Browse Community
Help
Log In
Responses(3)
Solutions(0)
Yellowhammer
725 Posts
0
February 10th, 2004 02:00
First move hijackthis to a non temporary directory.
Close all windows andhave hijackthis fix the following:
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLLO2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dllO2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dllO2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dllO4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exeO4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exeO4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exeO4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exeO4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exeO4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb\msbb.exeO4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exeO4 - HKLM\..\Run: [BEH] C:\WINDOWS\BEH.exeO4 - HKLM\..\Run: [YPESGUBLZ] C:\WINDOWS\YPESGUBLZ.exeO4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXEO9 - Extra button: Sidesearch (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exehttp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Reboot to safe mode and delete the following files/folders.
C:\Program Files\ClearSearch\C:\Program Files\Common Files\slmss\C:\WINDOWS\System32\iefeatures.exeC:\WINDOWS\System32\msbb\C:\WINDOWS\mwsvm.exe
Post another log.
February 11th, 2004 00:00
You still have a couple that need to be fixed:
Close all windows and have hijackthis fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=D7C1F5E8-D874-40C1-925A-94647A253EEC&version_id=18O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
leegs
3 Posts
Thanks very much for the help. Here'sthe 2nd log
Logfile of HijackThis v1.97.7Scan saved at 8:30:55 PM, on 2/10/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=D7C1F5E8-D874-40C1-925A-94647A253EEC&version_id=18R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXEO4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXEO9 - Extra button: Related (HKLM)O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38005.7207060185O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Dell Support Resources
View All
Top
Yellowhammer
725 Posts
0
February 10th, 2004 02:00
First move hijackthis to a non temporary directory.
Close all windows andhave hijackthis fix the following:
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb\msbb.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [BEH] C:\WINDOWS\BEH.exe
O4 - HKLM\..\Run: [YPESGUBLZ] C:\WINDOWS\YPESGUBLZ.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O9 - Extra button: Sidesearch (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Reboot to safe mode and delete the following files/folders.
C:\Program Files\ClearSearch\
C:\Program Files\Common Files\slmss\
C:\WINDOWS\System32\iefeatures.exe
C:\WINDOWS\System32\msbb\
C:\WINDOWS\mwsvm.exe
Post another log.
Yellowhammer
725 Posts
0
February 11th, 2004 00:00
You still have a couple that need to be fixed:
Close all windows and have hijackthis fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=D7C1F5E8-D874-40C1-925A-94647A253EEC&version_id=18
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
leegs
3 Posts
0
February 11th, 2004 00:00
Thanks very much for the help. Here'sthe 2nd log
Logfile of HijackThis v1.97.7
Scan saved at 8:30:55 PM, on 2/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=D7C1F5E8-D874-40C1-925A-94647A253EEC&version_id=18
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38005.7207060185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab