• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
Kristiner711

ProSearching.com Has Taken Over

15 posts in this topic

Here Is My LogFile I Don't Know What To Remove...THANKS!

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:23:47 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O5AHWTCJ\HijackThis[1].exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/index....p://google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = coxnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: load=C:\OPLIMIT\ocraware.exe

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {4BCF322B-9621-4e90-9678-F1424EB7584E} - C:\WINDOWS\udpmod.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe

O4 - HKLM\..\Run: [vpsuqmym] C:\WINDOWS\uduirlnl.exe

O4 - HKLM\..\Run: [rzkgotpu] C:\WINDOWS\uzfzuqxp.exe

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\iuzklfkl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PVCJPWG] C:\WINDOWS\PVCJPWG.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [vsl] C:\WINDOWS\vsl.exe

O4 - HKLM\..\Run: [bodyPhone] C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://directplugin.com/tl7000.dll

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

I AM Getting Tons OF PopUps With It, and a Toolbar, weird programs installed, I hae been using spybot search and destroy and it did not have any new findings today, yet im still having problems...Should've said that before...thanks

Share this post


Link to post
Share on other sites

I'm looking over your log to see what needs to be done.

 

In the meantime, create a new folder/directory called C:\HJT and move HijackThis to it. You were running it directly from the zip file which is not a good idea (it can't create backups if you do that).

 

A couple of questions:

 

(1) Is your version of Spybot 1.2 or 1.3? If it's 1.2, you'll need to download the new version.

 

(2) Did you use Ad-Aware?

 

-- LB

Share this post


Link to post
Share on other sites

OK...I Have SpyBot 1.2 not 1.3, I didn't use ad-aware, I moved HijackThis To A New Folder and Thats it right now, how do i get 1.3 when i cehck for updats in the one i have it doesn t tell me about 1.3?

Thanks for responding so quickly!~

Share this post


Link to post
Share on other sites

Click here for the latest version (1.3) of Spybot S&D.

 

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

 

Install the program and launch it.

 

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

 

Next, we need to configure Ad-aware for a full scan.

 

icon11.gif Click on the Gear icon (second from the left) to access the preferences/settings window

 

1. In the General window make sure the following are selected:

  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives

icon11.gif Click on the Advanced button on the left and select:

  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details

icon11.gif Click the Tweak button and select:

  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile

    [*]Under the Cleaning Engine:

    • Let Windows remove files in use at next reboot

icon11.gif Click on Proceed to save the settings.

 

icon11.gif Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

  • Use Custom Scanning Options

icon11.gif Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

 

icon11.gif Save the log file when it asks and then click Finish

 

icon11.gif When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

 

icon11.gifReboot your computer and post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

Here's The New Log...The Stupid Prosearching thing changed my webpage again and gave me a searchbar, i dont think we got that far anyway...

 

Anyway here It Is:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:29:16 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AOL Companion\companion.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/index....B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = coxnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: load=C:\OPLIMIT\ocraware.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {4BCF322B-9621-4e90-9678-F1424EB7584E} - C:\WINDOWS\udpmod.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe

O4 - HKLM\..\Run: [vpsuqmym] C:\WINDOWS\uduirlnl.exe

O4 - HKLM\..\Run: [rzkgotpu] C:\WINDOWS\uzfzuqxp.exe

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PVCJPWG] C:\WINDOWS\PVCJPWG.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [vsl] C:\WINDOWS\vsl.exe

O4 - HKLM\..\Run: [bodyPhone] C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Still here.... having to deal with spotty internet access and an unknown startup file.

 

Go back into HijackThis and, with all browser windows closed, fix the following:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/index....B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4BCF322B-9621-4e90-9678-F1424EB7584E} - C:\WINDOWS\udpmod.dll

O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe

O4 - HKLM\..\Run: [vpsuqmym] C:\WINDOWS\uduirlnl.exe

O4 - HKLM\..\Run: [rzkgotpu] C:\WINDOWS\uzfzuqxp.exe

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O4 - HKLM\..\Run: [PVCJPWG] C:\WINDOWS\PVCJPWG.exe

O4 - HKLM\..\Run: [vsl] C:\WINDOWS\vsl.exe

O4 - HKLM\..\Run: [bodyPhone] C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

 

Next, change setting to view hidden files (click here to find out how to do this).

 

Then reboot/restart in safe mode by repeatedly hitting F8 while booting until you come to a menu. Choose Safe Mode from this menu.

 

Once you're there, delete the following files:

 

C:\WINDOWS\av.exe

C:\WINDOWS\uduirlnl.exe

C:\WINDOWS\uzfzuqxp.exe

C:\PROGRA~1\ENC TWO HOLE\pingprogram.exe

C:\WINDOWS\PVCJPWG.exe

 

Find the following file:

 

C:\WINDOWS\vsl.exe

 

right-click on it and choose properties. Click on the version tab and write down the value for each of the item names in "Other version information". Report back with what you found.

 

Finally, reboot and post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

Ok So I Didn't Find Any Of Those Files When I Looked and I Couldn't Use The Internet in Safemode so I don't kno what to do now, theres an invalid backweb alert when i reboot but that was there the whole time and there are all backup 2004 files on the desktop that just came from nowhere. But besides all that i made a new log anyway and here it is, thanks for all your help i really appreciate it... ~Kristina

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:37:10 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Messenger\msmsgs.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = coxnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F1 - win.ini: load=C:\OPLIMIT\ocraware.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Those files on your desktop that "came out of nowhere" are the backup files created by HijackThis. If you haven't done so, create that directory I mentioned earlier and move HijackThis and all of the backup files to it.

 

As for those files you couldn't find, those files don't show up in the running process list or in the startup (O4) items so you should be OK.

 

Your log looks much better, but I'll have the experts check to make sure.

 

-- LB

Share this post


Link to post
Share on other sites

Thank You very Much for Your Help...I did make A Folder Title HJT like you said...I didn't kno it made backup folders on the desktop, sorry i should've known...I;m not on the compute rwith the peoblem right now so i cant check it again, im on my mac, thankfully i dont have many problems, So I'll get to it again tomorrow, thanks again!

Share this post


Link to post
Share on other sites

There's still some stuff that needs to go.

 

Go back into HijackThis and remove the following:

 

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

 

These next 2 items are optional removals, but should be removed anyway:

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

 

The 1'st item is a resource hog and the 2'nd one will stop those "Invalid Backweb" alerts.

 

After doing this, reboot and post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0