Jump to content


Photo

A question.


  • Please log in to reply
9 replies to this topic

#1 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 18 July 2004 - 01:17 AM

I seem to have trouble posting on some messageboards. Particularlly ones hosted by Ezboards. Whever I try to post or register with a board, the window closes. With the exception of this board and a few others it doesn't do that to me.

Am I missing or need to update a web-browsing software...or have I once again picked up a menace I need to purge my comp of?

#2 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 09 August 2004 - 01:40 AM

Argh I'm seriously wondering if a virus or Trojan has infested my browser or something.

Aside from being unable to post on some message boards....now everytime I try and send an e-mail in my secondary e-mail account the web window closes...does anybody have any idea what's up?

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 09 August 2004 - 05:04 PM

We need a closer look at what's happening.
Please download http://tools.zerosrealm.com/hjt.zip
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 09 August 2004 - 05:09 PM

Here's the Hijack this log


Logfile of HijackThis v1.97.7
Scan saved at 6:09:32 PM, on 8/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\George Jr\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: AIM (HKLM)

#5 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 21 August 2004 - 03:02 PM

I really hate to be a nag but this error is pissing me off!

I cannot post or register with any ezboards forum or a few others!

Everytime I try to make a large text post that's more than 2-3 sentences the web window closes whenever I click 'post/submit'. I cannot post nor register and it's annoying as hell.

Has anyone encountered this problem? Is it a virus, some sort of glitch in my browsing software that deals with message board forums or is it some trojan?

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 21 August 2004 - 03:55 PM

Nothing wrong in your log, except that it seems abit short. There are usually a lot more entries than that.
Do you have anything in the ignore list of Hijack this?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 22 August 2004 - 01:45 AM

Um not that I checked.

Here's another Hijack this log.


Logfile of HijackThis v1.97.7
Scan saved at 2:43:44 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\George Jr\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

#8 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 24 August 2004 - 01:20 AM

My latest Hijack this log file.

Logfile of HijackThis v1.97.7
Scan saved at 2:20:08 AM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\George Jr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50188
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50188
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50188
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: AIM (HKLM)
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...88/QDow_AS2.cab

#9 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 August 2004 - 02:19 PM

  • Disable System restore as per the instructions here.
  • Reboot into safe mode - How do I boot into "Safe" mode?
  • Click on ""Start" => "Run" and type in "services.msc" and click on "OK".
  • Look for a service called "Wintools for IE Service" => Double-click it to open, then click on the Stop button and change the "Startup type" to Disabled. Do not worry if the service is not listed.
  • Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "WtoolsA.exe", "WToolsS.exe" and "WSup.exe". If you find the files, click on them, and then click End Process => Exit the Task Manager.
  • Go into "Add/Remove Programs" in the "Control Panel" and look for any Wintools entry. Uninstall it.
  • Open a command prompt by clicking on "Start" => "Run" and type in "cmd" and click on "OK". At the prompt, type regsvr32 /u /s "C:\Program Files\Toolbar\toolbar.dll" (Quotation marks must be typed in on the preceeding command) then <ENTER>.
  • Type exit to close the command prompt window.
  • Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":
    • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50188
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50188

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50188
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
      R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
      O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
      O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
      O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
      O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

      O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...88/QDow_AS2.cab
  • Delete the following folders:C:\Program Files\Common Files\WinTools
    C:\Program Files\Toolbar
  • Reenable System restore as per the instructions here.
  • Reboot and sign in as per normal and post a new HijackThis log .
[/LIST]
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#10 OptimusDigger

OptimusDigger

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 27 August 2004 - 07:14 PM

Here's the Hijack this file.

Some of the stuff I was supposed to delete wasn't there but I did everything else and so far it looks like everything worked well. Much obliged.


Logfile of HijackThis v1.97.7
Scan saved at 8:12:47 PM, on 8/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\George Jr\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button