uk7.exe! what a nightmare please help!!!

Discussion in 'adware, spyware & hijack cleaning' started by tanja531083, May 6, 2004.

Thread Status:
Not open for further replies.
  1. tanja531083

    tanja531083 Guest

    Hi to everyone that is listening! I have been having a few problems with my computer lately as it is running really slow. I ran a norton virus check and it found a few suspicious files but would not delete them. I have looked it up on the web and apparently it is something to do with 1on1 dialero_O I have managed to delete the files with a little help! I was advised to run a Hijack this scan, which I have done. Enclosed are the contents which I would be grateful for someone to tell me what is safe to delete and what isn't!!!
    I really am desperate now!!!
    Many thanks
    Tanja


    Logfile of HijackThis v1.97.7
    Scan saved at 22:07:53, on 06/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AOL 9.0e\aoltray.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\AOL 9.0e\waol.exe
    C:\Program Files\AOL 9.0e\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\Tanja\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://support.epson.net/StylusC43/
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A1E4-EA6FA787AD2D} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe
    O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0e\aoltray.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {142016BF-5CCA-4C8D-AC01-C4A8F4044AD5} - http://media.euniverse.com/cursorzone/files/Cat_Running_setup_td035.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {2FD74BEC-AA17-49C0-A74E-3B20BE946496} - http://www.cursorzone.com/toolbar/files/czone_bundle_p3.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA9B592-65D9-439B-9E41-80DE4CD0A8C2}: NameServer = 152.163.0.26 205.188.64.153
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E704BFF8-8E8A-4C42-A6E7-7821C069B297}: NameServer = 195.93.49.134
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi tanja531083,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:


    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A1E4-EA6FA787AD2D} - (no file)

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\a.bin\mwsoemon.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

    O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab

    Then reboot into safe mode and delete:
    C:\PROGRAM FILES\MYWEBSEARCH <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.