Re: Msn Plus Bar- Hjt

[lilsteph1990]

Re: Msn Plus Bar- Hjt

As stated before I'm having problems with this rediculas MSN PLUS that my sister downloaded anyway here is my Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 9:06:45 AM, on 11/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\mark\My Documents\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cggdxilnfasthiyv.com/ouGfIp2fb4vimalXy32Kt6FNsYdlv8/d45otc5qjcCa160o5I5pWGnY9iVQBalaU.php
O2 - BHO: (no name) - {170A0E6E-B223-F0CA-E732-74691C3C6CF2} - C:\DOCUME~1\mark\APPLIC~1\GREYONE\copyfrag.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Mess Type Grid Meow] C:\Documents and Settings\All Users\Application Data\MetaSignMessType\joy dog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [2eggs] C:\DOCUME~1\mark\APPLIC~1\IDLECO~1\Hide Wait.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130282668007
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe


-Stephanie

 

[MicroBell]

Hi and Welcome to TF

Were is the findlop log I asked for?

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download and install Cleanup but DO NOT run it yet!

Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove Messenger Plus 3 IF listed.

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cggdxilnfasthiyv.com/ouG...nY9iVQBalaU.php
O2 - BHO: (no name) - {170A0E6E-B223-F0CA-E732-74691C3C6CF2} - C:\DOCUME~1\mark\APPLIC~1\GREYONE\copyfrag.exe
O4 - HKLM\..\Run: [Mess Type Grid Meow] C:\Documents and Settings\All Users\Application Data\MetaSignMessType\joy dog.exe
O4 - HKCU\..\Run: [2eggs] C:\DOCUME~1\mark\APPLIC~1\IDLECO~1\Hide Wait.exe

C:\DOCUME~1\mark\APPLIC~1\GREYONE <--delete that folder

C:\Documents and Settings\All Users\Application Data\MetaSignMessType<--delete that folder

C:\DOCUME~1\mark\APPLIC~1\IDLECO~1 <--delete that folder


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows....

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
  [*] Click on see report. Then click Save report

Please post that log in your next reply along with a new hijackthis and the log from the tool below.


Download Findlop by Metallica. Unzip it to your desktop.
Double click findlop.bat. It will open a notepad file.
Copy the content of that file and past it here in your reply.