Attached Files
-
hijackthis2.txt 15.69KB
150 downloads
Edited by maryb63, 12 June 2005 - 03:57 PM.
Abi, aurora, microsoft explorer
Started by
maryb63
, Jun 12 2005 03:52 PM
#1
Posted 12 June 2005 - 03:52 PM
maryb63
-
- Member
-
- 19 posts
Member
#2
Posted 12 June 2005 - 04:11 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
HI and welcome
Need you to do a few things here please, You have quite a few issues here,
First download this LSPFix unzip it to your Desktop, Don't do anything with it.
Go to Add/Remove programs and remove the following please (If found )
New.Net
WinTools
NaviSearch
BullsEye Network
Internet Optimizer
WeirdOnTheWeb
Toolbar
updmgr
GMT
CMEII
EliteToolBar
SurfSideKick
If you can not connect to the Internet after removing New.net, Please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.
Next
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this new folder please,
Post back a fresh log when done please
Need you to do a few things here please, You have quite a few issues here,
First download this LSPFix unzip it to your Desktop, Don't do anything with it.
Go to Add/Remove programs and remove the following please (If found )
New.Net
WinTools
NaviSearch
BullsEye Network
Internet Optimizer
WeirdOnTheWeb
Toolbar
updmgr
GMT
CMEII
EliteToolBar
SurfSideKick
If you can not connect to the Internet after removing New.net, Please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.
Next
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this new folder please,
Post back a fresh log when done please
#3
Posted 13 June 2005 - 04:00 PM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don77
Thank you for helping me out. I did remove all items but updmgr,GMT, & CMEII
I could not find them. I also saw the ABI network on the program, I tried to remove it, but it said I must go to pctuneup.com. I wasn't quite sure if I should do that. I really appreciate your help. Here is my new log, from HiJackThis
Thank you for helping me out. I did remove all items but updmgr,GMT, & CMEII
I could not find them. I also saw the ABI network on the program, I tried to remove it, but it said I must go to pctuneup.com. I wasn't quite sure if I should do that. I really appreciate your help. Here is my new log, from HiJackThis
Attached Files
-
hijackthis_4.txt 14KB
165 downloads
#4
Posted 13 June 2005 - 08:29 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
We prefer you didn'tI tried to remove it, but it said I must go to pctuneup.com. I wasn't quite sure if I should do that.
We can get you cleaned up here,
You should probably print out or copy the following instructions to notepad so you have access to them,
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Next please run HijackThis, click Scan, and check:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50249
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50249
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [dllftp] C:\WINDOWS\Cursors\dllftp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [*keyac] C:\WINDOWS\Web\printers\keyac.exe
O4 - HKLM\..\Run: [*keyweb] C:\WINDOWS\AppPatch\keyweb.exe
O4 - HKLM\..\Run: [*bininet] C:\WINDOWS\security\Database\bininet.exe
O4 - HKLM\..\Run: [*mainmsvc] C:\WINDOWS\mainmsvc.exe
O4 - HKLM\..\Run: [*binwave] C:\WINDOWS\Registration\binwave.exe
O4 - HKLM\..\Run: [*svctask] C:\WINDOWS\system\svctask.exe
O4 - HKLM\..\Run: [*javasvc] C:\WINDOWS\Microsoft.NET\javasvc.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [pwfwwec] C:\WINDOWS\System32\pwfwwec.exe
O4 - HKLM\..\Run: [vnvadb] c:\windows\system32\hbkqpbr.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [suil] C:\WINDOWS\System32\suil.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nvprnv.exe reg_run
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [sjvmujc] C:\WINDOWS\System32\sjvmujc.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [qvpxvyo] C:\WINDOWS\System32\qvpxvyo.exe
O4 - HKLM\..\Run: [nyhzk] C:\WINDOWS\System32\nyhzk.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [jsthufn] C:\WINDOWS\System32\jsthufn.exe
O4 - HKLM\..\Run: [bggyetn] C:\WINDOWS\System32\bggyetn.exe
O4 - HKLM\..\Run: [viulfm] C:\WINDOWS\System32\viulfm.exe
O4 - HKLM\..\Run: [hxgohq] C:\WINDOWS\System32\hxgohq.exe
O4 - HKLM\..\Run: [psgjxa] C:\WINDOWS\System32\psgjxa.exe
O4 - HKLM\..\Run: [wxundcb] C:\WINDOWS\System32\wxundcb.exe
O4 - HKLM\..\Run: [ksllj] C:\WINDOWS\System32\ksllj.exe
O4 - HKLM\..\Run: [xya] C:\WINDOWS\System32\xya.exe
O4 - HKLM\..\Run: [wxab] C:\WINDOWS\System32\wxab.exe
O4 - HKLM\..\Run: [mtuks] C:\WINDOWS\System32\mtuks.exe
O4 - HKLM\..\Run: [tagbmdq] C:\WINDOWS\System32\tagbmdq.exe
O4 - HKLM\..\Run: [yvx] C:\WINDOWS\System32\yvx.exe
O4 - HKLM\..\Run: [ctwitq] c:\windows\system32\yxiuke.exe r
O4 - HKLM\..\Run: [dkrf] C:\WINDOWS\System32\dkrf.exe
O4 - HKLM\..\Run: [xsqlccz] C:\WINDOWS\System32\xsqlccz.exe
O4 - HKLM\..\Run: [xjpnxm] C:\WINDOWS\System32\xjpnxm.exe
O4 - HKLM\..\Run: [bktexzj] C:\WINDOWS\System32\bktexzj.exe
O4 - HKLM\..\RunOnce: [*adjava] C:\WINDOWS\Registration\adjava.exe rerun
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [tsscka] C:\WINDOWS\System32\tsscka.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://mn103.coolsav...oad/cscmv5X.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: adjava - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
Close all open windows except for HijackThis and click Fix Checked.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
#5
Posted 13 June 2005 - 10:56 PM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don77
I can't download the ewido, or the noidea, i just get the hour glass, and then tons of pop ups, I tried several times, I did download ewido yesterday, but it went to my desktop and when i try to call it, something comes up for a split second then disappears. What else should I try?
I can't download the ewido, or the noidea, i just get the hour glass, and then tons of pop ups, I tried several times, I did download ewido yesterday, but it went to my desktop and when i try to call it, something comes up for a split second then disappears. What else should I try?
#6
Posted 14 June 2005 - 04:54 AM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Continue on with the instruction minus the Ewido scan,
Post back a fresh HJT log when done please
Try the link below
http://www.noidea.us...050515010747824
Post back a fresh HJT log when done please
Try the link below
http://www.noidea.us...050515010747824
#7
Posted 14 June 2005 - 03:51 PM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don77
I'm not quite sure I did anything with nailfix. I wasn't sure if I unziped to the desktop properly, I tried several times, I was just getting files and when I double clicked nothing really happened. But I did check most of the items on my HiJack This and fixed and ran a new scan.
I'm not quite sure I did anything with nailfix. I wasn't sure if I unziped to the desktop properly, I tried several times, I was just getting files and when I double clicked nothing really happened. But I did check most of the items on my HiJack This and fixed and ran a new scan.
Attached Files
-
hijackthis_6.txt 11.27KB
138 downloads
Edited by maryb63, 14 June 2005 - 04:06 PM.
#8
Posted 16 June 2005 - 08:27 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Lets try and see if we can get this cleaned up a bit more using some programs,
http://www.kaspersky...oduct=161744315
Run the above online scan and have it remove what it finds,
Next
Please download Download CCleaner and install.
Please run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Next
Download Ad-Aware SE
Check Here on how setup and use it - please make sure you update it first.
Run Ad-aware and have it fix all it finds,
Reboot your computer, Restart HJT and post back a fresh log please
http://www.kaspersky...oduct=161744315
Run the above online scan and have it remove what it finds,
Next
Please download Download CCleaner and install.
Please run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Next
Download Ad-Aware SE
Check Here on how setup and use it - please make sure you update it first.
Run Ad-aware and have it fix all it finds,
Reboot your computer, Restart HJT and post back a fresh log please
#9
Posted 17 June 2005 - 11:13 AM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don77
I went to Kaspersky.com beta site, I ran a scan, came up with alot of viruses.
( over 50 ) but I did not see an area where I could remove what it found. It just was saved to text. Was I suppose to go to a different area on Kaspersky?
Maryb63
I went to Kaspersky.com beta site, I ran a scan, came up with alot of viruses.
( over 50 ) but I did not see an area where I could remove what it found. It just was saved to text. Was I suppose to go to a different area on Kaspersky?
Maryb63
#10
Posted 18 June 2005 - 08:32 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Could you post a fresh HJT log please
#12
Posted 19 June 2005 - 09:53 AM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Hi Mary this is proving to be a tough one !!
This will take some work, But we can get it sorted for you, Something is blocking us from making the necessary repairs, Lets do a couple things here,
First
Download the following tool please
http://securityrespo...er/FixVundo.exe
Save it somewhere accessable like your desk top,
Double-click the FixVundo.exe file to start the removal tool
Click Start to begin the process, and then allow the tool to run
Restart the computer.
Run the removal tool again to ensure that the system is clean.
Next
In my sig is a link for CWShredder,
Please download and install it
Check for updates, Be sure and click on the "Fix" button and let it run please,
After you have run those please see if you can get Ewido to run please,
Please run it in safe mode,
If it allows you to, Please post back a log from it and a fresh HJT log please
This will take some work, But we can get it sorted for you, Something is blocking us from making the necessary repairs, Lets do a couple things here,
First
Download the following tool please
http://securityrespo...er/FixVundo.exe
Save it somewhere accessable like your desk top,
Double-click the FixVundo.exe file to start the removal tool
Click Start to begin the process, and then allow the tool to run
Restart the computer.
Run the removal tool again to ensure that the system is clean.
Next
In my sig is a link for CWShredder,
Please download and install it
Check for updates, Be sure and click on the "Fix" button and let it run please,
After you have run those please see if you can get Ewido to run please,
Please run it in safe mode,
If it allows you to, Please post back a log from it and a fresh HJT log please
#13
Posted 20 June 2005 - 11:28 AM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don77
I did the shredder, I was able to run ewido, I had alot of trojans, but I was not able to save a log, I ran it twice, it just stops running and goes back to my desktop
when it is about 85% done. I keep getting Ewido Infected File Found on my screen
with several spyware infections. I did a new hijack this log.
Mary
I did the shredder, I was able to run ewido, I had alot of trojans, but I was not able to save a log, I ran it twice, it just stops running and goes back to my desktop
when it is about 85% done. I keep getting Ewido Infected File Found on my screen
with several spyware infections. I did a new hijack this log.
Mary
Attached Files
-
hjt9.txt 10.47KB
184 downloads
#14
Posted 20 June 2005 - 06:45 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
OK Mary now were making some head way !
Lets give this another shot,
Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Next please run HijackThis, click Scan, and check:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50249
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50249
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [mmipdwq] c:\windows\system32\uqsoji.exe r
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\RunOnce: [*adjava] C:\WINDOWS\Registration\adjava.exe rerun
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [tsscka] C:\WINDOWS\System32\tsscka.exe
O15 - Trusted Zone: http://www.neededware.com
O20 - Winlogon Notify: adjava - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
Close all open windows except for HijackThis and click Fix Checked.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
Lets give this another shot,
Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Next please run HijackThis, click Scan, and check:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50249
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50249
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [mmipdwq] c:\windows\system32\uqsoji.exe r
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\RunOnce: [*adjava] C:\WINDOWS\Registration\adjava.exe rerun
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [tsscka] C:\WINDOWS\System32\tsscka.exe
O15 - Trusted Zone: http://www.neededware.com
O20 - Winlogon Notify: adjava - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avajda.dat
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
Close all open windows except for HijackThis and click Fix Checked.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
#15
Posted 20 June 2005 - 08:13 PM
maryb63
- Topic Starter
-
- Member
-
- 19 posts
Member
Don
I went to the nailfix download, but it said no file found, So I went to the download area and download nailfix, but when I double clicked it on my desktop
it said corrupted file, and that was it. I am not quite sure what unzip to desktop means. But I did have a nail fix download from last time. I double clicked to folder and extracted the files to it. ( I did this in safe mode ) but when I double clicked the icons did not disappear I just went to the folder and then a message said something about running this in safe mode and windows and losing some work and not working properly. so I thought I would ask you what I am doing wrong before I continued. Sorry, I really need to learn more about my computer!
MaryB63
I went to the nailfix download, but it said no file found, So I went to the download area and download nailfix, but when I double clicked it on my desktop
it said corrupted file, and that was it. I am not quite sure what unzip to desktop means. But I did have a nail fix download from last time. I double clicked to folder and extracted the files to it. ( I did this in safe mode ) but when I double clicked the icons did not disappear I just went to the folder and then a message said something about running this in safe mode and windows and losing some work and not working properly. so I thought I would ask you what I am doing wrong before I continued. Sorry, I really need to learn more about my computer!
MaryB63
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
