Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

HJT Log-computer doesn't shut down-ie wont find sites

This is a discussion on HJT Log-computer doesn't shut down-ie wont find sites within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have a computer that was full of adware/malware/spyware (ferret toolbar,liquid player,limewire, morpheus,mysearchbar,websearch,for starters). I ran CWshredder,ad-awareSE with the vx2cleaner


 
 
Thread Tools Search this Thread
Old 01-18-2005, 11:24 AM   #1
Guest
 
Join Date: Oct 2004
Posts: 31
OS:



I have a computer that was full of adware/malware/spyware (ferret toolbar,liquid player,limewire, morpheus,mysearchbar,websearch,for starters). I ran CWshredder,ad-awareSE with the vx2cleaner addon, and spybot search and destroy. I have also ran avg as well as housecall to remove any viruses. The computer will not shut down in safe mode or in regular mode. It will not restart either. I have to press and hold the button for it to shut down. The computer is slow loading programs as well. It has 128mb ram so I have ordered additional 256mb to help that, but in the mean time I need to see if there is anything in the hjt log that can be fixed to help it shut down and run smoother.

I also d/l Xp sp2 and now cannot get any sites to load. Any suggestions you have will be appreciated!

Logfile of HijackThis v1.99.0
Scan saved at 12:02:41 PM, on 1/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\htj\HijackThis.exe
C:\Downloads\htj\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/yco...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mabank.com/
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://qcsal1.qcsa.liveglobalbid.com/LiveSound.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - https://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - https://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - https://download.weatherbug.com/minib...ginstaller.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sandy83 is offline  
Sponsored Links
Advertisement
 
Old 01-18-2005, 11:36 AM   #2
TSF Team Emeritus, Security Team
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,821
OS: Every Windows OS known to man


Only a couple of benign items there......

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Old 01-18-2005, 08:28 PM   #3
Guest
 
Join Date: Oct 2004
Posts: 31
OS:



I downloaded and installed tds as you suggested. Here is the log of the scan as well as the warnings. Let me know what to do next.

17:12:57 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
17:12:57 [Init] Started 18-01-05 17:12:57 Central Standard Time (UTC: 6), Internet Time @1008.99
17:12:57 [Init] Loading TDS-3 Systems ...
17:12:57 [Init] Token successfully adjusted.
17:12:57 [Init] TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
17:12:57 [Init] Plugins : OK. Loaded 13
17:12:57 [Init] Exec Protection : Not Installed
17:12:57 [Init] WARNING: Your Radius.TD3 database needs to be updated!
17:12:57 [Init] Please download the latest from https://tds.diamondcs.com.au/radius.td3
17:12:58 [Init] Licensed users can use the Update facility from the TDS menu
17:12:58 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
17:13:15 [Init] Radius Advanced Specialist Extensions on standby for 13 trojan families
17:13:15 [Init] Systems Initialised [44547 references - 20677 primaries/11735 traces/12135 variants/other]
17:13:15 [Init] Radius Systems loaded. <Databases updated 18-01-2005>
17:13:15 [Init] TDS-3 Ready. <[email protected], 127.0.0.1 - United States>
17:13:15 [Tip Of The Day] Can't remember the port that a particular service uses? Or perhaps you can't remember the service that a particular port uses? Try the Port Reference and Reverse Port Reference utilities - available in the Utilities menu!
17:13:15 [TDS] Good evening Cmi. Time to stop working!
17:13:26 [Mutex Memory Scan] Started...
17:13:31 [Mutex Memory Scan] Finished (no trojan mutexes found).
17:13:31 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
17:13:47 [CRC32] Started - verifying 29 files ...
17:13:55 [CRC32] Test finished.
17:16:06 [Memory Scan] Memory scan started, please wait a moment ...
17:16:10 [Memory Scan] Memory scan complete.
17:16:10 [Mutex Memory Scan] Started...
17:16:13 [Mutex Memory Scan] Finished (no trojan mutexes found).
17:16:13 [Trace Scan] Started...
17:16:28 [Trace Scan] Finished.
17:16:29 [ServiceScan] Scanning for services and drivers ...
17:16:37 [ServiceScan] Scanned 292 services and drivers.
17:16:37 [File Scan] Scanning in A:\ ...
17:16:38 [File Scan] Scanned 0 files: 0 alarms in 1.109375 seconds (Avg 1. files/sec)
17:16:38 [File Scan] Scanning in C:\ ...
18:08:47 [File Scan] Scanned 31946 files: 10 alarms in 3128.766 seconds (Avg 11.21 files/sec)
18:08:49 [File Scan] Scanning in D:\ ...
18:08:49 [File Scan] Scanned 0 files: 10 alarms in 0.21875 seconds (Avg 1. files/sec)
18:08:49 [File Scan] Scanning in F:\ ...
18:08:49 [File Scan] Scanned 0 files: 10 alarms in 0.015625 seconds (Avg 1. files/sec)
18:08:50 [Scan] Finished.
Alarms:
Scan Control Dumped @ 21:19:11 18-01-05
Positive identification: Adware.Altnet.b
File: c:\documents and settings\administrator\local settings\temp\__unin__.exe

Positive identification (DLL): Adware.Altnet.a (dll)
File: c:\documents and settings\caiti\local settings\temp\altnet\adm25.dll

Positive identification (embedded in file): Adware.Delfin.b
File: c:\documents and settings\cmi\local settings\temp\app3f.tmp

Positive identification (embedded in file): Adware.Delfin.b
File: c:\documents and settings\cmi\local settings\temp\app51.tmp

Suspicious Filename: Dual extensions
File: c:\documents and settings\cmi\local settings\temp\speedblastert_3.0.4.exe

Positive identification: Adware.Toolbar.Cash Dropper
File: c:\documents and settings\cmi\local settings\temp\_ps_inst.exe

Positive identification: Adware.Delfin.b
File: c:\program files\common files\dpi\dpi.exe

Positive identification (embedded in file): TrojanDownloader.Win32.Keenval.e Dropper
File: c:\windows\system32\in10b6s.dll

Positive identification: Adware.Sahat.a Dropper.c
File: c:\windows\system32\sahagent1013.exe

Positive identification (DLL): Adware.ShopAtHome.b (dll)
File: c:\windows\system32\shagentnew.dll
Sandy83 is offline  
Sponsored Links
Advertisement
 
Old 01-18-2005, 09:44 PM   #4
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System

Download KillBox (https://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Replace on Reboot' and check the box underneath that. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into the top line (hitting the X button for each file - choose NO when it asks if you want to reboot until you get to the last file to delete):

c:\windows\system32\in10b6s.dll
c:\windows\system32\sahagent1013.exe
c:\windows\system32\shagentnew.dll

Delete this folder -> c:\program files\common files\dpi\

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Check and fix these in HijackThis:

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

Restart and post a new log for HijackThis.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 01-18-2005, 11:26 PM   #5
Guest
 
Join Date: Oct 2004
Posts: 31
OS:



I ran the 2 programs you suggested and followed your instructions. The computer will go to sites (slowly, but that could be the memory problem..they are on broadband). The only problem now seems to be in the shut down. The windows screen says it is shutting down, then the screen goes black, but the tower power button stays green and you have to press and hold for 12 seconds to get it to shut down.

Here is the new log:

Logfile of HijackThis v1.98.2
Scan saved at 12:15:46 AM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\htj\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/yco...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mabank.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://qcsal1.qcsa.liveglobalbid.com/LiveSound.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - https://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - https://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - https://download.weatherbug.com/minib...ginstaller.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...reShowdown.cab

Thanks!
Sandy83 is offline  
Old 01-19-2005, 06:13 AM   #6
TSF Team Emeritus, Security Team
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,821
OS: Every Windows OS known to man


You have an outdated version of HijackThis. Click here to get the latest version of HijackThis and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Old 01-19-2005, 08:11 AM   #7
Guest
 
Join Date: Oct 2004
Posts: 31
OS:



I updated HTJ, d/l the analyzer from the site given and the log is as follows:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/16/05
Get updates at https://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 8:59:52 AM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Downloads\htj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/yco...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mabank.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://qcsal1.qcsa.liveglobalbid.com/LiveSound.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - https://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - https://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - https://download.weatherbug.com/minib...ginstaller.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...reShowdown.cab


End of KRC HijackThis Analyzer Log.
====================================================================

*I have done all fixes when they were given to me, and only posted logs when told to, and have not reposted the original log.
Sandy83 is offline  
Old 01-19-2005, 08:21 AM   #8
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System

Your log is clean. If you disabled System Restore, make sure to enable it now.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial (https://www.greyknight17.com/spyware.htm#prevent) and use the tools provided.

Are there any problems now? If not, you should be set to go.

For the shutdown problem, try these two links:

link 1
link 2

If problems still continue with the shutdown, create a new thread and post your problem in the Windows XP category.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 01-20-2005, 11:46 AM   #9
Guest
 
Join Date: Oct 2004
Posts: 31
OS:



The problems you addressed have been fixed. Thank you for your assistance!
Sandy83 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts