Jump to content


Photo

log file


  • This topic is locked This topic is locked
1 reply to this topic

#1 cjr

cjr

    Member

  • New Member
  • Pip
  • 2 posts

Posted 16 July 2004 - 01:54 PM

Logfile of HijackThis v1.98.0
Scan saved at 2:35:20 PM, on 7/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Size open - {0663B6A7-4F8E-A8EC-2B2B-7EBDC9FA5996} - C:\PROGRA~1\SECOND~1\Roadbike.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.imbum.com/Imbum.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.imbum.com/Imbum_bw.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SWI Forums -> HELP</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

<style type='text/css'>
/* FIX IE6 Scrollbars bug - Leave this in! */
/* FIX IE6 Scrollbars bug - Leave this in! */
html { overflow-x: auto; }

/* Body entry, change forum page background colour, default font, font size, etc. Leave text-align:center to center board content
#ipwrapper will set text-align back to left for the forum. Any other tables / divs you use must use text-align:left to re-align
the content properly. This is a work around to a known Internet Explorer bug */
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; margin:0px;padding:0px;background-color:#FFF; text-align:center }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; }

/* MAIN WRAPPER: Adjust forum width here. Leave margins alone to auto-center content */
#ipbwrapper { text-align:left; width:95%; margin-left:auto;margin-right:auto }

a:link, a:visited, a:active { text-decoration: underline; color: #000 }
a:hover { color: #465584; text-decoration:underline }

fieldset.search { padding:6px; line-height:150% }
label { cursor:pointer; }
form { display:inline; }
img { vertical-align:middle; border:0px }
img.attach { border:2px outset #EEF2F7;padding:2px }

.googleroot { padding:6px; line-height:130% }
.googlechild { padding:6px; margin-left:30px; line-height:130% }
.googlebottom, .googlebottom a:link, .googlebottom a:visited, .googlebottom a:active { font-size:11px; color: #3A4F6C; }
.googlish, .googlish a:link, .googlish a:visited, .googlish a:active { font-size:14px; font-weight:bold; color:#00D; }
.googlepagelinks { font-size:1.1em; letter-spacing:1px }
.googlesmall, .googlesmall a:link, .googlesmall a:active, .googlesmall a:visited { font-size:10px; color:#434951 }

li.helprow { padding:0px; margin:0px 0px 10px 0px }
ul#help { padding:0px 0px 0px 15px }

option.cat { font-weight:bold; }
option.sub { font-weight:bold;color:#555 }
.caldate { text-align:right;font-weight:bold;font-size:11px;color:#777;background-color:#DFE6EF;padding:4px;margin:0px }

.warngood { color:green }
.warnbad { color:red }

#padandcenter { margin-left:auto;margin-right:auto;text-align:center;padding:14px 0px 14px 0px }

#profilename { font-size:28px; font-weight:bold; }
#calendarname { font-size:22px; font-weight:bold; }

#photowrap { padding:6px; }
#phototitle { font-size:24px; border-bottom:1px solid black }
#photoimg { text-align:center; margin-top:15px }

#ucpmenu { line-height:150%;width:22%; border:1px solid #345487;background-color: #F5F9FD }
#ucpmenu p { padding:2px 5px 6px 9px;margin:0px; }
#ucpcontent { background-color: #F5F9FD; border:1px solid #345487;line-height:150%; width:auto }
#ucpcontent p { padding:10px;margin:0px; }

#ipsbanner { position:absolute;top:1px;right:5%; }
#logostrip { border:1px solid #345487;background-color: #3860BB;background-image:url(style_images/1/tile_back.gif);padding:0px;margin:0px; }
#submenu { border:1px solid #BCD0ED;background-color: #DFE6EF;font-size:10px;margin:3px 0px 3px 0px;color:#3A4F6C;font-weight:bold;}
#submenu a:link, #submenu a:visited, #submenu a:active { font-weight:bold;font-size:10px;text-decoration: none; color: #3A4F6C; }
#userlinks { border:1px solid #C2CFDF; background-color: #F0F5FA }

#navstrip { font-weight:bold;padding:6px 0px 6px 0px; }

.activeuserstrip { background-color:#BCD0ED; padding:6px }

/* Form stuff (post / profile / etc) */
.pformstrip { background-color: #D1DCEB; color:#3A4F6C;font-weight:bold;padding:7px;margin-top:1px }
.pformleft { background-color: #F5F9FD; padding:6px; margin-top:1px;width:25%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformleftw { background-color: #F5F9FD; padding:6px; margin-top:1px;width:40%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformright { background-color: #F5F9FD; padding:6px; margin-top:1px;border-top:1px solid #C2CFDF; }

/* Topic View elements */
.signature { font-size: 10px; color: #339; line-height:150% }
.postdetails { font-size: 10px }
.postcolor { font-size: 12px; line-height: 160% }

.normalname { font-size: 12px; font-weight: bold; color: #003 }
.normalname a:link, .normalname a:visited, .normalname a:active { font-size: 12px }
.unreg { font-size: 11px; font-weight: bold; color: #900 }

.post1 { background-color: #F5F9FD }
.post2 { background-color: #EEF2F7 }
.postlinksbar { background-color:#D1DCEB;padding:7px;margin-top:1px;font-size:10px; background-image: url(style_images/1/tile_sub.gif) }

/* Common elements */
.row1 { background-color: #F5F9FD }
.row2 { background-color: #DFE6EF }
.row3 { background-color: #EEF2F7 }
.row4 { background-color: #E4EAF2 }

.darkrow1 { background-color: #C2CFDF; color:#4C77B6; }
.darkrow2 { background-color: #BCD0ED; color:#3A4F6C; }
.darkrow3 { background-color: #D1DCEB; color:#3A4F6C; }

.hlight { background-color: #DFE6EF }
.dlight { background-color: #EEF2F7 }

.titlemedium { font-weight:bold; color:#3A4F6C; padding:7px; margin:0px; background-image: url(style_images/1/tile_sub.gif) }
.titlemedium a:link, .titlemedium a:visited, .titlemedium a:active { text-decoration: underline; color: #3A4F6C }

/* Main table top (dark blue gradient by default) */
.maintitle { vertical-align:middle;font-weight:bold; color:#FFF; padding:8px 0px 8px 5px; background-image: url(style_images/1/tile_back.gif) }
.maintitle a:link, .maintitle a:visited, .maintitle a:active { text-decoration: none; color: #FFF }
.maintitle a:hover { text-decoration: underline }

/* tableborders gives the white column / row lines effect */
.plainborder { border:1px solid #345487;background-color:#F5F9FD }
.tableborder { border:1px solid #345487;background-color:#FFF; padding:0; margin:0 }
.tablefill { border:1px solid #345487;background-color:#F5F9FD;padding:6px; }
.tablepad { background-color:#F5F9FD;padding:6px }
.tablebasic { width:100%; padding:0px 0px 0px 0px; margin:0px; border:0px }

.wrapmini { float:left;line-height:1.5em;width:25% }
.pagelinks { float:left;line-height:1.2em;width:35% }

.desc { font-size:10px; color:#434951 }
.edit { font-size: 9px }


.searchlite { font-weight:bold; color:#F00; background-color:#FF0 }

#QUOTE { white-space:normal; font-family: Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
#CODE { white-space:normal; font-family: Courier, Courier New, Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }

.copyright { font-family: Verdana, Tahoma, Arial, Sans-Serif; font-size: 9px; line-height: 12px }

.codebuttons { font-size: 10px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
.forminput, .textinput, .radiobutton, .checkbox { font-size: 11px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }

.thin { padding:6px 0px 6px 0px;line-height:140%;margin:2px 0px 2px 0px;border-top:1px solid #FFF;border-bottom:1px solid #FFF }

.purple { color:purple;font-weight:bold }
.red { color:red;font-weight:bold }
.green { color:green;font-weight:bold }
.blue { color:blue;font-weight:bold }
.orange { color:#F90;font-weight:bold }
</style>

</head>
<body>
<div id="ipbwrapper">
<script language='JavaScript' type="text/javascript">
<!--
function buddy_pop() { window.open('index.php?act=buddy','BrowserBuddy','width=250,height=500,resizable=yes,scrollbars=yes'); }
function chat_pop(cw,ch) { window.open('index.php?act=chat&pop=1','Chat','width='+cw+',height='+ch+',resizable=yes,scrollbars=yes'); }
function multi_page_jump( url_bit, total_posts, per_page )
{
pages = 1; cur_st = parseInt(""); cur_page = 1;
if ( total_posts % per_page == 0 ) { pages = total_posts / per_page; }
else { pages = Math.ceil( total_posts / per_page ); }
msg = "Please enter a page number to jump to between 1 and" + " " + pages;
if ( cur_st > 0 ) { cur_page = cur_st / per_page; cur_page = cur_page -1; }
show_page = 1;
if ( cur_page < pages ) { show_page = cur_page + 1; }
if ( cur_page >= pages ) { show_page = cur_page - 1; }
else { show_page = cur_page + 1; }
userPage = prompt( msg, show_page );
if ( userPage > 0 ) {
if ( userPage < 1 ) { userPage = 1; }
if ( userPage > pages ) { userPage = pages; }
if ( userPage == 1 ) { start = 0; }
else { start = (userPage - 1) * per_page; }
window.location = url_bit + "&st=" + start;
}
}
//-->
</script>

<!--IBF.BANNER-->
<div id='logostrip'>
<a href='http://forums.spywar.../index.php?amp;' title='Board Home'><img src='http://pix.spywarein...s/main_logo.gif' alt='Powered by Invision Power Board' border="0" /></a>
</div>
<!-- IE6/Win TABLE FIX -->
<table width="100%" cellspacing="6" id="submenu">
<tr>
<td><a href='http://www.spywareinfo.com'>SpywareInfo</a> &middot; <a href='http://www.spywareinfo.net/'>Spyware Weekly Newsletter</a> &middot; <a href='http://www.spywareinfo.com/support.php'>Donate to this site</a> &middot; <a href="http://www.dogreader.com/">DogReader</a><!--IBF.RULES--></td>
<td align="right">
<img src="html/pix/irc.jpeg">&nbsp;<a href="http://chat.spywarei...einfo.com/">IRC Chat Room</a>
&nbsp; &nbsp;&nbsp;<img src="style_images/1/atb_help.gif" border="0" alt="" />&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=Help'>Help</a>
&nbsp; &nbsp;&nbsp;<img src="style_images/1/atb_search.gif" border="0" alt="" />&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=Search&amp;f=18'>Search</a>
&nbsp; &nbsp;&nbsp;<img src="style_images/1/atb_members.gif" border="0" alt="" />&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=Members'>Members</a>
&nbsp; &nbsp;&nbsp;<img src="style_images/1/atb_calendar.gif" border="0" alt="" />&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=calendar'>Calendar</a>
<!--IBF.CHATLINK-->
<!--IBF.TSLLINK-->
</td>
</tr>
</table>
<table width="100%" id="userlinks" cellspacing="6">
<tr>
<td>Welcome Guest ( <a href='http://forums.spywareinfo.com/index.php?amp;act=Login&amp;CODE=00'>Log In</a> | <a href='http://forums.spywareinfo.com/index.php?amp;act=Reg&amp;CODE=00'>Register</a> )</td>
<td align='right'><a href='http://forums.spywareinfo.com/index.php?amp;act=Reg&amp;CODE=reval'>Resend Validation Email</a></td>
</tr>
</table>
<br />
<div id='navstrip' align='left'><img src='style_images/1/nav.gif' border='0' alt='&gt;' />&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=idx'>SWI Forums</a>&nbsp;-&gt;&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;act=SC&amp;c=4'>Spyware, thiefware, browser hijackers, and other advertising parasites</a>&nbsp;-&gt;&nbsp;<a href='http://forums.spywareinfo.com/index.php?amp;showforum=18'>Malware Removal</a></div>
<br />
<p>
<big><b>New here? Read <a href="http://forums.spywar...topic=227">this FAQ</a> before you do anything else.</b></big>
</p>
<p>
<big><b>Help support this site! <a href="http://www.spywarein...port.php">Click here to learn how</a></b></big>
</p>
<p>
<a href="http://www.spywarein...event.php">Read our article on preventing a browser hijacking</a>
</p>
<p>
<a href="http://www.spywarein...ibe/">Subscribe to the Spyware Weekly Newsletter</a>
</p>
<script language='javascript' type='text/javascript'>
<!--

function link_to_post(pid)
{
temp = prompt( "Manually copy the direct link to this post below to store the link in your computer's clipboard", "http://forums.spywar...ew=findpost&p=" + pid );
return false;
}

function delete_post(theURL) {
if (confirm('Are you sure you want to delete this message?')) {
window.location.href=theURL;
}
else {
alert ('Ok, no action has been taken');
}
}

function PopUp(url, name, width,height,center,resize,scroll,posleft,postop) {
if (posleft != 0) { x = posleft }
if (postop != 0) { y = postop }

if (!scroll) { scroll = 1 }
if (!resize) { resize = 1 }

if ((parseInt (navigator.appVersion) >= 4 ) && (center)) {
X = (screen.width - width ) / 2;
Y = (screen.height - height) / 2;
}
if (scroll != 0) { scroll = 1 }

var Win = window.open( url, name, 'width='+width+',height='+height+',top='+Y+',left='+X+',resizable='+resize+',scrollbars='+scroll+',location=no,directories=no,status=no,menubar=no,toolbar=no');
}

function ShowHide(id1, id2) {
if (id1 != '') expMenu(id1);
if (id2 != '') expMenu(id2);
}

function expMenu(id) {
var itm = null;
if (document.getElementById) {
itm = document.getElementById(id);
} else if (document.all){
itm = document.all[id];
} else if (document.layers){
itm = document.layers[id];
}

if (!itm) {
// do nothing
}
else if (itm.style) {
if (itm.style.display == "none") { itm.style.display = ""; }
else { itm.style.display = "none"; }
}
else { itm.visibility = "show"; }
}
//-->
</script>

<a name='top'></a>
<!-- Show FAQ/Forum Rules -->
<div align='left'><img src='style_images/1/forum_rules.gif' border='0' alt='Forum Rules' />&nbsp;<b>Posting Guidelines</b><br /><br /><p>
Before posting, make sure you have read the <a href="http://www.spywarein...d/faq">FAQ</a>. It's there for a reason.
</p>
<p><b>If you do not have spyware or another parasite and just want a check for anything suspicious, do not post that here. <a href="http://forums.spywar...forum=28">Click here</a> for that.</b>
<p>
Please do not post your email address or other personal information. Spammers do lurk here and they also operate email harvester bots to scan for email addresses. If a moderator sees that you have posted an email address, it will be removed.
</p>
<p>
<span style="font-size:x-large; color:red; font-weight:bold;">DO NOT POST YOUR LOG FILE INTO SOMEONE ELSE'S TOPIC! START YOUR OWN.</span> <span style="font-size:large; color:red; font-weight:bold;">Please stay with your original topic when posting follow up log files.</span>
</p></div>
<br />
<!-- End FAQ/Forum Rules -->

<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align='left' width="20%" nowrap="nowrap">&nbsp;</td>
<td align='right' width="80%"><a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=02&amp;f=18&amp;t=14602'><img src='style_images/1/t_reply.gif' border='0' alt='Reply to this topic' /></a><a href='http://forums.spywar...ODE=00&#38;f=18' title='Start a new topic'><img src='style_images/1/t_new.gif' border='0' alt='Start new topic' /></a><a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=10&amp;f=18'><img src='style_images/1/t_poll.gif' border='0' alt='Start Poll' /></a></td>
</tr>
</table>
<br />
<div class="tableborder">
<div class='maintitle'><img src='style_images/1/nav_m.gif' border='0' alt='&gt;' width='8' height='8' />&nbsp;<b>HELP</b>, Browser Hijack</div>
<!--{IBF.POLL}-->
<div align='right' class='postlinksbar'>
<strong><!--{IBF.START_NEW_POLL}--><a href='http://forums.spywareinfo.com/index.php?amp;act=Track&amp;f=18&amp;t=14602'>Track this topic</a> |
<a href='http://forums.spywareinfo.com/index.php?amp;act=Forward&amp;f=18&amp;t=14602'>Email this topic</a> |
<a href='http://forums.spywareinfo.com/index.php?amp;act=Print&amp;client=printer&amp;f=18&amp;t=14602'>Print this topic</a></strong>
</div>

<!--Begin Msg Number 55416-->
<table width='100%' border='0' cellspacing='1' cellpadding='3'>
<tr>
<td valign='middle' class='row4' width="1%"><a name='entry55416'></a><span class='normalname'><a href='http://forums.spywareinfo.com/index.php?amp;showuser=17396'>cjr</a></span></td>
<td class='row4' valign='top' width="99%">

<!-- POSTED DATE DIV -->

<div align='left' class='row4' style='float:left;padding-top:4px;padding-bottom:4px'>
<span class='postdetails'><b><a title="Show the link to this post" href="#" onclick="link_to_post(55416); return false;" style="text-decoration:underline">Posted:</a></b> Jul 11 2004, 05:38 PM</span>
</div>

<!-- REPORT / DELETE / EDIT / QUOTE DIV -->

<div align='right'>
<a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=06&amp;f=18&amp;t=14602&amp;p=55416'><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a>
</div>

</td>
</tr>
<tr>
<td valign='top' class='post2'>
<span class='postdetails'><br /><br />
Member<br />
<img src='style_images/1/pip.gif' border='0' alt='*' /><br /><br />
Group: New Member<br />
Posts: 1<br />
Member No.: 17,396<br />
Joined: 11-July 04<br /><br />
</span><br />
<!--$ author[field_1]-->
<img src='style_images/1/spacer.gif' alt='' width='160' height='1' /><br />
</td>
<td width='100%' valign='top' class='post2'>
<!-- THE POST 55416 -->
<div class='postcolor'> I have read and re read the instructions and faq and am at a loss as how to get help in removing this parasite that has infected my computer. I ran spybot and copied the log file but do not know what to do next, can someone guide me thru?My browser has been hijacked.<br /><br />cjr </div>

<!-- THE POST -->
</td>
</tr>
<tr>
<td class='darkrow3' align='left'><b></b></td>
<td class='darkrow3' nowrap="nowrap" align='left'>

<!-- PM / EMAIL / WWW / MSGR -->

<div align='left' class='darkrow3' style='float:left;width:auto'>
<a href='http://forums.spywareinfo.com/index.php?amp;act=Msg&amp;CODE=04&amp;MID=17396'><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><a href='http://forums.spywareinfo.com/index.php?amp;act=Mail&amp;CODE=00&amp;MID=17396'><img src='style_images/1/p_email.gif' border='0' alt='Email Poster' /></a>
</div>

<!-- REPORT / UP -->

<div align='right'>
<a href='javascript:scroll(0,0);'><img src='style_images/1/p_up.gif' alt='Top' border='0' /></a>
</div>
</td>
</tr>
</table>
<div class='darkrow1' style='height:5px'><!-- --></div>

<!--Begin Msg Number 55514-->
<table width='100%' border='0' cellspacing='1' cellpadding='3'>
<tr>
<td valign='middle' class='row4' width="1%"><a name='entry55514'></a><span class='normalname'><a href='http://forums.spywareinfo.com/index.php?amp;showuser=516'>Aaron B.</a></span></td>
<td class='row4' valign='top' width="99%">

<!-- POSTED DATE DIV -->

<div align='left' class='row4' style='float:left;padding-top:4px;padding-bottom:4px'>
<span class='postdetails'><b><a title="Show the link to this post" href="#" onclick="link_to_post(55514); return false;" style="text-decoration:underline">Posted:</a></b> Jul 11 2004, 07:40 PM</span>
</div>

<!-- REPORT / DELETE / EDIT / QUOTE DIV -->

<div align='right'>
<a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=06&amp;f=18&amp;t=14602&amp;p=55514'><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a>
</div>

</td>
</tr>
<tr>
<td valign='top' class='post1'>
<span class='postdetails'><br /><br />
The King of Laziness (... I'll get around to it tomorrow)<br />
<img src='style_images/1/pip.gif' border='0' alt='*' /><br /><br />
Group: Helper<br />
Posts: 26<br />
Member No.: 516<br />
Joined: 17-May 04<br /><br />
</span><br />
<!--$ author[field_1]-->
<img src='style_images/1/spacer.gif' alt='' width='160' height='1' /><br />
</td>
<td width='100%' valign='top' class='post1'>
<!-- THE POST 55514 -->
<div class='postcolor'> Okay... if you could, could you download HiJackThis to its own folder and run it? HiJackThis can be downloaded from: <a href='http://www.spywarein.../HijackThis.exe' target='_blank'>http://www.spywarein...ackThis.exe</a> . When that gets done running, click Save Log and save the log someplace. It'll also open the log and display it in Notepad, so copy the resulting log and post it here as a reply. From there, someone will find it and tell you what needs fixing. </div>
<br /><br />--------------------<br />
<div class='signature'><span style='font-size:13pt;line-height:100%'>&quot;This is no mere ranger. He is Aragorn, son of Arathorn. You owe him your allegiance.&quot;</span><br />- Legolas from The Fellowship of the Ring<br /><a href='http://ab.babtrek.com' target='_blank'>The Babtrek copy of my site!</a><br /><a href='http://webpages.char...man42/index.htm' target='_blank'>The Charter mirror of my site!</a><br /><a href='http://webpages.char...plete_sonic.htm' target='_blank'>Complete Sonic story</a><br /><br /><a href='http://www.spywarein.../CWShredder.exe' target='_blank'>CWShredder download</a><br /><a href='http://www.spywarein.../HijackThis.exe' target='_blank'>HiJackThis download</a></div>
<!-- THE POST -->
</td>
</tr>
<tr>
<td class='darkrow3' align='left'><b></b></td>
<td class='darkrow3' nowrap="nowrap" align='left'>

<!-- PM / EMAIL / WWW / MSGR -->

<div align='left' class='darkrow3' style='float:left;width:auto'>
<a href='http://forums.spywareinfo.com/index.php?amp;act=Msg&amp;CODE=04&amp;MID=516'><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><a href='http://forums.spywareinfo.com/index.php?amp;act=Mail&amp;CODE=00&amp;MID=516'><img src='style_images/1/p_email.gif' border='0' alt='Email Poster' /></a>
</div>

<!-- REPORT / UP -->

<div align='right'>
<a href='javascript:scroll(0,0);'><img src='style_images/1/p_up.gif' alt='Top' border='0' /></a>
</div>
</td>
</tr>
</table>
<div class='darkrow1' style='height:5px'><!-- --></div>

<div class="activeuserstrip">0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)</div>
<div class='row2' style='padding:6px'>0 Members: </div>
<div class="activeuserstrip" align="center">&laquo; <a href='http://forums.spywareinfo.com/index.php?amp;showtopic=14602&amp;view=old'>Next Oldest</a> | <strong><a href='http://forums.spywareinfo.com/index.php?amp;showforum=18'>Malware Removal</a></strong> | <a href='http://forums.spywareinfo.com/index.php?amp;showtopic=14602&amp;view=new'>Next Newest</a> &raquo;</div>
</div>

<br />
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align='left' width="20%" nowrap="nowrap"><a href="javascript:ShowHide('topic_open','topic_closed')" title="Open Topic Options"><img src='style_images/1/t_options.gif' border='0' alt='Topic Options' /></a></td>
<td align='right' width="80%"><a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=02&amp;f=18&amp;t=14602'><img src='style_images/1/t_reply.gif' border='0' alt='Reply to this topic' /></a><!--IBF.QUICK_REPLY_CLOSED--><a href='http://forums.spywar...ODE=00&#38;f=18' title='Start a new topic'><img src='style_images/1/t_new.gif' border='0' alt='Start new topic' /></a><a href='http://forums.spywareinfo.com/index.php?amp;act=Post&amp;CODE=10&amp;f=18'><img src='style_images/1/t_poll.gif' border='0' alt='Start Poll' /></a></td>
</tr>
</table>

<!--IBF.QUICK_REPLY_OPEN-->
<div id='topic_open' style='display:none;z-index:2;'>
<div class="tableborder">
<div class='maintitle'><img src='style_images/1/nav_m.gif' border='0' alt='&gt;' width='8' height='8' />&nbsp;<a href="javascript:ShowHide('topic_open','topic_closed')">Close Topic Options</a></div>
<div class='tablepad'>
<b><a href='http://forums.spywareinfo.com/index.php?amp;act=Track&amp;f=18&amp;t=14602'>Track this topic</a></b>
<br />
<span class='desc'>Receive email notification when a reply has been made to this topic and you are not active on the board.</span>
<br /><br />
<b><a href='http://forums.spywareinfo.com/index.php?amp;act=Track&amp;f=18&amp;type=forum'>Subscribe to this forum</a></b>
<br />
<span class='desc'>Receive email notification when a new topic is posted in this forum and you are not active on the board.</span>
<br /><br />
<b><a href='http://forums.spywareinfo.com/index.php?amp;act=Print&amp;client=choose&amp;f=18&amp;t=14602'>Download / Print this Topic</a></b>
<br />
<span class='desc'>Download this topic in different formats or view a printer friendly version.</span>
</div>
</div>
</div>

<br />

<div align='right'><form onsubmit="if(document.jumpmenu.f.value == -1){return false;}" action='http://forums.spywar....php?amp;act=SF' method='get' name='jumpmenu'>
<input type='hidden' name='act' value='SF' />
<input type='hidden' name='s' value='e67b15bf9139690c6f8709556925fa83' />
<select name='f' onchange="if(this.options[this.selectedIndex].value != -1){ document.jumpmenu.submit() }" class='forminput'>
<optgroup label="Site Jump">
<option value='sj_home'>Forum Home</option>
<option value='sj_search'>Search</option>
<option value='sj_help'>Help</option>
</optgroup>
<optgroup label="Forum Jump"><option value='-1'>Spyware, thiefware, browser hijackers, and other advertising parasites</option>
<option value="18" selected="selected">&nbsp;&nbsp;- Malware Removal </option><!--fx:18-->
<option value="19">&nbsp;&nbsp;- Spywatch </option><!--fx:19-->
<option value='-1'>SpywareInfo</option>
<option value="20">&nbsp;&nbsp;- News and Announcements </option><!--fx:20-->
<option value="21">&nbsp;&nbsp;- SpywareInfo Web Site, Forums, and Newsletter </option><!--fx:21-->
<option value="22">&nbsp;&nbsp;- Frequently Asked Questions </option><!--fx:22-->
<option value='-1'>Pacman's Portal</option>
<option value="23">&nbsp;&nbsp;- Startup Programs </option><!--fx:23-->
<option value="24">&nbsp;&nbsp;- Pacman </option><!--fx:24-->
<option value='-1'>General Computing Issues</option>
<option value="25">&nbsp;&nbsp;- Security Warnings </option><!--fx:25-->
<option value="26">&nbsp;&nbsp;- Software Update Announcements </option><!--fx:26-->
<option value="27">&nbsp;&nbsp;- Software </option><!--fx:27-->
<option value="28">&nbsp;&nbsp;- PC Troubleshooting </option><!--fx:28-->
<option value="29">&nbsp;&nbsp;- Firewalls and Proxies </option><!--fx:29-->
<option value="30">&nbsp;&nbsp;- Virus and Trojan Removal and Prevention Methods </option><!--fx:30-->
<option value='-1'>Miscellaneous</option>
<option value="31">&nbsp;&nbsp;- Open Forum </option><!--fx:31-->
<option value="32">&nbsp;&nbsp;- On the web </option><!--fx:32-->
<option value="33">&nbsp;&nbsp;- It happened to me... </option><!--fx:33-->
<option value="34">&nbsp;&nbsp;- Other </option><!--fx:34-->
<option value="35">&nbsp;&nbsp;- Test </option><!--fx:35-->
</optgroup>
</select>&nbsp;<input type='submit' value='Go' class='forminput' /></form></div>

<br />
<p align="center">
<a href="http://asap.maddokto...tor2.com/"><img src="http://forums.spywar...l/pix/asap.gif" border="0" /></a>
</p>
<br clear='all' />
<br />
<div align='center'>[ Script Execution time: 0.1714 ] &nbsp; [ 11 queries used ] &nbsp; [ GZIP Enabled ] </div>
<br />
<!-- Copyright Information -->

<div align='center' class='copyright'>Powered by <a href="http://www.invisionboard.com" target='_blank'>Invision Power Board</a>® v1.3.1 Final &copy; 2003 &nbsp;<a href='http://www.invisionpower.com' target='_blank'>IPS, Inc.</a></div><div align='center' class='copyright'>Registered to: SpywareInfo</div>
</div>
</body>
</html>

#2 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 16 July 2004 - 09:44 PM

cir:
Follow these instructions to remove WinTools:
First open Task Manager (Ctrl+Alt+Delete) close as many of the Wintools processes that you can see listed such as:
WToolsA.exe
WToolsS.exe
WSup.exe

Then go to Add/Remove Programs and remove Wintools.

Enable the “Show Hidden Folders” option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck the Hide Protected Operating System Files (recommended) option.
Click Yes to confirm.
Click OK.

Reboot into Safemode this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Search for these and delete them if they still exist:
(Delete only the Wintools folders/files -- not WINDOWS, System32, Programs, or Common Files!)
C:\WINDOWS\System32\SWin32.dll
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
C:\Program Files\Common Files\WinTools\WToolsA.exe
Reboot normally.

Reboot.

Run Hijack this, making sure all other windows and browser are closed. Check to fix these items:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

Do you know what this is?? If not, check it to be fixed.
O3 - Toolbar: Size open - {0663B6A7-4F8E-A8EC-2B2B-7EBDC9FA5996} - C:\PROGRA~1\SECOND~1\Roadbike.dll

Run Adaware and Spybot.

Then do an online virus scan: Housecall: http://www.trendmicr.../enterprise.htm

Reboot normally.

Ad-aware *
Download Ad-aware from here: http://www.computerc...s-file-292.html
Install by double-clicking on the downloaded file.
After installing but before running, update Ad-aware by using its Globe icon.
After updating, shutdown and restart Ad-aware.
Ad-aware is ready to scan and clean your system following these steps:

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Press "Scan Now"
Check option "Use Custom scanning options"
Check option "Activate In-Depth Scan"
Press "Select drives\folders to scan"
Select the active partition which is usually C:
Press "Next" to let Ad-aware scan your drives...
If it finds "bad" files and registry keys, press "Next" again
Right-click in that pane and choose "select all"
Press "next"
When it asks to remove all checked items, Press "OK"
Close Ad-aware, reboot your system and go on to the next step below.

Spybot S&D*
Download Spybot S&D here: http://www.computerc...s-file-108.html
Install by double-clicking on the downloaded file.
Run Spybot S&D from desktop icon or Start menu.
Press "Search for updates" button to get list of updates available.
Press "Download updates" button.
Close all IE windows and close & restart Spybot S&D.
Press "Check for problems" button.
Have SpyBot remove all it marks in RED by pressing "Fix selected problems".
Close Spybot S&D, reboot your system.

Reboot, and please post a fresh HJT log like this:
After Scan, the Scan button changes to Save Log. Click that, save it somewhere.
Do Ctrl-A to Select all, and then copy and paste it here.

Edited by Bugbatter, 16 July 2004 - 09:46 PM.

Microsoft MVP - Consumer Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button