TheTechGuide Forum

General Category => Software => Topic started by: Guest_Jon on June 03, 2004, 04:29:52 AM

Title: easy-search
Post by: Guest_Jon on June 03, 2004, 04:29:52 AM

Right as you request im starting a new topic so i can post my log file from hijack this in a seperate post.

I have followed all instructions in the other posts but i am still having problems as i cannot go to any page that i have bookmarked with my browser.

So any help you can give would be great. Thanks Jon

Logfile of HijackThis v1.97.7
Scan saved at 10:52:12, on 02/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\MMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\Jon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Jon\Application Data\Mozilla\Profiles\default\vd20w0bm.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [WebCam Go Sti Service Application] wbcgosvc
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd567\565696750.exe -remove
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapiit.exe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058565uk.exe (http://\"http://64.156.31.70/058565uk.exe\")
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://\"http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB\")
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/c...ontent/opuc.cab (http://\"http://office.microsoft.com/officeupdate/content/opuc.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab (http://\"http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab (http://\"http://www.mt-download.com/MediaTicketsInstaller.cab\")
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8115.3268981481 (http://\"http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38115.3268981481\")
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab (http://\"http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab\")
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab (http://\"http://www.riversoftware.net/x0ff.cab\")
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab (http://\"http://ads.adultcash.com/toolbar/bmeb.cab\")
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.21/dialer_loader/uk.cab (http://\"http://198.143.27.21/dialer_loader/uk.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://205.177.28.163/access/download/1018835.exe (http://\"http://205.177.28.163/access/download/1018835.exe\")
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB (http://\"http://www.zuvio.com/UCSearch.CAB\")
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_0_GB.cab (http://\"http://66.230.146.53/EPlugin_0_GB.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{5761EB83-7A23-47A8-97AB-8833159589E6}: NameServer = 195.92.195.95 195.92.195.94

Title: easy-search
Post by: Guest_Jon on June 03, 2004, 02:46:48 PM

Please please someone in the know please take a look at my log and help me out. I have followed what was said on the other posts and it has stopped any pop ups or dailer installs. However i need you expertees as i cannot use my book marks any more.

I really need your help as that log means nothing to me so i am stuck.

Thanks Jon

Title: easy-search
Post by: Guest_Jon on June 04, 2004, 04:35:07 PM

please anyone, if i am doing something wronge so that you will not answer(breaking a board rule) please tell me and i will change it, i started this on a new topic as the rules say not to post logs in others. I just need some advice so i can get my pc working full again. All i know is that my bookmarks dont work but thier could be something more serious in the background. If you understand how to interperate this log please please help me

TIA Jon

Title: easy-search
Post by: Guest on June 22, 2004, 04:00:49 AM

Fix these:
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe                                                                 O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd567\565696750.exe -remove                                                               O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe\")
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab (http://\"http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab (http://\"http://www.mt-download.com/MediaTicketsInstaller.cab\")
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab (http://\"http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab\")
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab (http://\"http://www.riversoftware.net/x0ff.cab\")
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab (http://\"http://ads.adultcash.com/toolbar/bmeb.cab\")
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.21/dialer_loader/uk.cab (http://\"http://198.143.27.21/dialer_loader/uk.cab\")
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB (http://\"http://www.zuvio.com/UCSearch.CAB\")

Delete this:
C:\Program Files\Common files\WinTools