Jump to content


Photo

HijackThis list + other happenings


  • This topic is locked This topic is locked
3 replies to this topic

#1 Acefowl

Acefowl

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 30 June 2004 - 02:58 AM

Running WindowsXP with 256 MB of RAM, and I only use IE to browse (Probably my biggest problem!) "About:Blank" has not only taken over my home page, but it also overlays screens for McAfee programs for a few seconds, especially noticed on the Log-in screen. The internet has slowed down considerably, and I am constantly getting "Virtual memory too low" messages, requiring me to reboot if I stay online longer than 20-30 minutes. I have Spybot, Ad-Aware, and HijackThis, all current versions, but they do nothing to help. I've done everything I can think of to fix it without breaking anything, even following as much of the directions listed on this site as possible, but nothing works. Any help I could get would be greatly appreciated.

Here's my HijackThis Log. Kind of a long one. I want to point out that "Fixing" the search and home page entries do nothing; they just come back later.

Logfile of HijackThis v1.98.0
Scan saved at 12:01:52 AM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\fcmbdz.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\System32\rnfrcior.exe
C:\Program Files\JUSearch\hcm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Acefowl\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Acefowl\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Acefowl\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Acefowl\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Acefowl\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {5F79DFFD-2499-80B5-D299-2AD2F7DDDB85} - C:\WINDOWS\System32\aesoxztq.dll
O2 - BHO: (no name) - {63ED31EF-42E1-3CD1-02D0-68EC34F6DFE1} - C:\WINDOWS\System32\uzwqdkwv.dll
O2 - BHO: (no name) - {9594B632-8B88-EA1B-1A72-98CCE34BEBB6} - C:\WINDOWS\System32\lahumaam.dll
O2 - BHO: (no name) - {F0F40801-0D27-FD1D-CDED-9C30664401F8} - C:\WINDOWS\System32\jsosqeet.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmwzkqav] C:\WINDOWS\pgjoqcfi.exe
O4 - HKLM\..\Run: [c] C:\WINDOWS\System32\fcmbdz.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\}
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKLM\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKLM\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKLM\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKLM\..\Run: [if (screen.colorDept] c:\WINDOWS\System32\if (screen.colorDepth) {
O4 - HKLM\..\Run: [data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_vers] c:\WINDOWS\System32\data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_version;
O4 - HKLM\..\Run: [data = data + java_enabled + screen_width + screen_height + color_de] c:\WINDOWS\System32\data = data + java_enabled + screen_width + screen_height + color_depth;
O4 - HKLM\..\Run: [rnfrcior] C:\WINDOWS\System32\rnfrcior.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\}
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKCU\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKCU\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKCU\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKCU\..\Run: [if (screen.colorDept] c:\WINDOWS\System32\if (screen.colorDepth) {
O4 - HKCU\..\Run: [data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_vers] c:\WINDOWS\System32\data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_version;
O4 - HKCU\..\Run: [data = data + java_enabled + screen_width + screen_height + color_de] c:\WINDOWS\System32\data = data + java_enabled + screen_width + screen_height + color_depth;
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.....chm::/load.exe
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcaf...72/mcinsctl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...72/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FC9D99-8588-4ADC-9FC9-FDCE9CB47D81}: NameServer = 64.136.20.121 64.136.20.133
O18 - Filter: text/html - {718044E6-1711-4CD7-93A2-B2A918C4485A} - C:\WINDOWS\System32\jcbc.dll
O18 - Filter: text/plain - {718044E6-1711-4CD7-93A2-B2A918C4485A} - C:\WINDOWS\System32\jcbc.dll

Edited by Acefowl, 30 June 2004 - 03:26 AM.


#2 Acefowl

Acefowl

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 01 July 2004 - 02:25 AM

Anyone, please? It's been a problem on my computer for a week now.

#3 Acefowl

Acefowl

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 09 July 2004 - 02:21 PM

Bump

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 November 2005 - 10:10 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button