|
-
September 7th, 2004, 10:38 PM
#1
 The evil windowws.com
Help!
My computer has been taken over by windowws.com and he brought along some friends that like to lodge themselves in my Favorites folder,
again and again and again! I have tried Adaware, Noadware, Stinger, CWShredder, Spysweeper, Spybot and who knows what else?
Any suggestions how I can restore my computer and my sanity?
Logfile of HijackThis v1.97.7
Scan saved at 8:18:15 PM, on 9/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\APPLICATION DATA\DMSC.EXE
C:\WINDOWS\SYSTEM\OHYRZV.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\4LRLVJPVAI.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [Tehb] C:\WINDOWS\Application Data\dmsc.exe
O4 - HKCU\..\Run: [Kti] C:\WINDOWS\SYSTEM\ohyrzv.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\RunServices: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\RunServices: [Tehb] C:\WINDOWS\Application Data\dmsc.exe
O4 - HKCU\..\RunServices: [Kti] C:\WINDOWS\SYSTEM\ohyrzv.exe
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\RunServices: [romahere] C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...899.9387847222
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Similar Threads
-
By Garak in forum Tech Lounge & Tales
Replies: 15
Last Post: December 5th, 2001, 01:47 PM
-
By Radical Dreamer in forum Tech Lounge & Tales
Replies: 16
Last Post: May 12th, 2001, 09:05 AM
-
By CobraTekMax in forum Tech Lounge & Tales
Replies: 19
Last Post: May 7th, 2001, 04:46 PM
-
By JungleMan1 in forum Tech Lounge & Tales
Replies: 1
Last Post: May 6th, 2001, 08:40 PM
-
By mogul218 in forum Tech Lounge & Tales
Replies: 35
Last Post: May 6th, 2001, 01:12 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks