Got a problem

Viruses and worms
1

Hi
I think my IE Browser has been hijacked but I can’t find anything. I am running XP pro with all updates installed. I run zonealarm,Avast,NAV,spybot w/spywareblaster,adaware and nothing comes up.I also ran online RAV and TRend micro virus checks. I have included my log file. I got this about the time I updated to the new warez file sharing stuff.Any help would be apperciated
Thanks

2

There is no log or attachement…

3
got this about the time I updated to the new warez file sharing
Delete it and see if the problem is solved.

And what makes you think IE is hacked?

4

I deleted warez and still getting popups .I keep getting one that says Casale Media.Hopefully the hijack log will be on attachment this time !

5

hi bob and welcome
thats a big log and you have lots of stuff there to remove/fix
if you would like to manage it yourself go here http://hijackthis.de/index.php?langselect=english
otherwise check back later or hang around for 10 min and someone will list all the crud

6

Copy and paste your Hijackthis log file here: http://hijackthis.de/index.php

EDIT: oh you bet me to it :smiley:

7

bulletbob

Your log looks to be loaded with Malware, are you sure Spybot and Ad-Aware were fully updated when you scanned your system with them?

If so could you try Spy sweeper aswell, its only a 30 day trial but it finds alot of malware: http://www.webroot.com/shoppingcart/tryme.php?bjpc=64000&vcode=DT02

Also when you say u deleted warez did you do it though ‘add or remove programs’?

BTW, the ‘crud’ is below:

THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :

\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe
search bar = http://minisearch.startnow.com/
search page = http://minisearch.startnow.com/
r1 - hklm\software\microsoft\internet explorer\main
r1 - hklm\software\microsoft\internet explorer\main
default_search_url = http://minisearch.startnow.com/
r1 - hklm\software\microsoft\internet explorer\main
search bar = http://minisearch.startnow.com/
r1 - hklm\software\microsoft\internet explorer\main
search page = http://minisearch.startnow.com/
r1 - hkcu\software\microsoft\internet explorer\search
searchassistant = http://minisearch.startnow.com/
r1 - hkcu\software\microsoft\internet explorer\search
customizesearch = http://minisearch.startnow.com/
r1 - hklm\software\microsoft\internet explorer\search
default_search_url = http://minisearch.startnow.com/
r0 - hklm\software\microsoft\internet explorer\search
searchassistant = http://minisearch.startnow.com/
r0 - hklm\software\microsoft\internet explorer\search
customizesearch = http://minisearch.startnow.com/
o2 - bho: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - (no file)
o2 - bho: msntoolbandbho - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o16 - dpf: cpcscanner - http://www.crucial.com/controls/cpcscanner.cab
o16 - dpf: {03f998b2-0e00-11d3-a498-00104b6eb52e} (metastreamctl class) - https://components.viewpoint.com/mtsinstallers/metastream3.cab?url=http://www.samsungusa.com/cgi-bin/nabc/campaign/voom/b2c_sweeps_voom.jsp
o16 - dpf: {0e5f0222-96b9-11d3-8997-00104bd12d94} (pcpitstop utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
o16 - dpf: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (symantec antivirus scanner) - http://security.symantec.com/sscv6/sharedcontent/vc/bin/avsniff.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {9a9307a0-7da4-4daf-b042-5009f29e09e1} (activescan installer class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
o16 - dpf: {a3009861-330c-4e10-822b-39d16ec8829d} (cravonline object) - http://www.ravantivirus.com/scan/ravonline.cab
o16 - dpf: {b942a249-d1e7-4c11-98ae-fcb76b08747f} (realarcaderdxie class) - http://games-dl.real.com/gameconsole/bundler/cab/realarcaderdxie.cab
o16 - dpf: {d54160c3-db7b-4534-9b65-190ee4a9c7f7} (sproutlauncherctrl class) - http://www.shockwave.com/content/feedingfrenzy/sproutlauncher.cab
o16 - dpf: {df780f87-ff2b-4df8-92d0-73db16a1543a} (popcaploader object) - http://www.bigfishgames.com/online/zuma/popcaploader_v5.cab

HARMFULL ITEMS IN THE DOCUMENTS AND SETTINGS FOLDER(S) :

Nothing found.

THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :

o4 - hkcu..\run: [msnmsgr] “c:\program files\msn messenger\msnmsgr.exe” /background
o4 - global startup: office startup.lnk = c:\program files\microsoft office\office\osa.exe

–lee

8

First thing that pops out is that you are running Norton alongside Avast! . This is one of those instances where more is not better as these two programs will conflict . you must make a decision which is gonna stay and dump the other.
If you want a backup scanner maybe the bit-defender free one as it has no constant monitor.

9

You guys really helped me out ! I did everything and it helped but i still had some thing popping up. I downloaded the microsoft beta spyware program and it found 53 Items ! Now everything is working just fine. Thanks again for your help !
AVAST ROCKS !!!