• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
shelbrit

Surveilance virus? web search virus ?

11 posts in this topic

Hi - I started seeing the "PSear1" loadup upon startup of my computer, and everything was running very slowly.

 

I ran adaware (after installing its upgrades)

I ran cwshredder

and I ran housecall

 

Psear seems to have gone, but I now have a "websearch" bar on the top level of my computer that is there permanently

 

after running house call it also listed 8 infected files, with explanations and one said surveilance virus on it. I read the description og that, and it says it could track my keystrokes. I chose the option to delete them .

 

My computer is still running slowly, and I have ad-blocker on so I'm not getting pop ups, but I think I am still infcected.

 

I have read all the faqs and articles I can, but I am so confused now.

 

I just ran hijackthis and have a log from it. I dont know if I am supposed to cut and paste it to this topic or not.

 

Please help !

 

Thanks

Share this post


Link to post
Share on other sites

Hello! Please do copy and paste your HijackThis log to this thread. This way, we can take a look at it and see what the problem may be!

Share this post


Link to post
Share on other sites

Thank you so much !!!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:46:55 AM, on 5/21/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Program Files\Dell\OpenManage\Client\EventAgt.exe

C:\Program Files\Dell\OpenManage\Client\DLT.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINNT\wanmpsvc.exe

C:\dmi\win32\bin\Win32sl.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\SxgTkBar.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINNT\System32\hphmon05.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\documents and settings\sneal\local settings\temp\1.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINNT\System32\ctfmon.exe

C:\WINNT\System32\HPZipm12.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINNT\System32\magkman.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\FacetCorp\FacetWin\fwt.exe

C:\Documents and Settings\sneal\Desktop\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)

O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\System32\hphmon05.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [1.exe] C:\documents and settings\sneal\local settings\temp\1.exe

O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [AutoLoader4Fw21RSRJaaU] "C:\WINNT\System32\qosfx12n.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [4sFk3FP] magkman.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC66A22-6714-47E1-84A1-C1F05D2D757D}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aristair.com

Share this post


Link to post
Share on other sites

here's my latest hijackthis log.

I didnt hear back on what I should do next :o(

Any help would be appreciated !

Thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 10:42:35 AM, on 5/25/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Program Files\Dell\OpenManage\Client\EventAgt.exe

C:\Program Files\Dell\OpenManage\Client\DLT.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINNT\wanmpsvc.exe

C:\dmi\win32\bin\Win32sl.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\SxgTkBar.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINNT\System32\hphmon05.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\documents and settings\sneal\local settings\temp\1.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINNT\System32\ctfmon.exe

C:\WINNT\System32\HPZipm12.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\FacetCorp\FacetWin\fwt.exe

C:\Documents and Settings\sneal\Desktop\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)

O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\System32\hphmon05.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [1.exe] C:\documents and settings\sneal\local settings\temp\1.exe

O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC66A22-6714-47E1-84A1-C1F05D2D757D}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aristair.com

Share this post


Link to post
Share on other sites

Hi there! First, please download Spybot: Search and Destroy from http://www.tomcoyote.org/SPYBOT. Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

 

This will fix a few of the problems in your log. After you run Spybot, please reboot and post a fresh HJT log for me to help you clean up any leftover problems!

Share this post


Link to post
Share on other sites

OK. Downloaded and ran spybot (with updates)

 

It flagged 60 items - which I told it to FIX. Is there anywhere I have to go to PERMANENTLY DELETE any of these items ?

 

Anyway, here is the hijack this log now :o)

 

Thanks !

 

Logfile of HijackThis v1.97.7

Scan saved at 3:41:05 PM, on 5/25/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Program Files\Dell\OpenManage\Client\EventAgt.exe

C:\Program Files\Dell\OpenManage\Client\DLT.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINNT\wanmpsvc.exe

C:\dmi\win32\bin\Win32sl.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\SxgTkBar.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINNT\System32\hphmon05.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\documents and settings\sneal\local settings\temp\1.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINNT\wdskctl.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINNT\System32\HPZipm12.exe

C:\WINNT\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Documents and Settings\sneal\Desktop\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\System32\hphmon05.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [1.exe] C:\documents and settings\sneal\local settings\temp\1.exe

O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aristair.com

Share this post


Link to post
Share on other sites

Hello again!

 

By having Spybot "fix" the red entries it found, they are automatically deleted!

 

Reopen HJT and Scan for a log. Place a checkmark in the box to the left of each of the following entries ONLY:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)

 

O4 - HKLM\..\Run: [1.exe] C:\documents and settings\sneal\local settings\temp\1.exe

 

O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe

 

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

 

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

Now, with ALL other windows closed besides HJT, click the "Fix Selected" button.

 

Make sure you have Windows set to Show hidden files and folders and reboot into http://www.microsoft.com/windows2000/techi...nt/safemode.asp" target="_blank">Safe Mode

 

While in safe mode, first please go to C:\documents and settings\sneal\local settings\temp and DELETE the entire contents of that folder.

Now, find the following two files,

 

C:\WINNT\System32\dp-him.exe <<<<delete this FILE only

C:\WINNT\wdskctl.exe <<<<<delete this FILE only

 

Reboot normally, and post a fresh HJT log!!

Share this post


Link to post
Share on other sites

... again thank you for your assistance ! I have done the following:

 

checked and fixed the entries you mentioned in HJT

 

I couldnt figure out how to start in the safe mode you mentioned, but I did reboot and delete the contents of the temp folder you stated

 

I searched for the two additional files. I found and deleted the wdskctl.exe, but there were no results for the dp-him.exe file

 

Also, there are a number of 'backup' files that have appeared on my desktop?

 

And here is the latest HJT log:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:48:09 AM, on 5/27/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Program Files\Dell\OpenManage\Client\EventAgt.exe

C:\Program Files\Dell\OpenManage\Client\DLT.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINNT\wanmpsvc.exe

C:\dmi\win32\bin\Win32sl.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\SxgTkBar.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINNT\System32\hphmon05.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINNT\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINNT\System32\HPZipm12.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\FacetCorp\FacetWin\fwt.exe

C:\Documents and Settings\sneal\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\System32\hphmon05.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC66A22-6714-47E1-84A1-C1F05D2D757D}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aristair.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aristair.com

Share this post


Link to post
Share on other sites

not to worry, as the dp-him.exe is now gone from your log anyway. HJT took care of the entire file for us!

 

Your log is clean now! How are things running?

 

To help you stay that way:

 

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

http://www.wilderssecurity.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

 

If there's anything else you need, feel free to ask!

 

happy computing

Share this post


Link to post
Share on other sites

Thank you SO much Kat ! The annoying websearcher is gone, and the computer seems to be running at full speed again!

 

Who's better than you !

 

Have a great day !!

 

:)

Share this post


Link to post
Share on other sites

Shelbrit:

 

I am very sorry, but it seems that I DID miss one thing in your log that needs to be fixed with HJT. I inadvertantly *assumed* that this was a legitimate program. But, it is one that will install Spyware on your system without your knowledge.

 

open HJT, scan for a log, and fix the following entry!

 

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

 

After that, you're good to go! If you want, you can post a last HJT log for me to check over.

 

Again, I apologize for not catching this one this morning!

 

Cheers!

 

Kat

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0