Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

HiJack Log - Need Help!!

(New)
(!)

bernard8's Avatar
bernard8 bernard8 is offline
Junior Member with 21 posts.
THREAD STARTER
 
Join Date: Oct 2004
Experience: Intermediate
11-Oct-2004, 03:12 PM #1
HiJack Log - Need Help!!
Hello out there...I need help...I can't open Control Panel, My Computer, My Network Places, etc....system will refresh instead.

Here is my log....any help would be very appreciated!!

Logfile of HijackThis v1.98.2
Scan saved at 1:12:27 PM, on 10/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\?ttrib.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Century\TinyTERM\tt.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Pixel Translations\PixUtil\PIXUTIL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastseeker.com/search.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32DA380B-E268-4EC4-8124-61550C85204D} - C:\WINDOWS\System32\rwekmmf.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O4 - HKLM\..\Run: [Scan Panel] "C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe" /Stay
O4 - HKLM\..\Run: [jUsCULbH] C:\documents and settings\camaro\local settings\temp\jUsCULbH.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rgbvr] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm087
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093893892078
O16 - DPF: {6EB21964-9353-4467-94D2-72009261C974} (Socket Class) - http://www.telechat.com/tsock.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.officeally.com/XUpload.ocx
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
11-Oct-2004, 04:25 PM #2
Before we proceed, download, unzip and have convenient the following files:

1 > coolwebshredder: http://www.computercops.biz/downloads-cat-14.html
2 > about:buster: http://www.downloads.subratam.org/AboutBuster.zip
3 > getservice.zip: http://forums.techguy.org/attachment...chmentid=38367
4 > CWS service remover: http://forums.techguy.org/attachment...chmentid=38507
5 > Hoster: http://members.aol.com/toadbee/hoster.zip

>>> For starters, unzip getservice.zip to its own folder and run getservices.bat and upload the text file it creates here as an attachment. Include another HijackThis scanlog in case something has "morphed"

Also move HijackThis into a permanent folder of its own, preferably in MyDocuments, since we will be deleting temporary folder contents as part of the cleanup.
bernard8's Avatar
bernard8 bernard8 is offline
Junior Member with 21 posts.
THREAD STARTER
 
Join Date: Oct 2004
Experience: Intermediate
11-Oct-2004, 04:52 PM #3
ok, i have downloaded all of these here is the updated hijack log...

Logfile of HijackThis v1.98.2
Scan saved at 2:54:34 PM, on 10/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\?ttrib.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastseeker.com/search.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32DA380B-E268-4EC4-8124-61550C85204D} - C:\WINDOWS\System32\rwekmmf.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O4 - HKLM\..\Run: [Scan Panel] "C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe" /Stay
O4 - HKLM\..\Run: [jUsCULbH] C:\documents and settings\camaro\local settings\temp\jUsCULbH.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rgbvr] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093893892078
O16 - DPF: {6EB21964-9353-4467-94D2-72009261C974} (Socket Class) - http://www.telechat.com/tsock.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.officeally.com/XUpload.ocx

Let me know what else I can do...thank you so much for the help!!
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
11-Oct-2004, 06:07 PM #4
I need you to run the "getservices.bat" file and upload the text file it produces as an attachment.

But follow these directions now anyway:

Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.computercops.biz/downloads-cat-14.html

Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT...01052409420406

2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastseeker.com/search.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll

O2 - BHO: (no name) - {32DA380B-E268-4EC4-8124-61550C85204D} - C:\WINDOWS\System32\rwekmmf.dll (file missing)

O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll

O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll

O4 - HKLM\..\Run: [jUsCULbH] C:\documents and settings\camaro\local settings\temp\jUsCULbH.exe

O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe

^^ delete the "system32" folder in C:\program Files. This is NOT c:\windows\system32 >> don't touch that.

O4 - HKCU\..\Run: [Rgbvr] C:\WINDOWS\System32\?ttrib.exe

^^ delete the FILE ?ttrib.exe in c:\windows\system32

Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them

>> reboot and post a new Scanlog. Let me know if you are still having problems.

Last edited by Rollin' Rog; 11-Oct-2004 at 06:12 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑