• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
rose0295

Hijackthis Log

2 posts in this topic

Hi,

P.C. was all screwed up. I ran Ad-Aware....seems to be a little better.

Can someone help with my log?

Thanks so much!

 

Logfile of HijackThis v1.98.0

Scan saved at 7:05:37 PM, on 7/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\windoc.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\WindUpdates\WinUpdt.exe

C:\WINDOWS\System32\uzouxl.exe

C:\Program Files\WindUpdates\WinKA.exe

C:\WINDOWS\goidr.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\WINDOWS\System32\ZoneLabs\isafe.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Web_Rebates\WebRebates1.exe

C:\Program Files\Web_Rebates\WebRebates0.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50142

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50142

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus7.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50142

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/yessent...?.redir=ymmapi9

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

N3 - Netscape 7: user_pref("browser.startup.homepage","contexualsearch.com");\nuser_pref("browser.startup.page","); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\lw9qsn3a.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\lw9qsn3a.slt\prefs.js)

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Microsoft Update] windoc.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [yyobwi] C:\WINDOWS\System32\uzouxl.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [goidr] C:\WINDOWS\goidr.exe

O4 - HKLM\..\Run: [upytapcx] C:\WINDOWS\upytapcx.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [spyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe

O4 - HKLM\..\RunServices: [Microsoft Update] windoc.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Microsoft Update] windoc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB153A05-0630-47A8-AD7C-B4E3C73904EB}: NameServer = 151.197.0.39 151.197.0.38

Share this post


Link to post
Share on other sites

Hello,

 

NOTE: Please print a copy of these instructions because you will be working in Safe Mode and/or with all windows closed except HijackThis.

 

Right now you have HijackThis in a temporary folder. Please create a new folder on the C: drive and name it C:\HJT or something similar. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select "New" then "Folder" and name it HJT. Next, right click on the program, HijackThis.exe and select "cut." Then, open the new folder, right click on a blank space and select "paste." HijackThis will now be in its new folder.

 

Now, boot into Safe Mode......

 

Reboot into safe mode, this way:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Also, enable the ”Show Hidden Files and Folders” option:

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Next, go to Add/Remove Programs in your Control Panel and uninstall WinTools, HuntBar, TV Media, Websearch, and WebRebates as well as any other "search" program or "Toolbar" program that may look dubious, especially if you did not intentionally install it.

 

You are also running Wild Tangent. If you installed it on purpose, I recommend that you remove it unless you feel it's something you really want and need. If you didn't install it deliberately, then definitely get rid of it.... To do so, go to Add/Remove Programs and remove it there. Also, go to your Control Panel and delete the Wild Tangent icon there. Remove the associated items in RED below.

 

You are also running SpyBlocs, which is on the list of rogue anti-spyware....

http://www.spywarewarrior.com/rogue_anti-spyware.htm

I strongly suggest that you remove this program in Add/Remove Programs, and also remove the associated items in RED below.

 

Run HijackThis in Safe Mode and place a check mark next to the following items. Then, WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50142

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50142

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus7.hpwis.com/

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50142

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O1 - Hosts: 69.20.16.183 ieautosearch

 

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

 

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

 

O4 - HKLM\..\Run: [Microsoft Update] windoc.exe

 

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

 

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

 

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

 

O4 - HKLM\..\Run: [yyobwi] C:\WINDOWS\System32\uzouxl.exe

 

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

 

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

 

O4 - HKLM\..\Run: [goidr] C:\WINDOWS\goidr.exe

 

O4 - HKLM\..\Run: [upytapcx] C:\WINDOWS\upytapcx.exe

 

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

 

O4 - HKLM\..\Run: [spyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe

 

O4 - HKLM\..\RunServices: [Microsoft Update] windoc.exe

 

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

 

O4 - HKCU\..\Run: [Microsoft Update] windoc.exe

 

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

 

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

 

Remain in Safe Mode....

 

Now, search for, and delete if found, (some files may not be present after previous steps) the following:

 

C:\Windows\Creator\ < folder

 

windoc.exe < file

 

C:\Program Files\WildTangent\ < folder

 

C:\Program Files\WindUpdates\ < folder

 

C:\WINDOWS\System32\uzouxl.exe < file

 

C:\Program Files\Web_Rebates\ < folder

 

C:\WINDOWS\alchem.exe < file

 

C:\WINDOWS\goidr.exe < file

 

C:\WINDOWS\upytapcx.exe < file

 

C:\Program Files\Common Files\WinTools\

 

C:\Program Files\SpyBlocs\

 

C:\Program Files\TV Media\ < folder

 

Still in Safe Mode.....

 

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example:

 

C:\WINDOWS\Temp\

 

C:\Temp\

 

C:\Documents and Settings\username\Local Settings\Temp\

 

Also delete your Temporary Internet Files, be sure to also select "delete all offline content."

 

Empty your Recycle Bin.

 

Reboot into normal mode.

 

Proceed to the Windows Update site (see link below) download and install ALL critical updates.

 

Reboot when finished.

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, reboot into Safe Mode, scan and fix all RED items it finds. Reboot into normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus and Trojan scans, using the links in my signature below. Allow the programs to delete all that they may find. Reboot after each scan.

 

Scan with HijackThis and post a fresh log into this same thread as there will be a bit more to do.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0