need some help with clearing my log

Discussion in 'adware, spyware & hijack cleaning' started by pungkow, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    I think this is the right forum to do this in, otherwise, I'm sorry :(
    anyway, here's my log file for hijackthis. I just need advice on what to clear out. thanks in advance

    Logfile of HijackThis v1.97.7
    Scan saved at 9:58:00 AM, on 6/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\rdrante\Boob army.exe
    C:\Program Files\Comcast\Comcast_Devmon.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\5EE1924.DLL
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Joel Vaughn\Desktop\paul\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r1.attbi.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.juno.com/s/sp?r=al&cf=sp&...I=6.1.3JU&L=g#22&M=1046419200000&N=PLHSOC&O=I
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    N3 - Netscape 7: user_pref("browser.startup.homepage","about:blank"); (C:\Documents and Settings\Joel Vaughn\Application Data\Mozilla\Profiles\default\mcsqtxdf.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A59D785E-11E3-4316-B1F5-9BB55DC89424} - C:\WINDOWS\System32\khigcda.dll
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O6 "USB001" /M "Stylus C82"
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int386619.exe -auto
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
    O4 - HKCU\..\Run: [CPW] C:\Program Files\Comcast\Comcast_Devmon.exe C:\Program Files\Comcast\Comcast Photo Wizard.exe
    O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Juno6\qsacc\appres.dll/228
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Juno6\qsacc\appres.dll/227
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
  2. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello pungkow,

    Let's start here:

    Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

    Next, download Spybot S&D Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

    Reboot.

    Run Hijackthis again and check these items and then on Fix:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

    Reboot and post a new log here.
     
  3. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    Thanks a lot for the help taz, but I have a few more questions. first off, I'm having browser hijack attempts to "mysearchnow.com" any other way I can have that fixed?
    also I had spyware remover before getting spybot s&d, but s&d said it's an unlicensed copy of s&d, so I uninstalled it, and now it keeps trying to reinstall. How can I fix that? I went into the add and remove programs list, but the "remove" option is disabled. that's ****ed up. :(

    Also it said that it has some compatability problems with ad aware, which I have. I was wondering if I should keep and use ad-aware?

    well here's my new log. thanks again for the help.


    Logfile of HijackThis v1.97.7
    Scan saved at 2:47:06 PM, on 6/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\rdrante\Boob army.exe
    C:\Program Files\Comcast\Comcast_Devmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Documents and Settings\Joel Vaughn\Desktop\paul\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r1.attbi.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.juno.com/s/sp?r=al&cf=sp&...I=6.1.3JU&L=g#22&M=1046419200000&N=PLHSOC&O=I
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage","about:blank"); (C:\Documents and Settings\Joel Vaughn\Application Data\Mozilla\Profiles\default\mcsqtxdf.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O6 "USB001" /M "Stylus C82"
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int386619.exe -auto
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
    O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
    O4 - HKCU\..\Run: [CPW] C:\Program Files\Comcast\Comcast_Devmon.exe C:\Program Files\Comcast\Comcast Photo Wizard.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Juno6\qsacc\appres.dll/228
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Juno6\qsacc\appres.dll/227
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: AIM (HKLM)
     
    Last edited: Jun 21, 2004
  4. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    Sorry for double posting, but I would really like some help here. I am still having quite a few problems with browser hijacking, and toolbars trying to be installed. help please.
     
  5. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Copy the contents of the quote box to Notepad.
    Name the file Appinit.bat
    Save as type All Files
    Save on the Desktop.
    Quote:
    Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
    ren windows1.hiv windows.txt



    Double click on Appinit.bat
    This will create a file on the desktop named windows.txt
    Upload windows.txt in your next reply. To do that do not use quick reply. Instead press the Reply button. When you do you will be able to attach a file to your reply. Go to the near bottom of the reply page and you will see Attach Files and Attach Windows.txt
    ----------------

    And which version of XP you are running. Pro or Home
    Also which file system? FAT32 or NTFS? Check the properties of the C Drive in my computer to get the file system.
     
  6. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    alright. I'm not sure if I did what you said right, but I tried. I'm using the second option you said (ntfs) and I'm using home edition. I uploaded the file like you said (it didn't save as windows.txt but it was a txt document,so I think that's ok, and also it didn't save to my desktop, but I hope that's alright too. is it? may I also ask what this appinit.bat does? or what you're going to do/ have me do with it?
     

    Attached Files:

    Last edited: Jun 24, 2004
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Exactly right.
    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOELVA~1\LOCALS~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    + Any new O2 line (only Acrobat, SpywareGuard and Spybot were in your last log. Those can be left alone)

    Now open a command prompt.
    Open Taskmanager and endtask explorer.exe
    In the command prompt type the following commands, each line followed by ENTER
    cd ..
    cd ..

    Prompt should now be at C:>
    cd windows
    cd system32
    del kbdnb.dll
    cd ..

    Prompt should now be at C:\Windows
    explorer.exe

    Your Taskbar and desktop should now return.
    If at any point you get lost with explorer not working, you can also start it by using Ctrl-Alt-Del to bring up TaskManager, choose New process and navigate to C:\Windows\explorer.exe

    Update and scan with AdAware which will probably find about 5-7 registry keys.

    HTH,

    Pieter
     
  8. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    I couldn't find all the hijackthis files you said to delete, but they may have been deleted through other means. Anyway I don't know just what a command prompt is. what is that? and how do I open one?

    sorry for all the idiot questions, but I will not bow down before the annoyance of spyware.
     
  9. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    To get to the command prompt, do this:

    Click on Start.
    Click on Run.
    A box will pop up and in the Open box type cmd and then click on Go.

    A black screen will pop up, type this:
    cd .. (that is cd (dot)(dot) and hit enter)
    cd .. (type this in again the same way)
    Prompt should now be at C:>

    Now type in the following:
    cd windows (and hit enter)
    cd system32 (and hit enter)
    del kbdnb.dll (and hit enter)
    cd .. (and hit enter)
    Prompt should now be at C:\Windows
    explorer.exe

    Your Taskbar and desktop should now return.
    If at any point you get lost with explorer not working, you can also start it by using Ctrl-Alt-Del to bring up TaskManager, choose New process and navigate to C:\Windows\explorer.exe

    Update and scan with AdAware which will probably find about 5-7 registry keys.
     
  10. pungkow

    pungkow Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    16
    Good deal, as far as I can tell things are running smoother now. Thanks. I'll come back for more help if I need it, and with my luck it'll only be a matter of days.
    thanks again peiter and taz, keep up the fight against spyware ^_^
     
  11. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
Thread Status:
Not open for further replies.