My Hjt Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rez410

Thread Starter
Joined
Dec 28, 2004
Messages
163
Can someone take a look at my log? I ran ad-aware, spybot, and vast already.

Logfile of HijackThis v1.99.0
Scan saved at 2:28:48 PM, on 1/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wupdmngr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\navprotect.exe
C:\WINDOWS\System32\winusb.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\ijttfl.exe
C:\WINDOWS\System32\spoolvse.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\mcafeshield.exe
C:\WINDOWS\System32\navupdaters.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtisp.com/start
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.197.153.197 idenupdate.motorola.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\Run: [msproject] C:\WINDOWS\System32\winusb.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DfcICqGx] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [0H0TbZRF] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008ABUS_ZSzeb00847US
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O23 - Service: ivr - Unknown - C:\WINDOWS\System32\wupdmngr32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CTI Central Management - Unknown - C:\WINDOWS\cti.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: regdll - Unknown - C:\WINDOWS\System32\regdll.exe
O23 - Service: zzzxDeMe - Unknown - C:\WINDOWS\System32\zzzx3mwp.exe
O23 - Service: zzzxIPSPEC - Unknown - C:\WINDOWS\System32\zzzxeitn.exe
 
Joined
Sep 7, 2004
Messages
49,014
Print this out

Run

Istsvc http://securityresponse.symantec.com/avcenter/FxIstbar.exe

From Symantec
Note:
· The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
· The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.
· The removal tool will reset the Internet start page to a blank page. The start page can be modified by clicking on Tools > Internet Options in Internet Explorer.
· The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files.
These can be manually deleted using the following steps:
a. Start Internet Explorer.
b. Click Tools > Internet Options.
c. In the Temporary Internet Files section, then click the Delete Files button.
d. Check Delete all offline content, and then click OK.
Boot to safe mode and fix


R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [msproject] C:\WINDOWS\System32\winusb.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [DfcICqGx] C:\WINDOWS\ijttfl.exe
O4 - HKLM\..\Run: [0H0TbZRF] C:\WINDOWS\ijttfl.exe

O4 - HKLM\..\Run: [start extracting] spoolvse.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁz î[ 8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú" ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú" ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú" ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ijttfl.exe

O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe

O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe

O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe

O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [start extracting] spoolvse.exe

O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe

O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...US_ZSzeb00847US

O23 - Service: regdll - Unknown - C:\WINDOWS\System32\regdll.exe

O23 - Service: zzzxDeMe - Unknown - C:\WINDOWS\System32\zzzx3mwp.exe

O23 - Service: zzzxIPSPEC - Unknown - C:\WINDOWS\System32\zzzxeitn.exe


View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files
C:\WINDOWS\System32\zzzx3mwp.exe
C:\WINDOWS\System32\zzzxeitn.exe
C:\WINDOWS\System32\winusb.exe
C:\WINDOWS\ijttfl.exe

Delete these folders
C:\Program Files\MyWebSearch
C:\Program Files\ISTsvc
C:\Program Files\WildTangent


START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin
Boot and post a new log
 

rez410

Thread Starter
Joined
Dec 28, 2004
Messages
163
ok i will do that when i get off.
What is it that i will be downloading?
 

rez410

Thread Starter
Joined
Dec 28, 2004
Messages
163
yea i was wondering what that is? and by me going online to DL that will i get any other viruses just by being online? b/c i havent been online since i started getting rid of all the viruses
 
Joined
Sep 7, 2004
Messages
49,014
Look, I am not directing you to a false link - If you want help follow the advice or fix it yourself! I don't have close to 5000 post if the mods saw me sending people to bad links.

It took a lot of effort to outline your problems, I do not appreciate the response!
 

rez410

Thread Starter
Joined
Dec 28, 2004
Messages
163
MFDnSc,

I really was not worried that you were sending me to a bad link. I was just curious what that was. I guess it was the way i typed it. I am very thankful that you went over my log and are helping with my problem. Please dont think i was doubting you. The reason i was saying that was b/c i didnt have any anti-virus until earlier and i didnt want my log to change or get worse. Please except my appology for the misunderstanding
 
Joined
Sep 7, 2004
Messages
49,014
rez410 said:
MFDnSc,

I really was not worried that you were sending me to a bad link. I was just curious what that was. I guess it was the way i typed it. I am very thankful that you went over my log and are helping with my problem. Please dont think i was doubting you. The reason i was saying that was b/c i didnt have any anti-virus until earlier and i didnt want my log to change or get worse. Please except my appology for the misunderstanding
OK, please do as I posted, I gave you a link to a tool to fix your problems. It is from the folks at Norton so you should know it is a clean link
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top