1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hi-jack this log, please help

Discussion in 'Windows XP' started by hazzarduk1, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. hazzarduk1

    hazzarduk1 Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    240
    Logfile of HijackThis v1.97.7
    Scan saved at 19:41:22, on 21/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\tjqprjod.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\wjview.exe
    C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe
    C:\fishsim2\fishsim2.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\windows\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.ntlhome.com/
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
    O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
    O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
    O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
    O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B08435-CABB-4723-BF91-1A7034B5D115}: NameServer = 194.168.4.100 194.168.8.100
     
  2. tnik

    tnik

    Joined:
    Aug 2, 2003
    Messages:
    735
    what seems to be the problem? It looks like you might have a virus, these four entries look suspicious..
    O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll

    O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
    O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
    O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe

    my advice would be to reboot your computer in safemode w/ networking and goto an online virus scan like http://housecall.trendmicro.com
     
  3. hazzarduk1

    hazzarduk1 Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    240
    im not sure jus alot of things been acting strangely... earlier i got 109 results in ad-aware, ran spybot S-D got another 4.

    main problem is if i spell website wrong it goes to lycos search auto maticly.. sometimes it just changed to lycos search by iteself
     
  4. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,947
    First Name:
    James
    Run HJT and check these for fixin'
    O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
    O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
    O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
    O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r

    You will need to run CWShredder too to get rid of the CoolWebSearch variants.
     
  5. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,947
    First Name:
    James
    Make sure you reboot into safe mode and delete the .EXE files.

    In fact for the Ebates one simply delete the Ebates folder
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222631

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice