Jump to content


Photo

Home Search Assistant


  • Please log in to reply
8 replies to this topic

#1 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 July 2004 - 12:48 PM

In my ADD/REMOVE PROGRAMS I have 3 items. HOME SEARCH ASSISTENT (their misspelling, not mine), SEARCH EXTENDER (with AOL logo, yesterday it was Yahoo's logo) and SHOPPING WIZARD. When I try to remove them I get the same SHORTCUT ERROR: Unable to open "http://Looking for.cc/uninstall/HomeSearchAssistant.html." (Or SearchExtender or ShoppingWizard). My home page in IE was Hijacked and I can not open any links from my favorites, nor any of theirs. Nothing has been changed in my INTERNET OPTIONS except the home page setting.
This runs my Virtual Memory on WAOL.EXE and EXPLORER.EXE up into the hundreds of thousands of Kb. My Page File Usage History is running 635Mb as I type this and has been as high as 905Mb.
I have run NORTON"S ANTI VIRUS (Clean), ADAWARE (5 cookies), SPY-BOT S&D (1 cookie), NOADWARE (clean). All are clean now. Now I want to remove what I can through HIJACKTHIS. I have read the FAQ. What exactly is safe to remove from HIJACKTHIS? Thanks for your help.



Logfile of HijackThis v1.97.7
Scan saved at 9:32:37 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sysva.exe
C:\WINDOWS\system32\addgm.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Weatherbug\WeatherBug\Weather.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MrWmnHtr\My Documents\My Software Files\Adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nnozs.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nnozs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nnozs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5E63AC3C-1971-B83C-E2FB-4038C435169B} - C:\WINDOWS\system32\addgm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [addgm.exe] C:\WINDOWS\system32\addgm.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\Weatherbug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKLM\..\RunOnce: [sysva.exe] C:\WINDOWS\sysva.exe
O4 - HKLM\..\RunOnce: [appir.exe] C:\WINDOWS\appir.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\crqs32.exe
O4 - HKLM\..\RunOnce: [msaf.exe] C:\WINDOWS\system32\msaf.exe
O4 - HKLM\..\RunOnce: [ntjs.exe] C:\WINDOWS\ntjs.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.4170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DDC3A1D-E38A-4675-9E2E-9EF5D2036CA0}: NameServer = 198.81.16.4

Edited by mrwmnhtr, 01 July 2004 - 03:05 PM.


#2 erexx

erexx

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 01 July 2004 - 01:12 PM

Home Search Assistant, shopping wizard and search extender*

First appearance: June 16th?

I have tried every thing I know and researched much.
(EDIT)
This is really an excersise in knowing what are vaild exe, dll, & dat files.
As well as registry entries. (EDIT)

Symptoms:
-Browser loads: res://<random>.dll/<random>.html#<random>
-Attempts to reload OfficeXP and 2K3 every time an office app or IE is launched.
-Bad files deleted being recreated almost immediately after being deleted.
-Randomly re-generated file names (EXE’s, DLL’s, and DAT's)
-Redirected R1, R0 and 02 registry entries.
-Home Search Assistant website gives you an app to remove the app.
(Do not use it, it does not work. Do you think you can trust these scum?)

Work Around:
Using another browser like Firefox.
System Restore to point before infection.

Removal:
Tools Needed.
1. HSA BUSTER: http://tools.zerosre...AboutBuster.zip
2. HiJackThis
3. Ad-Aware
4. Updated Antivirus software
5. Uninstaller pro

Fix:
1. Update Ad-Aware and run it.
2. Run a Virus Scan like Norton Antivirus.
3. Run HiJackThis and delete all (illegit) files with IE startup pages R1, R0's and 02's.
4. Run About:Buster v1.23 (v.1.23 is automatic now)
5. Use ProUninstall and remove the three HSA programs "forcing" them out if needed.
6. Use Regedit to clean up Home Search Assistant from registry.
7. Wash, Rinse & Repeat until clean.


References:
http://www.spywarein...?showtopic=8847
http://www.zerosreal...0assistant&st=0
http://www.experts-e...Q_21040164.html
http://www.majorgeek...368902#poststop


Notes:
Talk about “Wack-a-Mole 2004”
Essentially if you don’t get them –all- on the first shot your back to square one after IE is launched.
I hate repeating the same steps over and over to try and solve the same problem.
(Insanity)
After -several- attempts it “looks” like the above has worked for me.
If you don’t get them all then every time IE is launched it "detects" any "missing" files
and then recreates itself as different EXE’s, DLL’s, and DAT files as well as recreating new registry entries.
Without HighJackThis or the HSA Buster (About:Buster)
It probably would have been impossible to remove.
(Visiting Porn sites will almost certainly infect a PC)


Good luck if you ever face this one.

It’s a real b*tch.

Edited by erexx, 01 July 2004 - 02:47 PM.


#3 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 July 2004 - 08:28 PM

Thank you, erexx!

I just read the article saying not to reboot until I hear from you guys about my HIJACKTHIS LOG. I have to reboot because the VITURAL MEMORY gets so high that this computer really has a hard time running. But I will try to stay here as long as possible. Here is my newest HIJACKTHIS LOG FILE. Thanks everyone!

Logfile of HijackThis v1.97.7
Scan saved at 6:26:25 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sysva.exe
C:\WINDOWS\system32\addgm.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Weatherbug\WeatherBug\Weather.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MrWmnHtr\My Documents\My Software Files\Adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nnozs.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nnozs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nnozs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nnozs.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5E63AC3C-1971-B83C-E2FB-4038C435169B} - C:\WINDOWS\system32\addgm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [addgm.exe] C:\WINDOWS\system32\addgm.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\Weatherbug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKLM\..\RunOnce: [sysva.exe] C:\WINDOWS\sysva.exe
O4 - HKLM\..\RunOnce: [appir.exe] C:\WINDOWS\appir.exe
O4 - HKLM\..\RunOnce: [crqs32.exe] C:\WINDOWS\crqs32.exe
O4 - HKLM\..\RunOnce: [msaf.exe] C:\WINDOWS\system32\msaf.exe
O4 - HKLM\..\RunOnce: [ntjs.exe] C:\WINDOWS\ntjs.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.4170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DDC3A1D-E38A-4675-9E2E-9EF5D2036CA0}: NameServer = 198.81.16.4

#4 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 July 2004 - 10:18 PM

Ok I guess I haven't done everything just right. I'm new at this. I am going to start over. I will be back here. Thanks for your time.

#5 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 01:00 PM

Ok NOW I have Adaware Build 181 with reference file 01R326 01.07.2004. It caught 59 more objects than Build 161. I am concerned that it scaned only 47,000 objects instead of the 117,000 it was scanning. Should I be concerned? I ran Spy-bot - clean. I ran CWShredder - clean. Here is my HijackThis log file. I wont shut down my computer until i hear from you. Thanks to all!

Logfile of HijackThis v1.97.7
Scan saved at 10:47:23 AM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\addgm.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Weatherbug\WeatherBug\Weather.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\iefm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MrWmnHtr\My Documents\My Software Files\Adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dubkx.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dubkx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dubkx.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MrWmnHtr\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {251E8BB4-407D-0B88-E0C1-0EFF77B346BB} - C:\WINDOWS\ipfe.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [addgm.exe] C:\WINDOWS\system32\addgm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\Weatherbug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.4170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DDC3A1D-E38A-4675-9E2E-9EF5D2036CA0}: NameServer = 198.81.18.4

#6 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 07:07 PM

My computer stopped responding. I had to restart. I ran Adaware 181 with newest reference file. And here is the newest HijackThis Log.

Logfile of HijackThis v1.97.7
Scan saved at 5:04:33 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\iefm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atlgh32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Weatherbug\WeatherBug\Weather.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MrWmnHtr\My Documents\My Software Files\Adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dubkx.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {172E04A2-D877-7931-F236-BFA21ECD75DF} - C:\WINDOWS\system32\javayd32.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [addgm.exe] C:\WINDOWS\system32\addgm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\Weatherbug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.4170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DDC3A1D-E38A-4675-9E2E-9EF5D2036CA0}: NameServer = 198.81.19.134

#7 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 07:25 PM

AAAAAAH! Lavasoft wants me to reboot AGAIN. I'll be back with a new HijackThis Log. I see someone is reading my post so I will wait to see if you are replying to this before I reboot for Lavasoft. Thanks AAAAAAA!

#8 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 July 2004 - 04:21 PM

I started all over this morning at 4am.
Started with clean boot.
Ran Nortons Anti Virus
Ran Adaware build 181 with reference file 01R326 1.07.2004
3 objects found. (my log 7-03-04-1)
Removed
Booted in Normal Mode
Ran Adaware
0 Objects Found (my log 7-03-04-2)
*** unusually high virtual memory on process NAVAPSVE.EXE 440,000+ Kbs.
*** Page File Usage History at 737 Mbs.
Rebooted in Normal Mode
Ran Adaware
0 objects found (my log 7-03-04-3)
*** Without closing Adaware, I opened AOL to get online. I opened no other windows. I didn't check my mail. I didn't visit any websites.
Ran Adaware
6 Objects Found (my log 7-03-04-4) One Object needed to be removed by rebooting.
Booted in Normal Mode
Adaware Self Started
0 objects Found (my log 7-03-04-5)
Closed Adaware to let Windows finish loading.
*** ERROR MESSAGE: Windows cannot find 'C:\\windows\sdktk,exe' Make sure
you typed the name correctly, and then try again. To search for a file, click
start button, and then click search.
Clicked OK
Computer finished loading up and I opened AOL and got online.
Ran Adaware.
14 Objects Found (my log 7-03-04-6)
Ran Adaware Again No Reboot
4 Objects Found (my log 7-03-04-7)
Ran Adaware Again no reboot
4 Objects Found (my log 7-03-04-8)
*** Yes, I removed all Objects each time Adaware was run.***
Ran HijackThis. (my log 7-03-04-1)
Which is what follows here. please tell what I've done wrong or what I need to do now. Thank you.


Logfile of HijackThis v1.97.7
Scan saved at 1:25:18 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
C:\Program Files\Common Files\Anoto\DockingEngine.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atlgh32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Weatherbug\WeatherBug\Weather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\ntlg32.exe
C:\Documents and Settings\MrWmnHtr\My Documents\My Software Files\Adaware\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zaqda.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {172E04A2-D877-7931-F236-BFA21ECD75DF} - C:\WINDOWS\system32\javayd32.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe
O4 - HKLM\..\Run: [Logitech Pen Docking Engine Server] C:\Program Files\Common Files\Anoto\DockingEngine.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [addgm.exe] C:\WINDOWS\system32\addgm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\Weatherbug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.4170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DDC3A1D-E38A-4675-9E2E-9EF5D2036CA0}: NameServer = 198.81.18.134

#9 mrwmnhtr

mrwmnhtr

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 July 2004 - 12:40 AM

This computer's page file usage and vitrual memory runs so high (700 - 800 Mbs) that It can barely open a window. So I'm going to have to try something else. I cant stay online long enough for you to get to me without having to reboot and send a new llog file each time. Thanks for your time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!