Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
40 Posts
Discussion Starter · #1 ·
Hi,
I was having trouble with my browser just stopping. I booted up to a different drive and it works fine. I guess I must have picked something up. I would love to be able to save this setup. If anybody could help me I'd be much obliged.
Mike

Logfile of HijackThis v1.99.0
Scan saved at 10:37:43 PM, on 1/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\oljfpykquj.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Qfmfgwi\Xlox.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Mikey\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com/");
(C:\Documents and Settings\Mikey\Application
Data\Mozilla\Profiles\default\y7law43j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src");
(C:\Documents and Settings\Mikey\Application
Data\Mozilla\Profiles\default\y7law43j.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINDOWS\wsem302.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WindowsRegKey update] oljfpykquj.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cfruih] C:\Program Files\Qfmfgwi\Xlox.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\RunServices: [WindowsRegKey update] oljfpykquj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Bar Ding lolt] analiz.exe
O4 - HKCU\..\Run: [WindowsRegKey update] oljfpykquj.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 2.lnk = C:\Program
Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/CDTInc/ie/bridge-c7.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104824805420
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Reply | Reply All | Forward Go to previous message | Go to next message | Delete | Inbox

Get the latest updates from MSN
MSN Home | My MSN | Hotmail | Search | Shopping | Money | People & Chat
Feedback | Help
© 2004 Microsoft Corporation. All rights reserved. TERMS OF USE Advertise TRUSTe Approved Privacy Statement Anti-Spam Policy
 

·
Registered
Joined
·
16,274 Posts
Lets begin by rescanning once again with hijack, insert a check next to each of the following items, close all other open windows then click "fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINDOWS\wsem302.dll

O4 - HKLM\..\Run: [WindowsRegKey update] oljfpykquj.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Cfruih] C:\Program Files\Qfmfgwi\Xlox.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\RunServices: [WindowsRegKey update] oljfpykquj.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [Bar Ding lolt] analiz.exe

O4 - HKCU\..\Run: [WindowsRegKey update] oljfpykquj.exe

O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/CDTInc/ie/bridge-c7.cab


Then set the system to show hidden files and folders http://www.spyware911.net/showhiddenfiles.htm

Reboot into safe mode http://www.spyware911.net/safemode.htm

open windows explorer, find then delete:
C:\Program Files\Web_Rebates
C:\Program Files\Qfmfgwi
C:\Program Files\Internet Optimizer
C:\WINDOWS\system32\oljfpykquj.exe
C:\Rrogram Files\Common files\Tsa

Get The latest version of Adaware
You can download the free version here:
http://www.lavasoftusa.com/support/download/

or here (alternate download location)
http://www.majorgeeks.com/download506.html

You need to be logged on as Adminstrator through the installation.
For ease in installation and operation, view the tutorial here http://www.spyware911.net/adaware.htm

Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

AAW SE settings

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, use the Full Scan (Perform full system scan) mode.

Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.
________________________
navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Then reboot, rescan and post a fresh logfile please.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top