Hijacker viruses...

[dcp59190]

i've had problems w/ these things before, but i can't remember how to get rid of them. please tell me what i need to get rid of. here is my log from hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 5:39:29 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\qakbzl.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\toppop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel Pierce\Desktop\Clean-Up Progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php?account_id=3004
R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL
F1 - win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "cbs.sportsline.com"); (C:\Documents and Settings\Daniel Pierce\Application Data\Mozilla\Profiles\default\v94p4tho.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Daniel Pierce\Application Data\Mozilla\Profiles\default\v94p4tho.slt\prefs.js)
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - (no file)
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-111111111111} - (no file)
O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [lsz] C:\WINDOWS\lsz.exe
O4 - HKLM\..\Run: [gh5k8nmfs3] C:\Program Files\Symantec\jh5d17zf7r.exe
O4 - HKLM\..\Run: [onolqf] C:\WINDOWS\onolqf.exe
O4 - HKLM\..\Run: [aqvtqfu] C:\WINDOWS\System32\qakbzl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken 2004\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.180/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C:.mht!http://69.50.191.52/2484/b.chm::/b.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe
O16 - DPF: {11311111-1111-1111-1111-11111121115F} - file://C:\Recycled\Q383303.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...a2f745d64562:c31e3730b38c174130e1e2729109a237
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/274bd0accb5e8346dc00/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38125.7290046296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

PLEASE HELP!!!

 

[Dave]

Is Blazefind your problem? Normally, if you don't recognize the url in the R0, you can get rid of it.

Dave

 

[Lobos]

Hi dcp59190

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_pag...account_id=3004

R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

F1 - win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O1 - Hosts: 213.159.117.235 auto.search.msn.com

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - (no file)
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-111111111111} - (no file)

O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\Program Files\WindUpdates

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [lsz] C:\WINDOWS\lsz.exe

O4 - HKLM\..\Run: [gh5k8nmfs3] C:\Program Files\Symantec\jh5d17zf7r.exe

O4 - HKLM\..\Run: [onolqf] C:\WINDOWS\onolqf.exe

O4 - HKLM\..\Run: [aqvtqfu] C:\WINDOWS\System32\qakbzl.exe

-----------------------------------------------------------------------------------------------------------------------------------

To enable the viewing of Hidden files follow these steps:

How to see Hidden files and Folders

reboot into safe mode

How to boot into safe mode
----------------------------------------------------------------------------------------------------------

delete

this file

C:\WINDOWS\System32\qakbzl.exe
C:\Windows\System32\wsaupdater.exe
C:\WINDOWS\onolqf.exe

this folders

C:\PROGRA~1\WIACA5 folder starts with this
C:\Program Files\WindowsSA
C:\Program Files\WindUpdates

--------------------------------------------------------------------------------------
then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it

as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this
while in the temp folder, select view and select details.
then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page.
select all the files/folders except the today ones and delete them all.

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

empty your recyle bin
reboot to normal
-------------------------------------------------------------------------------------------------------------------
Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R330 07.07.2004 by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files

Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.

and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them
Restart your computer

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spybot - Search & Destroy 1.3

Then go Click here and download Spybot Search & Destroy 1.3

Install the program and launch it.

Before scanning press Online and Search for Updates.

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

come back and tell me how you computers running

Lobos