Thread: abcsearch4u infection...please help
View Single Post
Old 05-27-2005, 07:29 PM   #1 (permalink)
DJPhroggy
Registered User
 
Join Date: May 2005
Posts: 3
OS: XP pro


abcsearch4u infection...please help
I've used all the tools to my knwoledge..but when I run a hijack this scan they all come back...so I'm probably missing a step...here is my current log....

Logfile of HijackThis v1.99.1
Scan saved at 8:17:27 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\NEWFOL~1\SsAAD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\soxfykb.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Palm\HOTSYNC.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113524559\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] D:\NEWFOL~1\SsAAD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ufdfrdv] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [onkuwcb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aqmwmva] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gwlwgxq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hkjrcql] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wstedxy] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gyrhyjj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lewvlum] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mtsmgwg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tgvjaor] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jircxrb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [flwjbxi] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [byorkve] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [iaoafnt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [oddvkpf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [esvddgt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lcoxjjq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tlvusnf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [spfjtpg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tstjkby] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xqlsavg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [rpchedx] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [talcuto] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fldgghl] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wkoehim] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [bvycyxk] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [vgnsdtj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wmlgxet] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wnqckgh] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pbymmjo] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jbrmerd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [ipasqhc] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aimrcow] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xijtfrj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [huqonam] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [qanhcna] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yfrvtqm] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcorduj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hngsyrt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcwefxd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fsersct] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mwawoms] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yubltut] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [riuvptu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gnbvgwu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [paohtwq] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [epxmplr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hkuseok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjxjrrb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iqolkqd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pxdanpy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iwywhnm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [txbvcla] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrwdwg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bvfrdwk] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qovfufb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [leamrkt] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bihcbdu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vpojyfc] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nlufllr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [ktwgaxw] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kchefhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kgqeslb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lxecgsu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nqpwqed] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cuqlvmm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjkoego] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rijjydd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wkfejuv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vdrgcos] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pqrrgov] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qvnrqug] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [chmcxsi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iirlxxn] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrkvig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nbvgssu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [tsfccqi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bydjhdv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [luksuhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [jpcxalg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [xardnym] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hljesoa] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lfcqvok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wxyjlty] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pdfwthr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cywvrig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cjsqnkx] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rypihhy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [fbteexq] c:\windows\dxdpqas.exe
O4 - HKCU\..\Run: [dwrebob] c:\windows\etpcmot.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
DJPhroggy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here