1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pc acting very strangely

Discussion in 'Earlier Versions of Windows' started by prettyold, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    My Hp Pavilion using OS WinMe has been showing signs of Trojan or virus . Lots of popups.lose my homepage (have been using Google as home page with Google toolbar). Ran AVG ,no prob,Spybot,couple of things SB said it fixed, Adaware,quite a few things ,also "fixed" then CWShredder,which asked about something in C:\\ Windows called WAST.EXE.The pc makes a little squeak and will not let me on any of the Spywareinfo forums Meanwhile the puter still acts weird. When I started up it said "OS not found". I restarted with a boot disk from"MADBOOTdisc" and it said "non-system disc,Remove and restart" ,which I did ,and it started fine. I also freeze a lot and all that bad stuff. Teenage boys use this pc ,if that is any help.
    Thanks,
    Prettyold
     
  2. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
    Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

    DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
     
  3. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    Logfile of HijackThis v1.97.7
    Scan saved at 1:53:01 PM, on 4/19/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\MY DOCUMENTS\HJ THIS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O1 - Hosts: oy
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: oy
    O1 - Hosts: com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/15283b4d66c9c7e5af21/netzip/RdxIE.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37873.5278009259
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
     
  4. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    run hjt put a check next to these then close all browsers and hit fix

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O1 - Hosts: oy
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: oy
    O1 - Hosts: com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

    restart your computer

    then post fresh log please
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,980
    First Name:
    Frank
    You said you're using AVG antivirus, but I don't see an antivirus program listed in your list of running processes. Did you turn it off before you ran a HijackThis scan?

    Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Is ScanRegistry, SystemTray, and PCHealth listed there, and are they checked? Those 3, along with StateMgr, should remain checked when using Windows ME.
     
  6. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    Logfile of HijackThis v1.97.7
    Scan saved at 5:54:11 PM, on 4/19/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\MY DOCUMENTS\HJ THIS\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37873.5278009259
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
     
  7. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    To Flavallee, Yes ,I did turn off Avg before I ran the scan. I use Startupcop and found Scanregistry and PChealth were unchecked. I checked them,but I can't find Systray. Should I panic?
     
  8. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    I missed something yesterday
    Logfile of HijackThis v1.97.7
    Scan saved at 1:58:46 PM, on 4/20/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HJ THIS\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37873.5278009259
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
     
  9. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    The pc I have been working on today seems to be doing very well,but now the second one is goofy.Logfile of HijackThis v1.97.3
    Scan saved at 9:28:16 PM, on 4/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows Feedback Panel\moebius.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\WINDOWS\TEMP\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O1 - Hosts: 208.239.76.98 Bearshare.com
    O1 - Hosts: 204.71.201.167 dailynews.yahoo.com
    O1 - Hosts: 209.170.56.239 ecomcheck.com
    O1 - Hosts: 204.71.201.139 games.yahoo.com
    O1 - Hosts: 208.209.185.11 genforum.geneology.com
    O1 - Hosts: 216.239.35.100 Google.com
    O1 - Hosts: 217.116.226.13 Kazaa.com
    O1 - Hosts: 205.139.108.2 mail.spiritone.com
    O1 - Hosts: 204.71.201.166 movies.yahoo.com
    O1 - Hosts: 209.1.14.192 news.devx.com
    O1 - Hosts: 205.139.108.20 news.spiritone.com
    O1 - Hosts: 205.180.57.82 rocketmail.com
    O1 - Hosts: 206.132.25.41 search.washingtonpost.com
    O1 - Hosts: 206.132.134.205 usnews.about.com
    O1 - Hosts: 64.246.15.43 Winmx.com
    O1 - Hosts: 206.79.247.27 www.clearstation.com
    O1 - Hosts: 198.93.32.75 www.etrade.com
    O1 - Hosts: 216.55.4.177 www.infinisource.com
    O1 - Hosts: 207.86.159.51 www.megapoint.com
    O1 - Hosts: 204.71.196.2 www.quote.com
    O1 - Hosts: 205.180.57.96 www.rocketmail.com
    O1 - Hosts: 208.219.220.25 www.scottsave.com
    O1 - Hosts: 209.119.251.34 www.stockplayer.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    O4 - Startup: WFPScheduler.lnk = ?
    O4 - Global Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_620262.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37636.6878240741
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6C19F033-E86D-4436-A047-7A6D61758F9C}: NameServer = 209.83.62.2 207.170.3.

    I realize I have used wordpad and not notepad,but I simply don't know how to change it. Sorry.If someone could tell me which stuff to fix on here I sure would appreciate it. You folks are great to help people like me ,who really do not know what we are doing. Thank you so much.

    Sincerely :)

    Prettyold
     
  10. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
    Prettyold,

    There are no virus's/trojans/malicious adware operating in that last Hijack log. Run Hijack again, check this entrie and click fix:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/

    Special Intstructions:
    The weather programs are generally safe, though some have spyware included, or they hog resources, but it's the user's choice to keep or not. However, there is no reference for desktopweather_620262.exe that I could find, several programs use the same folder 'desktop weather' , and have identifiable .exe files, but this one is not recognized. Check for the actual 'weather program' , if there isn't one, delete this entry using Hijack:

    O4 - Global Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_620262.exe

    Other than the Hijack post, what else do you feel is not right about the machine?


    :)
     
  11. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    Download AdAware 6 181 from here: http://www.lavasoftusa.com/
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    Then......

    Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    Then.........

    Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

    Then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)


    Then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

    then post another log
     
  12. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    Logfile of HijackThis v1.97.3
    Scan saved at 5:33:32 PM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows Feedback Panel\moebius.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
    C:\WINDOWS\TEMP\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O1 - Hosts: 208.239.76.98 Bearshare.com
    O1 - Hosts: 204.71.201.167 dailynews.yahoo.com
    O1 - Hosts: 209.170.56.239 ecomcheck.com
    O1 - Hosts: 204.71.201.139 games.yahoo.com
    O1 - Hosts: 208.209.185.11 genforum.geneology.com
    O1 - Hosts: 216.239.35.100 Google.com
    O1 - Hosts: 217.116.226.13 Kazaa.com
    O1 - Hosts: 205.139.108.2 mail.spiritone.com
    O1 - Hosts: 204.71.201.166 movies.yahoo.com
    O1 - Hosts: 209.1.14.192 news.devx.com
    O1 - Hosts: 205.139.108.20 news.spiritone.com
    O1 - Hosts: 205.180.57.82 rocketmail.com
    O1 - Hosts: 206.132.25.41 search.washingtonpost.com
    O1 - Hosts: 206.132.134.205 usnews.about.com
    O1 - Hosts: 64.246.15.43 Winmx.com
    O1 - Hosts: 206.79.247.27 www.clearstation.com
    O1 - Hosts: 198.93.32.75 www.etrade.com
    O1 - Hosts: 216.55.4.177 www.infinisource.com
    O1 - Hosts: 207.86.159.51 www.megapoint.com
    O1 - Hosts: 204.71.196.2 www.quote.com
    O1 - Hosts: 205.180.57.96 www.rocketmail.com
    O1 - Hosts: 208.219.220.25 www.scottsave.com
    O1 - Hosts: 209.119.251.34 www.stockplayer.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    O4 - Startup: WFPScheduler.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37636.6878240741
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6C19F033-E86D-4436-A047-7A6D61758F9C}: NameServer = 209.83.62.2 207.170.3.6
    There is no major problem with the machine,it is just a little slow and sluggish(I have dialup)and some of my settings change without apparent reason. I know I have downloaded a lot of junk,and I was afraid I had something awful.I scandisk and defrag every other weekand I am due,so maybe that will speed things up. Thank you so much for the help,Starwaves77, I'm going to try the things Lobos suggested now.

    Prettyold and thankful
     
  13. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    To Lobos, I already had Spybot and Adaware,tho I'd never done all the things you suggested . I updated both of them. The second scan with Adaware the program stopped responding,then I tried again and it froze again at 67215 files, and it showed 2 new baddies. I had to turn it off again. Then I ran that last scan and everything was fine.In Spybot ,I get,"Common Hijacker:Redirected Host google.com=216.239.35.100" and"Cool WWWSearch.SlawSearch:Redirected host google.com etc."I clicked the boxes and hit fix and get"Some problems couldn't be fixed etc" I restarted and let SB run again ,still didn't go away.Finally here is my new scan:

    Logfile of HijackThis v1.97.3
    Scan saved at 7:31:09 PM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows Feedback Panel\moebius.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
    C:\WINDOWS\TEMP\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O1 - Hosts: 204.71.201.167 dailynews.yahoo.com
    O1 - Hosts: 209.170.56.239 ecomcheck.com
    O1 - Hosts: 204.71.201.139 games.yahoo.com
    O1 - Hosts: 208.209.185.11 genforum.geneology.com
    O1 - Hosts: 216.239.35.100 Google.com
    O1 - Hosts: 217.116.226.13 Kazaa.com
    O1 - Hosts: 205.139.108.2 mail.spiritone.com
    O1 - Hosts: 204.71.201.166 movies.yahoo.com
    O1 - Hosts: 209.1.14.192 news.devx.com
    O1 - Hosts: 205.139.108.20 news.spiritone.com
    O1 - Hosts: 205.180.57.82 rocketmail.com
    O1 - Hosts: 206.132.25.41 search.washingtonpost.com
    O1 - Hosts: 206.132.134.205 usnews.about.com
    O1 - Hosts: 64.246.15.43 Winmx.com
    O1 - Hosts: 206.79.247.27 www.clearstation.com
    O1 - Hosts: 198.93.32.75 www.etrade.com
    O1 - Hosts: 216.55.4.177 www.infinisource.com
    O1 - Hosts: 207.86.159.51 www.megapoint.com
    O1 - Hosts: 204.71.196.2 www.quote.com
    O1 - Hosts: 205.180.57.96 www.rocketmail.com
    O1 - Hosts: 208.219.220.25 www.scottsave.com
    O1 - Hosts: 209.119.251.34 www.stockplayer.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    O4 - Startup: WFPScheduler.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37636.6878240741
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6C19F033-E86D-4436-A047-7A6D61758F9C}: NameServer = 209.83.62.2 207.170.3.6

    Hope I havent made anything worse. Thanks again for the help.
     
  14. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
    no you havent

    run hjt put a check next to these then close all browsers and hit fix
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O1 - Hosts: 204.71.201.167 dailynews.yahoo.com
    O1 - Hosts: 209.170.56.239 ecomcheck.com
    O1 - Hosts: 204.71.201.139 games.yahoo.com
    O1 - Hosts: 208.209.185.11 genforum.geneology.com
    O1 - Hosts: 216.239.35.100 Google.com
    O1 - Hosts: 217.116.226.13 Kazaa.com
    O1 - Hosts: 205.139.108.2 mail.spiritone.com
    O1 - Hosts: 204.71.201.166 movies.yahoo.com
    O1 - Hosts: 209.1.14.192 news.devx.com
    O1 - Hosts: 205.139.108.20 news.spiritone.com
    O1 - Hosts: 205.180.57.82 rocketmail.com
    O1 - Hosts: 206.132.25.41 search.washingtonpost.com
    O1 - Hosts: 206.132.134.205 usnews.about.com
    O1 - Hosts: 64.246.15.43 Winmx.com
    O1 - Hosts: 206.79.247.27 www.clearstation.com
    O1 - Hosts: 198.93.32.75 www.etrade.com
    O1 - Hosts: 216.55.4.177 www.infinisource.com
    O1 - Hosts: 207.86.159.51 www.megapoint.com
    O1 - Hosts: 204.71.196.2 www.quote.com
    O1 - Hosts: 205.180.57.96 www.rocketmail.com
    O1 - Hosts: 208.219.220.25 www.scottsave.com
    O1 - Hosts: 209.119.251.34 www.stockplayer.com

    post another log

    im not sure what these are do you i cant find any information on them

    C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
    C:\Program Files\Microsoft Windows Feedback Panel\moebius.exe
    O4 - Startup: WFPScheduler.lnk = ?
     
  15. prettyold

    prettyold Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    15
    Logfile of HijackThis v1.97.3
    Scan saved at 10:01:59 PM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows Feedback Panel\moebius.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\TEMP\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    O4 - Startup: WFPScheduler.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37636.6878240741
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6C19F033-E86D-4436-A047-7A6D61758F9C}: NameServer = 209.83.62.2 207.170.3.6

    I am doing a little favor for Microsoft,that is what that feedback panel stuff is.Guess Microsoft figures if they can make a computer that I can operate,anyone can.
    Thanks again.
    Prettyold
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice