Here I go again

Bucksone · 2004/07/22

Logfile of HijackThis v1.98.0
Scan saved at 7:07:40 AM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.wowway.com/portal/index.asp?RG=Col
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab

noahdfear · 2004/07/22

Fix these with HJT. Make sure all other windows are closed first.

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Open Spybot and click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates weekly. Still in Spybot, click tools in the left pane, then resident and check the box for SD Helper. Then click IE tweaks and at least lock the HOSTS file. Close Spybot, reboot and see if you are still redirected.

Bucksone · 2004/07/23

Regarding the last instructions, I can't find in Spybot, "click tools in the left pane." Please advise.

Newt · 2004/07/23

Here you go. You may have to first click on "Mode" (top of window) and then on Advanced.

LDTate · 2004/07/23

Newt, petty sure Bucksone is referring to this.

Still in Spybot, click tools in the left pane, then resident and check the box for SD Helper. Then click IE tweaks and at least lock the HOSTS file. Close Spybot, reboot and see if you are still redirected.
Click to expand...

Bucksone · 2004/07/23

Sorry for not being clear. I was referring to the quote that LDTate highlighted in his post.

Newt · 2004/07/23

OK. Got it now. As I mentioned above, you need to click on Mode then select Advanced.

LDTate · 2004/07/23

Bucksone, you need to go the directory where Spybot is on your computer. Example:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "

You can either launch SpybotSD.exe from there or right click and create a shortcut to the desktop and launch it from there.

Note: The shortcut that is created on the desktop when installed defaults to Easy Mode.

Bucksone · 2004/07/23

OK, missions accomplished. We'll see how it works over the next few days as to whether we get redirected or not. The last time I thought we had this licked, I was wrong. I guess I'll cross my fingers.
Thanks again.

noahdfear · 2004/07/23

EDIT

Sorry. Posted info to the wrong thread.

Glad to hear things are cleaned up.

Log in or Sign up

Here I go again

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

Newt Inactive

LDTate Inactive

Bucksone Well-Known Member Thread Starter

Newt Inactive

LDTate Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Here I go again

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

Newt Inactive

LDTate Inactive

Bucksone Well-Known Member Thread Starter

Newt Inactive

LDTate Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches