Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I am getting error messages about 'data1.dat' not being found (wupdater) and 'Gstartup.lnk' not found either. Can someone let me know what I should do about this? Sorry if this request has come through before. Here is the hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 1:10:39 PM, on 3/25/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\Iomega\System32\ActivityDisk.exe
E:\WINNT\System32\llssrv.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
E:\WINNT\loadqm.exe
E:\WINNT\System32\qttask.exe
E:\Program Files\Iomega HotBurn\Autolaunch.exe
E:\Program Files\Common files\updater\wupdater.exe
E:\WINNT\Wast.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINNT\System32\wjview.exe
C:\MSSQL7\Binn\sqlmangr.exe
E:\Program Files\Webshots\WebshotsTray.exe
E:\Program Files\websearch\websearch.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRA~1\WINZIP\wzqkpick.exe
E:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno Online Services, Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - E:\Program Files\jusearch\jusearchenh.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - E:\WINNT\SbCIe0261.dll
O2 - BHO: (no name) - {2D7ECEBA-8082-45A4-AE1D-4EBA4FDEC215} - E:\WINNT\system32\mo030414s.dll
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll
O2 - BHO: (no name) - {E95F2247-3F97-4950-B55E-EF8404BE97CE} - E:\WINNT\system32\isnls.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] E:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ATTRedUpate] E:\PROGRA~1\COMMON~1\AT&T\RedCon\programs\AutoUpdate.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "E:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [updater] E:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AdRoarUpdate] E:\WINNT\ARUpdate.exe
O4 - HKLM\..\Run: [Wast] E:\WINNT\Wast
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates
O4 - HKLM\..\Run: [websearch] wjview /cp:p "E:\Program Files\websearch\System\Code" Main lp: "E:\Program Files\websearch"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Web Rebates - file://E:\Program Files\websearch\System\Temp\topr1150_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://my.juno.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/097b584c8cf9dac69901/netzip/RdxIE2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - http://uwtbb.tacoma.washington.edu:8011/webapps/client-lib/j2re-1_4_1-win.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks so much!!!
 

·
Administrator
Joined
·
123,519 Posts
Wupdater is a virus and I'm sure that someone will be along soon to analyze your log.

I just wanted to mention that W2K is now up to Service Pack 4. It would be a good idea to get that and all of the Windows critical updates as well.

Cookie
 

·
Registered
Joined
·
16,274 Posts
Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems

CWS takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.

Then repost a fresh Hijack this log .

Download 'Hijack This!' http://www.spychecker.com/program/hijackthis.html and save it to a folder on your desktop.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #4 ·
Thanks Cookie and Mobo. Here is the reposted Log
Logfile of HijackThis v1.97.7
Scan saved at 9:06:10 AM, on 3/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\Iomega\System32\ActivityDisk.exe
E:\WINNT\System32\llssrv.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
E:\WINNT\System32\qttask.exe
E:\Program Files\Iomega HotBurn\Autolaunch.exe
E:\Program Files\Common files\updater\wupdater.exe
E:\WINNT\system32\wjview.exe
E:\Program Files\Messenger\msmsgs.exe
C:\MSSQL7\Binn\sqlmangr.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Webshots\WebshotsTray.exe
E:\Program Files\websearch\websearch.exe
E:\Program Files\websearch\websearch.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno Online Services, Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - E:\Program Files\jusearch\jusearchenh.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - E:\WINNT\SbCIe0261.dll
O2 - BHO: (no name) - {2D7ECEBA-8082-45A4-AE1D-4EBA4FDEC215} - E:\WINNT\system32\mo030414s.dll
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll
O2 - BHO: (no name) - {E95F2247-3F97-4950-B55E-EF8404BE97CE} - E:\WINNT\system32\isnls.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] E:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ATTRedUpate] E:\PROGRA~1\COMMON~1\AT&T\RedCon\programs\AutoUpdate.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "E:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [updater] E:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AdRoarUpdate] E:\WINNT\ARUpdate.exe
O4 - HKLM\..\Run: [Wast] E:\WINNT\Wast
O4 - HKLM\..\Run: [websearch] wjview /cp:p "E:\Program Files\websearch\System\Code" Main lp: "E:\Program Files\websearch"
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "E:\Program Files\websearch\System\Code" Main lp: "E:\Program Files\websearch
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Web Rebates - file://E:\Program Files\websearch\System\Temp\topr1150_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://my.juno.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/097b584c8cf9dac69901/netzip/RdxIE2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - http://uwtbb.tacoma.washington.edu:8011/webapps/client-lib/j2re-1_4_1-win.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38071.771400463
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

·
Registered
Joined
·
16,274 Posts
Rescan with hijack and check eachof these then close all browser windows and click"fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp

O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - E:\WINNT\SbCIe0261.dll

O2 - BHO: (no name) - {2D7ECEBA-8082-45A4-AE1D-4EBA4FDEC215} - E:\WINNT\system32\mo030414s.dll

O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll

O2 - BHO: (no name) - {E95F2247-3F97-4950-B55E-EF8404BE97CE} - E:\WINNT\system32\isnls.dll

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - E:\WINNT\AdRoar.dll

O4 - HKLM\..\Run: [updater] E:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [AdRoarUpdate] E:\WINNT\ARUpdate.exe

O4 - HKLM\..\Run: [Wast] E:\WINNT\Wast

O4 - HKLM\..\Run: [websearch] wjview /cp:p "E:\Program Files\websearch\System\Code" Main lp: "E:\Program Files\websearch"

O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "E:\Program Files\websearch\System\Code" Main lp: "E:\Program Files\websearch

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/097b584c8cf9dac69901/netzip/RdxIE2.cab

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdm.cab

Then reboot into safe mode and delete:
E:\Program Files\websearch
E:\WINNT\ARUpdate.exe
E:\Program Files\Common files\updater\wupdater.exe
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top