Hi-jack this log, please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

hazzarduk1

Thread Starter
Joined
Aug 2, 2003
Messages
240
Logfile of HijackThis v1.97.7
Scan saved at 19:41:22, on 21/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\tjqprjod.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wjview.exe
C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe
C:\fishsim2\fishsim2.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\windows\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.ntlhome.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B08435-CABB-4723-BF91-1A7034B5D115}: NameServer = 194.168.4.100 194.168.8.100
 
Joined
Aug 2, 2003
Messages
735
what seems to be the problem? It looks like you might have a virus, these four entries look suspicious..
O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll

O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe

my advice would be to reboot your computer in safemode w/ networking and goto an online virus scan like http://housecall.trendmicro.com
 

hazzarduk1

Thread Starter
Joined
Aug 2, 2003
Messages
240
im not sure jus alot of things been acting strangely... earlier i got 109 results in ad-aware, ran spybot S-D got another 4.

main problem is if i spell website wrong it goes to lycos search auto maticly.. sometimes it just changed to lycos search by iteself
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,468
Run HJT and check these for fixin'
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r

You will need to run CWShredder too to get rid of the CoolWebSearch variants.
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,468
Make sure you reboot into safe mode and delete the .EXE files.

In fact for the Ebates one simply delete the Ebates folder
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top