Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Clicksearchclick HELP FOR THE LOVE OF GOD![CLOSED]


  • This topic is locked This topic is locked

#1
leviathan-pheonix

leviathan-pheonix

    Member

  • Member
  • PipPip
  • 11 posts
help me pls , this clicksearchclick thing is driving me crazy,





Logfile of HijackThis v1.99.1
Scan saved at 7:57:49 PM, on 6/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\msxct.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\windows\system32\hchdkrk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Services\{99654FE6-33C6-4482-9F65-5C5E0BE8A084}\SVCHOST.EXE
C:\Documents and Settings\Donald White\Desktop\dave\spyware protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ner0 Check] Ner0Check.exe
O4 - HKLM\..\Run: [EA33WKw5A] C:\WINDOWS\kjhenv.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [bO\y-] C:\WINDOWS\kjhenv.exe
O4 - HKLM\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - HKLM\..\Run: [Scfla] C:\Program Files\Fkiv\Osoed.exe
O4 - HKLM\..\Run: [bO/G%)fNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kjhenv.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.0\bin\jusched.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [cxjiydv] c:\windows\system32\hchdkrk.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{99654FE6-33C6-4482-9F65-5C5E0BE8A084}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{99654FE6-33C6-4482-9F65-5C5E0BE8A084}\SECURITY.EXE
O4 - HKLM\..\RunServices: [Ner0 Check] Ner0Check.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] scvhost.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8D676065-140F-4331-8978-6433EA61771D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D676065-140F-4331-8978-6433EA61771D} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3D5B52-DB49-4226-B0E6-049B5AC5FD7A}: NameServer = 198.164.30.2 198.164.4.2
O21 - SSODL: System - {612342E0-CBE8-4F4D-BF47-A048ED9725F3} - vr_sys.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)





i would greatly appreciate any help you can provide , thank you for your time.
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i am not able to install it , an error occurs, the error says " setup could not verify the integrity of the file update.inf. make sure the cryptographic service is running on this computer."
once again , thank you for your time and effort

Attached Files


  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello again! The pictures you attached show your desktop in Safe Mode. Are you trying to install the XP SP1a upgrade in Safe Mode? You should not have to be in Safe Mode. You go to the site I gave you, and choose SP1a to download. Once it does, you allow it to install, reboot the computer and then post the new HJT log. You should never enter Safe Mode to do it.
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
ok, I went to Microsofts' site. Here is how they say to fix this error:

Method 2: Set Cryptographic Services to automatic
Set the Cryptographic Services to Automatic, and then try to install the program again. To set the Cryptographic Services to Automatic, follow these steps:
1. Start the Administrative Tools utility in Control Panel.
2. Double-click Services.
3. Right-click Cryptographic Services, and then click Properties.
4. Click Automatic for Startup type, and then click Start.

After you do this, please download and install the update!
  • 0

#6
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i checked and automatic is already selected , i tried the update again and it says the same message
  • 0

#7
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i appreciate your help greatly , but it might be simpler and more effecient to back my files up and reformat, let me know what you think.
  • 0

#8
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy:

~Kat~ is correct.. you need to boot to normal mode and then download the SP1a update..

Give that a try and then get back to ~Kat~..

A reformat is not necessary right at the moment.. Give the download in normal mode a try first!!

Murray
  • 0

#9
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yes i had tried that before i even tried it in safe mode , i only tried it in safe mode because it didnt work normally , thank you for your time
  • 0

#10
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Do you get an error message when trying the download in normal mode??

If so, what does it say EXACTLY??

Murray
  • 0

Advertisements


#11
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i can download it fine, the error comes up when im installing it, and yes the error comes up in normal mode, and as for what it says EXACTLY, i had posted it above, but here it is again " setup could not verify the integrity of the file update.inf. make sure the cryptographic service is running on this computer."
  • 0

#12
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Hmmm.. and you did the fix suggested by ~Kat~ already.. Very possible you have a corrupted XP setup.. Can you boot your system using the XP cd (make sure first boot device is set for cd-rom in BIOS) Go into the Recovery Console and run the Repair Option??

Murray
  • 0

#13
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
wow i only understood about half of that. but i think i wont have to do that. i was checking to see if the crypto thingy was on automatic and i noticed the path to executable is C:\WINDOWS\system32\svchost.exe -k netsvcs. i had visited another site for help before i came here and the other site told me the clicksearchclick thing was probably involved with the svchost.exe so i just deleted all svchost , so it stands to reason that if the proper svchost is responsible for running the crypto thingy. the reason it might not be working is because i deleted it. my question is, is there anyway to recover it. and yes i know this is my own stupid fault . again thx for your time.
  • 0

#14
leviathan-pheonix

leviathan-pheonix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i should probably shutup and listen to the experts right?
  • 0

#15
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Okay.. what I want you to do is put your XP cd into the cd-rom drive.. When you have done that, re-boot your system.. If BIOS is set to boot from the cd-rom first, you should get two options 1) boot from the hard-drive or, 2) Boot from the cd-rom

If you get the options, pick "boot from the hdd and come back here and tell me!!

Murray
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP