• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Nikos

Major Problems with Computer/Internet

12 posts in this topic

For the past 4/5 days I have been having major problems with my computer.

 

My Internet seems to be the source of the problem, everytime I open it up it slows down my computer in general and the BROWSWER windows tend to freeze up on any large websites, sometimes not large ones.

 

I ran all my virus checkers, and SPYWARE (Spybot and Ad-Ware) and I still get the same problems.

 

At times I will open a webpage, it will just cause a BLANK WHITE screen int he browswer, then maybe like 3 min later pop up like normal. Meanwhile it seems to slow down my computer operations and in general.

 

This has been happening since Thursday, and on Saturday everything happened to work perfectly for half a day, then BAM! Back to freezing and making me have to re-start my computer just to use the web for 10 min or so before it freezes.

 

I really am growing frustrated with how it just keeps freezing and also lately pop-ups have been going up despite my running spyware......

 

I notice the computer was slow a week or so ago as well, but not this bad. It seem to have gotten worse when I installed Norton Anti-virus etc....

 

Everytime I try to use the net it pops up all these messages about whether I want to BLOCk or PERMIT interet access every 5 seconds......

 

Here is my logfile, if anyone can give me any insight on the problem it would be much appreciated.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 10:49:00 PM, on 6/21/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security Professional\NISUM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rehphl.exe

C:\WINDOWS\atbfm.exe

C:\WINDOWS\WAST.exe

C:\WINDOWS\System32\SahAgent.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\AWS\WeatherBug\Weather.EXE

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\default\LOCALS~1\Temp\Rar$EX00.565\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRAM FILES\LYCOS\IEAGENT\CSIE.DLL (file missing)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH13218.DLL (file missing)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\System32\windec33.dll

O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM32\stlbdist.DLL

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL

O2 - BHO: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM32\stlbdist.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll

O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINDOWS\System32\windec33.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [tjjmbi] C:\WINDOWS\System32\rehphl.exe

O4 - HKLM\..\Run: [xttim] C:\WINDOWS\atbfm.exe

O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\websearch\System\Temp\topr1150_script0.htm

O9 - Extra button: Sidesearch (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: DigiChat Applet - http://host6.digichat.com/DigiChat/DigiClasses/Client_IE.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/emCraft1.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://download.websearch.com/Dnl/T_50099/QDow.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mmed.cab

Share this post


Link to post
Share on other sites

I also cleared my INTERNET CACHE and that did absolutely nothing.

 

I have Google Sidebar by choice. And there seems to be some extra searches/spyware I didnt want -- but I dont know how to get rid of.

 

:(

Share this post


Link to post
Share on other sites

One MAJOR problem you have is you are several Critical Updates behind from Windows Updates..these are very important to patching your system and keeping Sasser and other baddies off of your computer. Go to Windows Update and get all CRITICAL Updates.

 

First and foremost you have a CWS infection so...

Please Download CWShredder from HERE .Close all other windows and run the Program. Press the "Fix Button" Let it fix all variants. Next, Close the program and Post a Fresh HijackThis log. Please re-download if you already have this. Make sure you have the latest version!

CWShredder will NOT work with IE/OE/Chat/etc. open; so it very important to make sure CWShredder is the only thing running.

 

 

Now download Ad-Aware at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, FIRST update the reference file following these instructions. (I realize you already have AAW but please follow direction from this point as the default settings are less effective shall we say; then these) On the main AdAware screen hit the Check for Updates, hit the 'Connect' key; it will then connect, check for then ask if you want to download latest Ref. files (if one is available), accept. Once downloaded hit "Finish" (Green Checkmark)

 

Now do the following:

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

 

Then go here download Spybot S&D. Install Spybot, close all other windows and run it. If you have it already make sure it is version 1.3ALWAYS use the search for update button when you first open Spybot. Let Spybot download and install any updates it finds..Now you are ready to click the Check for problems button. After the search completes let Spybot fix any entries marked in RED

 

You'll need to turn off the System Restore. It may have a copy of the virus. This can be done by following the instructions of your OS at http://www.vet.com.au/html/zoo/system_restore.htm.

Run an online virus scan at Housecall and/or Panda Online. Please note any virus found and report back with new log.

 

Lastly Reboot and post a fresh log back to this thread.

 

Now that we've got you cleaned up a bit we'll work on getting rid of Wintools and anything else left.

Share this post


Link to post
Share on other sites

I ran the AD-WARE, CWS Shredder and my Internet seems to be working OK now.

 

But I ran the virus test online @ Trend Micro and it picked up a lot of infected files (non-cleanable)

 

BKDR.SANDBOX.A and TROJ STILEN.A, TROJ SMALL.IL in my Windows Temp and SYSTEM Folders......... 22 total..........between the three.

 

I never picked these up with Norton either (which ironically slowed my cpu down since I installed it).

 

I couldnt do the windows update yet cause I still didnt register my XP yet(I used an old serial # but it didnt work on my machine at school, and I forgot the package at home -- so I cant do anything with that for a few days).

 

What can I do now?

Edited by Nikos

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 8:00:37 PM, on 6/22/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security Professional\NISUM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rehphl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\AWS\WeatherBug\Weather.EXE

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\default\LOCALS~1\Temp\Rar$EX00.573\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [tjjmbi] C:\WINDOWS\System32\rehphl.exe

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\websearch\System\Temp\topr1150_script0.htm

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: DigiChat Applet - http://host6.digichat.com/DigiChat/DigiClasses/Client_IE.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

Share this post


Link to post
Share on other sites

Move HijackThis to it's own permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

 

Reboot to safe mode

(instructions).

Use Ctrl+Alt+Del to 'End Task" on any Wintools that is running.

Open your Control Panel>Add/Remove>Uninstall Wintools>The compuer will want to restart; let it.

Once restarted; fire up HJT again and :...

 

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\System32\rehphl.exe

 

Put a check next to these in hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <---Optional but barely I STRONGLY recommended you remove it.

O4 - HKLM\..\Run: [tjjmbi] C:\WINDOWS\System32\rehphl.exe

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <---Optional but Highly recommended to remove not needed at start and huge resource hog

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\websearch\System\Temp\topr1150_script0.htm

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

-IEPlugin

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

-Roings Search Hijacker

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

 

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-

C:\Program Files\Common files\WinTools\ <----ENTIRE FOLDER!!

C:\Program Files\Common files\WinTools\ <----ENTIRE FOLDER!!

C:\Program Files\zSearch\ <----ENTIRE FOLDER!!

C:\Program Files\TV Media\ <----ENTIRE FOLDER!!

C:\Program Files\websearch\ <----ENTIRE FOLDER!!

C:\Program Files\Viewpoint\ <---Optional, only delete if removed above in 04) <----ENTIRE FOLDER!!

C:\WINDOWS\ARUpdate.exe

C:\WINDOWS\System32\idctup20.exe

C:\WINDOWS\System32\bridge.dll

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

[*]C:\Windows\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

[*]Empty your "Recycle Bin"

****Note if you chose to remove Viewpoint Media Player uninstall from Add/Remove also.******

 

With all of those Virii you'll need to flush out the System Restore. It may have a copy of the virus. This can be done by following the instructions of your OS at http://www.vet.com.au/html/zoo/system_restore.htm.

Just turn Restore off Reboot turn it back on Reboot

 

Post a mew HijackThis log

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 1:27:41 AM, on 6/23/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security Professional\NISUM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\AWS\WeatherBug\Weather.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\default\LOCALS~1\Temp\Rar$EX00.972\HijackThis.exe

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: DigiChat Applet - http://host6.digichat.com/DigiChat/DigiClasses/Client_IE.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

As an aside I couldnt find a few things

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

 

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

 

 

ALSO....

 

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

 

(the above I couldnt find the exact terms/folder names or MY PROFILE name for that matter wasnt there)

 

And lastly WINTOOLS seem to be deleted int he processes when i went into safe mode to begin with so I just deleted the folder towards the end and i think that was it.....

 

Also I turned off restore point.

 

Now what?

 

Thanks

Share this post


Link to post
Share on other sites

Nikos;

(In order)

It's not unusual to not be able to find a entry or two when you re rum HJT ..the one you couldn't find are no worry.

 

C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\

is going to be---> C:\Documents and Settings\Nikos' username\Local Settings\Temporary Internet Files\

 

Yes Wintools is gone

 

Make sure System Restore is now back ON

IF you want you can run HJT again and fix this one entry : O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file) <--- the 'no file' means it just a useless empty entry.

 

You REALLY need to get to Windows Updates and get all Critical Updates

 

THEN: -----> Congratulations, your log is clean.

 

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

 

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

 

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

 

More info and download is available at link in my signature

 

And also see TonyKlein's good advice in

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0