coolwebsearch/searchx hijack help!!

Status
Not open for further replies.
J

joeyhaveafew

Beta member
Messages
4
If one of you fine experts could peruse this hijackthis log and assist me in de-virusizing my PC, I would be very appreciative. I am running Win98SE. Thanks so much in advance!!!

---------------------
Logfile of HijackThis v1.98.2
Scan saved at 9:04:15 AM, on 11/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\AUSVC.EXE
C:\WINDOWS\BVT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\COMMON FILES\PCSUITE\DATALAYER\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\TOOLS\NCLTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\2WIRE WIRELESS\CLIENT MANAGER\CMTWO.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\PCSUITE\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\ZSTATUS.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*[url]http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\frd7e7fm.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [ausvc] C:\WINDOWS\ausvc.exe
O4 - HKLM\..\Run: [SysScan] C:\WINDOWS\bvt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\DESKTOP\ATIUPDATE5.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: 2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra button: Dell Home - {6E8DF9E0-6FAD-11D3-8B8D-E0804FC10000} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://C:\PROGRA~1\MICROS~9\VJ98\VSTUDIO6.CAB
O16 - DPF: Microsoft WFC Forms Designer - file://C:\PROGRA~1\MICROS~9\VJ98\WFCFORMS.CAB
O16 - DPF: {F9F3920B-2F24-437A-A224-D49F0004A172} - http://www.net-viewer.com/dls/AutoInstall.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
 
I have CWShredder and end up running it about once a day, because the about:blank hijack always returns! Thanks....
 
Download this tool called about:Buster http://www.spyware911.net/downloads/AboutBuster.zip

Unzip it to your Desktop.

Start about:Buster. Then hit update. A new screen should pop up. On that screen, hit Check for Updates. If it says it found an update, hit Download Updates. If it doesnt find an update, it will automatically tell you and exit.

Double click on about:Buster to start the program. Hit Start and then Ok. The program should start scanning. When prompted to shut explorer.exe click ok. If iot asks to remove any files let it do so ..

Then rescan again with hijack, insert a check next to each of the following, close all browser windows and click"fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/index.html

O4 - HKLM\..\Run: [ausvc] C:\WINDOWS\ausvc.exe

O4 - HKLM\..\Run: [SysScan] C:\WINDOWS\bvt.exe

O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE

O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE


Then reboot into safe mode http://www.spyware911.net/forum/index.php?showtopic=15

Open windows explorer, find then delete:
c:\PROGRA~1\AUTOUP~1
C:\WINDOWS\bvt.exe
C:\WINDOWS\ausvc.exe

Reboot, rescan again with hi\ojack and post an updated logfile please.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom