Anybody good at comprehending Hijack This logs?

Discussion in 'OT Technology' started by BlingblingWJBoy, Aug 29, 2004.

  1. I've got some bad popups on my system. Never was so hard to get rid of them before, I'd do adaware, then spybot, and then check task manager and google all my proccesses to see which ones were left to get rid of. Well nothing is turning up! So I've got to resort to hijack this. Maybe you guys can help me out? TIA.

     
  2. DAN513

    DAN513 OT Supporter

    Joined:
    Mar 10, 2003
    Messages:
    10,089
    Likes Received:
    2
    Location:
    204
    C:\WINDOWS\System32\ckhiwu.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll


    Those are the ones I would get rid of. Are you using the newest version of Spybot? They are on 1.3, and the old version doesn't update anymore. There's also an immunize feature in it, and it makes a huge difference. Remove the entries I listed, make sure adaware and spybot are updated, boot into safe mode and then run both there.
     
  3. Wolf68k

    Wolf68k OT Supporter

    Joined:
    Dec 18, 2003
    Messages:
    4,861
    Likes Received:
    2
    Location:
    Houston, Texas
    Spyware:
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    This is usually installed with the normal Kazaa and some programs like it that use ads while file sharing

    Should be safe to remove:
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

    Trojan.Spy.BiSpy.C
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    Removal steps
    http://www.pchell.com/support/twaintec.shtml

    Spyware:
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    Removal steps:
    http://sarc.com/avcenter/venc/data/pf/adware.clickalchemy.html

    Besure to give Ad-Aware and Spybot a shot first and then see if these are still listed, then try the manual removal
     
  4. Great, thanks! I did see the alchem one, but not the other one. The alchem one wasn't removable.. it wasn't there? I did remove the other one. Check this for me now please, see if it's clean :)

    I've been surfing for a minute or two without popups so hopefully that's a good thing.

    Edit: I just had one pop up after I posted this :(
     
  5. Wolf68k

    Wolf68k OT Supporter

    Joined:
    Dec 18, 2003
    Messages:
    4,861
    Likes Received:
    2
    Location:
    Houston, Texas
    Bad:
    O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing) --- Removal


    Remove:
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


    Now, go get SpywareBlaster to help keep the spyware out. It won't stop it all, just help keep some out. And some sites with some ActiveX installs will be a big problem with IE, but this is usually with some porn and hack/crack/patch/serial sites. But you're fine with Mozilla/Firefox from the ActiveX part and SpywareBlaster can help protect Mozilla also...mostly just cookies though
     
  6. I think I'm clean! I'll save the spywareblaster for future reference. Thank you!
     

Share This Page