Tech Support Forum - View Single Post

**Pancake** · 01-06-2005, 02:36 AM

Hi

Make sure to run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the EXE files (if they are there) and click Kill process before deleting.

Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program.

Files highlighted in BLACK in the log will need to be removed from your hard drive.

Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please reboot and post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\system32\winhot32.dll
O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\system32\toolbar.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\system32\hsrb.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O4 - HKLM\..\Run: [09¿Ì*ú]Mú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kbqdmdpe.exe
O4 - HKLM\..\Run: [gcvhym] C:\WINDOWS\system32\aasvbciw.exe
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\version.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c338.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
C:\Program Files\Win Comm\WinLock.exe

01-06-2005, 02:36 AM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,405 OS: XP Pro SP3	Hi Make sure to run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs. Then.... Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the EXE files (if they are there) and click Kill process before deleting. Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please reboot and post a new log when finished... R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\system32\winhot32.dll O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\system32\toolbar.dll O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\system32\hsrb.dll O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll O4 - HKLM\..\Run: [09¿Ìú]MúÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kbqdmdpe.exe O4 - HKLM\..\Run: [gcvhym] C:\WINDOWS\system32\aasvbciw.exe O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\smss32.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\version.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c338.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab C:\Program Files\Win Comm\WinLock.exe __________________ An Australian Member of Eddy