Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log Free


  • Please log in to reply
6 replies to this topic

#1 freebm

freebm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 January 2005 - 02:10 PM

Hello,

Hope I'm doing this correctly. In a nutshell my problem is while surfing , I'm getting many "unable to open/find/locate" web-page messages and when my machine does work fine it only does so for a few pages/searches then it is automatically directed to that blankity blank "worldtracker" or easy-biz search page.

I have run SB S&D, Spydoctor, Panda, and Lavasoft. And this thing keeps coming up. I have run them while the hidden folders have been open and in safe mode.

This is a copy of my most recent HJT log. You guys look busy. Any help would be most greatly appreciated.



Thanks a Ton

PS: I may already messed things up a little bit (oops). I'm also unable to download IE updates


Logfile of HijackThis v1.99.0
Scan saved at 1:05:36 PM, on 1/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\dad\Desktop\Stuff\spy ware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "google.com"); (C:\Documents and Settings\dad\Application Data\Mozilla\Profiles\default\37x1k8a1.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\dad\Application Data\Mozilla\Profiles\default\37x1k8a1.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] C:\WINDOWS\iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\the courts hang with tommy and troy go to tommys aunt and bounce on trampaline\aim.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail01.delhi.edu/iNotes6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Panda Antispam Server Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone - Unknown - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Tango Service - Unknown - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:44 AM

Posted 14 January 2005 - 06:05 PM

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=p454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=p454
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=p454
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\the courts hang with tommy and troy go to tommys aunt and bounce on trampaline\aim.exe


***********************************************************************

Reboot, run Adaware, then post a new HJT log.

#3 freebm

freebm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 January 2005 - 08:13 AM

:thumbsup:

Hello,

THanks for the help. Through reading other threads I was able to clear the problem up.

Thanks Again.

PDD

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:44 AM

Posted 25 January 2005 - 09:32 AM

Would you like to post up a new log so that we can be sure everything is gone?

#5 freebm

freebm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 26 January 2005 - 02:54 PM

Oops,
Sorry about that. I'll run HJT tonight when I get home and post a new log for your review.
Thanks Again.
PDD

#6 freebm

freebm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 27 January 2005 - 01:43 PM

Hello,

I tried to post this log last night but apparently I did something wrong so here it is.

Thanks for all the help. Hopefully this one is clean.







Logfile of HijackThis v1.99.0
Scan saved at 5:15:02 PM, on 1/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\a2\a2guard.exe
C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe
C:\Documents and Settings\dad\Desktop\Stuff\spy ware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "google.com"); (C:\Documents and Settings\dad\Application Data\Mozilla\Profiles\default\37x1k8a1.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\dad\Application Data\Mozilla\Profiles\default\37x1k8a1.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\the courts hang with tommy and troy go to tommys aunt and bounce on trampaline\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail01.delhi.edu/iNotes6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Panda Antispam Server Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone - Unknown - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Tango Service - Unknown - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:44 AM

Posted 27 January 2005 - 01:50 PM

That looks good. Nice job!! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users