tanya
im at witts end i have tried everything to manually get rid of this hijacker. I am not an expert on computering and i heard of a free sotware called HijackThis! and decided to give it a try i came up with this?
Logfile of HijackThis v1.99.0
Scan saved at 13:38:57, on 30/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
F:\Program Files\Windows ServeAd\WinServAd.exe
F:\Program Files\Windows ServeAd\WinServSuit.exe
F:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
F:\DOCUME~1\JANEDA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AntiSpy] F:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows ServeAd] F:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [kalvsys] F:\windows\system32\kalvnuk32.exe
O4 - HKLM\..\Run: [FlashClean] F:\Program Files\FlashClean\FlashClean.exe %1
O4 - HKLM\..\RunServices: [Microsoft Machine] sysini.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BT Broadband Basic Help.lnk = F:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD75BF30-7FB2-4ABE-BB8F-F7422CDE3515}: NameServer = 194.72.9.34 194.74.65.68
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: NvCplScan - Unknown - F:\WINDOWS\system32\msc32.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
i have absolutely no idea what this means but maybe someone could help?
I have anti virus programs which find two main spyware programs called WindUpdates(browser plug-in) and SearchMiracle.Elitebar (browser plug-in) the programs quarantine the viruses/spyware and i manually delete them this does not seem to be doing the trick though PLEASE HELP x
Logfile of HijackThis v1.99.0
Scan saved at 13:38:57, on 30/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
F:\Program Files\Windows ServeAd\WinServAd.exe
F:\Program Files\Windows ServeAd\WinServSuit.exe
F:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
F:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
F:\DOCUME~1\JANEDA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AntiSpy] F:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows ServeAd] F:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [kalvsys] F:\windows\system32\kalvnuk32.exe
O4 - HKLM\..\Run: [FlashClean] F:\Program Files\FlashClean\FlashClean.exe %1
O4 - HKLM\..\RunServices: [Microsoft Machine] sysini.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BT Broadband Basic Help.lnk = F:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD75BF30-7FB2-4ABE-BB8F-F7422CDE3515}: NameServer = 194.72.9.34 194.74.65.68
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: NvCplScan - Unknown - F:\WINDOWS\system32\msc32.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
i have absolutely no idea what this means but maybe someone could help?
I have anti virus programs which find two main spyware programs called WindUpdates(browser plug-in) and SearchMiracle.Elitebar (browser plug-in) the programs quarantine the viruses/spyware and i manually delete them this does not seem to be doing the trick though PLEASE HELP x
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Andicioz
As i have seen your Internet Explorer starts up with " Http://www.searchmiracle.com".
When it starts up, and the page is loaded, scroll down until you reach the bottom. You will see a link called "Uninstall". Click it and download the file. Open it and it should be uninstalled. <= This has not been tested, but i am almost sure it will work because i already have done it with another browser hijacker. If you have another browser hijack, always look on the page and see if there isnt an uninstall option, and if there isnt an uninstall option in your add/remove programs index.
I hope this will help,
Greetings => Andicioz
When it starts up, and the page is loaded, scroll down until you reach the bottom. You will see a link called "Uninstall". Click it and download the file. Open it and it should be uninstalled. <= This has not been tested, but i am almost sure it will work because i already have done it with another browser hijacker. If you have another browser hijack, always look on the page and see if there isnt an uninstall option, and if there isnt an uninstall option in your add/remove programs index.
I hope this will help,
Greetings => Andicioz
