hi i have been havin problems with my comp and came to you guys for help since i am dumb. i am thinking of just reformatting my hard drive (havving someone else do it i mean :)) but dont want to go through all the hastle if i dont have to.
well problem 1 is that i think my IE browser has been highjacked. when i click on the icon it goes to an unknow search engine as my homepage then my comp goes dead and then about 4 spyware popups show and then it all has an error and shuts down. during that process i cant do a thing to prevent it. i have a highjack this log file that you guys can look at. it asks me what i want to delete but i dont want to delete any thing that is supposed to be there so i came to the experts (you guys).
Problem number two is that i cannot go to my computer or control panel from the start menu. it comes up with an error promt and then acts as if it is going to shut down (icons dissappear as well as taskbar all except background) and then goes back to normal (icons and taskbar reappear)
i have no clue what is going on i hope you guys can help.
Logfile of HijackThis v1.97.2
Scan saved at 8:26:58 AM, on 11/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWindows AdToolsWinAdTools.exe
C:Program FilesWindows AdToolsWinRatchet.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:WINDOWSsystem32crypserv.exe
C:WINDOWSSystem32
vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAIM95aim.exe
C:WINDOWSsystem32??oolsv.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program Filesmozilla.orgMozillamozilla.exe
C:WINDOWSexplorer.exe
C:Program FilesHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1LIBIDO~1LOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = http://www.gatewaybiz.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll (file missing)
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:PROGRA~1INCRED~1BHOINCFIN~1.DLL
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:WINDOWSSystem32mspxs32.dll
O2 - BHO: (no name) - {38A4615B-B267-4FC2-8C22-60550B817B49} - C:WINDOWSSystem32dbhsf.dll
O2 - BHO: (no name) - {3FF6350D-B335-14C2-D422-60550B817B4A} - C:WINDOWSSystem32qxmqmzs.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:Program FilesQuickSearchQuickSearchBar3_28.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {ED9EC1E2-7510-40A1-AB8D-199959BC92EF} - C:WINDOWSSystem32okmaopa.dll
O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - c:PROGRA~1SystemMisckabh1.dll
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:Program FilesQuickSearchQuickSearchBar3_28.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O4 - HKLM..Run: [Win32 Explorer] C:WINDOWSSystem32explorer32.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKCU..Run: [Win32 Explorer] C:WINDOWSSystem32explorer32.exe
O8 - Extra context menu item: Ebates - file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Ebates (HKCU)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.tl81.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5…
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=b262b0ad414acb9189b7…
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94…
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/s…
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09b51425f7d2436d1101/netzip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://217.73.66.1/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
[?]
1) This doesn't really belong here but we'll help you anyway.
2) Use an anti-adware/spyware app to help clean up your system (Try Ad-Aware: [url]http://www.lavasoftusa.com/software/adaware/[/url])
3) Stop using Internet Explorer forever.
4) Start using FireFox. [url]http://www.mozilla.org/products/firefox/[/url]
thanx for all the replies it seems that no one has a set in stone idea what to do. i will post it at the url given and see what the deal is.
i am using adware and avg and they pickup nothing anymore. i deleted everything they picked up though.
i have stopped using ie i use mozilla now but it seems to have problems with windows media player and paypal (all i have found out so far.)
wish me luck :/
now that i look at it, it looks to me that the stuff on the bottom dont belong but i dont want to delete it unless i get one of you guys to let me know