1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Hjt Log

Discussion in 'Virus & Other Malware Removal' started by rez410, Jan 28, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    Can someone take a look at my log? I ran ad-aware, spybot, and vast already.

    Logfile of HijackThis v1.99.0
    Scan saved at 2:28:48 PM, on 1/28/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wupdmngr32.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\System32\navprotect.exe
    C:\WINDOWS\System32\winusb.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\ijttfl.exe
    C:\WINDOWS\System32\spoolvse.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\mcafeshield.exe
    C:\WINDOWS\System32\navupdaters.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtisp.com/start
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.197.153.197 idenupdate.motorola.com
    O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\Run: [msproject] C:\WINDOWS\System32\winusb.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DfcICqGx] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [0H0TbZRF] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [start extracting] spoolvse.exe
    O4 - HKLM\..\Run: [¢‰¸u0–4C
    }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [start extracting] spoolvse.exe
    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008ABUS_ZSzeb00847US
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O23 - Service: ivr - Unknown - C:\WINDOWS\System32\wupdmngr32.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: CTI Central Management - Unknown - C:\WINDOWS\cti.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: regdll - Unknown - C:\WINDOWS\System32\regdll.exe
    O23 - Service: zzzxDeMe - Unknown - C:\WINDOWS\System32\zzzx3mwp.exe
    O23 - Service: zzzxIPSPEC - Unknown - C:\WINDOWS\System32\zzzxeitn.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Print this out

    Run

    Istsvc http://securityresponse.symantec.com/avcenter/FxIstbar.exe

    From Symantec
    Note:
    · The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
    · The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.
    · The removal tool will reset the Internet start page to a blank page. The start page can be modified by clicking on Tools > Internet Options in Internet Explorer.
    · The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files.
    These can be manually deleted using the following steps:
    a. Start Internet Explorer.
    b. Click Tools > Internet Options.
    c. In the Temporary Internet Files section, then click the Delete Files button.
    d. Check Delete all offline content, and then click OK.
    Boot to safe mode and fix


    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

    O4 - HKLM\..\Run: [msproject] C:\WINDOWS\System32\winusb.exe

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - HKLM\..\Run: [DfcICqGx] C:\WINDOWS\ijttfl.exe
    O4 - HKLM\..\Run: [0H0TbZRF] C:\WINDOWS\ijttfl.exe

    O4 - HKLM\..\Run: [start extracting] spoolvse.exe

    O4 - HKLM\..\Run: [¢‰¸u0–4C
    }ïÁz î[ 8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú" ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú" ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

    O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe

    O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe

    O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú" ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

    O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe

    O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe

    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe

    O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe

    O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [start extracting] spoolvse.exe

    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe

    O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe

    O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O4 - Startup: PowerReg Scheduler V3.exe

    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...US_ZSzeb00847US

    O23 - Service: regdll - Unknown - C:\WINDOWS\System32\regdll.exe

    O23 - Service: zzzxDeMe - Unknown - C:\WINDOWS\System32\zzzx3mwp.exe

    O23 - Service: zzzxIPSPEC - Unknown - C:\WINDOWS\System32\zzzxeitn.exe


    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files
    C:\WINDOWS\System32\zzzx3mwp.exe
    C:\WINDOWS\System32\zzzxeitn.exe
    C:\WINDOWS\System32\winusb.exe
    C:\WINDOWS\ijttfl.exe

    Delete these folders
    C:\Program Files\MyWebSearch
    C:\Program Files\ISTsvc
    C:\Program Files\WildTangent


    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  3. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok i will do that when i get off.
    What is it that i will be downloading?
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    The one link at the top
     
  5. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    yea i was wondering what that is? and by me going online to DL that will i get any other viruses just by being online? b/c i havent been online since i started getting rid of all the viruses
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Look, I am not directing you to a false link - If you want help follow the advice or fix it yourself! I don't have close to 5000 post if the mods saw me sending people to bad links.

    It took a lot of effort to outline your problems, I do not appreciate the response!
     
  7. rez410

    rez410 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    163
    MFDnSc,

    I really was not worried that you were sending me to a bad link. I was just curious what that was. I guess it was the way i typed it. I am very thankful that you went over my log and are helping with my problem. Please dont think i was doubting you. The reason i was saying that was b/c i didnt have any anti-virus until earlier and i didnt want my log to change or get worse. Please except my appology for the misunderstanding
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    OK, please do as I posted, I gave you a link to a tool to fix your problems. It is from the folks at Norton so you should know it is a clean link
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324458

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice