbrother.com Need help to remove******

    Iambigbrother has taken over my homepage and I did the process of using ad-aware, then spybot, and now hijackthis software and here is what came up after the scan with hijackthis:(If there is someone out there in netland that can help me with this as far as letting me know what to remove and what not to remove from my system I would greatly appreciate it):

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
    C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\adddk32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\tp4mon.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINNT\System32\IEHost35.exe
    C:\WINNT\system32\syson32.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\StealthRay\StealthRay.exe
    C:\Program Files\StealthRay\SRBHOMgr.exe
    C:\Documents and Settings\oem1\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oijvf.dll/sp.html#37680
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://oijvf.dll/index.html#37680
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://oijvf.dll/index.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.scourweb.net/nph-search.cgi?partner=wesb1&look=sbar1_srchbtn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oijvf.dll/sp.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://oijvf.dll/index.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\oijvf.dll/sp.html#37680
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.scourweb.net/nph-search.cgi?partner=wesrch1&look=stmpl1&kw=
    O2 - BHO: (no name) - {F1C8A09D-2716-3BFC-7D77-F02DB18D6266} - C:\WINNT\ipfx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost35.exe
    O4 - HKLM\..\Run: [syson32.exe] C:\WINNT\system32\syson32.exe
    O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
    O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINNT\MWW32\manager\mwcpyrt.exe
    O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: StealthRay.lnk = C:\Program Files\StealthRay\StealthRay.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Copernic Agent (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D8751823-3CEB-43DE-B249-008D508F71AB}: NameServer = 66.59.100.87 205.166.61.160
     
Thread Status:
Not open for further replies.