NEEP HELP QUICK!! Hijack this script posted...

This is a test message... I tried posting earlier and lost a huge message because it said I wasn't logged in so here goes... Heres my hijackthis script for starters... I will post another more detailed message after this explaining my various problems... Thanks!


Logfile of HijackThis v1.97.7
Scan saved at 06:38, on 5/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\services\wmplayer.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\ms32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\SYSTEM32\services\all.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\winlogon.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\James Meadows\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\services\wmplayer.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msmk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SystemBoot] mshta file:///C:/Windows/wins2.hta
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe
O4 - HKLM\..\Run: [System Backup] ms32.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\services.exe
O4 - HKLM\..\Run: [TE_RegProtect] C:\Program Files\Anti Trojan Elite\TERegPct.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\SYSTEM32\services\all.exe /u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\wmplayer.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .inp: C:\PROGRA~1\INTERN~1\PLUGINS\npincplg.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weather

 

Hi SD, my advice is not gospel but may be worth a try. I don't know if you have been selecting any of the entries in the Hijac log for repair or not. Highlighted are some not good ones I assume. The bold I'm pretty sure you can delete, the yellow, is questionable and you know what programs you need or look familiar. I'm pretty sure I missed a couple also, but let's try to narrow the field. Please read below your log also.

Anyway I believe the bold ones are the start page you don't want. After you scan and fix with Hijackthis you need to delete all the IE temp files (if using IE) offline content cookies etc. It may be that these files need to be deleted from safe mode.

On win 98 I just use the windows explorer and empty the temp file there also.
Use discretion if it is something you may want to keep.
Also I found it quite helpfull to just look around at different posts here and see what may or may not work for any particular problem. I am no expert, yet, but hopefully pointed you in a good direction.

 

Thanks for the reply Mag00... I was able to successfully delete the 2 yellow items you highlighted , but it still won't let me delete any of the Startpage items that you had selected in bold. This http://greatersearch.biz site is really giving me problems. I can delete it.. but as soon as I run another hijackthis scan (even after restarting) they all come right back. This must be something brandnew I guess. Did you get a chance to read my Part 2 to this post by anychance? Maybe it will help you understand my other numerous problems better. Thanks for trying.. its greatly appreciated on this end as Im going crazy coming up with solutions. I've posted on www.bleepingcomputer.com also but have yet to get a reply. I also sent an email to the person who created CWshredder. Hopefully through one of these 3 sources my help will come very soon.. hehe. Thanks again for anything else you can provide and have already provided!!

 

Hi there looks like you have a couple nasty worms running in your start ups, Go here free online virus scanner. download and run a scan and have it fix what it finds.
Next you should update your AV boot to safe mode and run a full system scan.

Go here http://www.majorgeeks.com/download.php?det=2471 download the most recent version of spybot, should be updated but check it for updates and run it and have it fix anything it finds,
Next go here http://www.majorgeeks.com/download.php?det=506 download ad-aware again check for updates run it and have it fix what it finds.

You should download spybot and ad-aware and run them in safe mode after you run the system scan from your AV.
Then just for good measure run them again after you reboot your computer to normal mode.
Then restart HJT and post back a fresh log

Oh by the way this is legit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx


Don