Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi! Well, Since yesterday the 'so famous' Power Scan application has been executing by itself on every startup. I really need some help with that one. I ran already CWShredder and Ad-aware, the remove most of the trash but Power scan still remains there. Here is the Log I got with Hijack This:
Logfile of HijackThis v1.97.7
Scan saved at 04:22:56 p.m., on 23/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe
C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\jpmdvj.exe
C:\Archivos de programa\Power Scan\powerscan.exe
C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\ARCHIV~1\ARCHIV~1\ADAPTE~1\CreateCD\CREATE~1.exe
C:\DOCUME~1\ELCONG~1\CONFIG~1\Temp\Wqw1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\dvx.exe
C:\program files\GlobalDialer\tonex00207\svchost.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\rnathchk.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\El Conglomerado\Configuración local\Temp\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\ARCHIV~1\DAP\DAP.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [qushoak] C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe -QuieT
O4 - HKLM\..\Run: [qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [41698855.exe] C:\WINDOWS\System32\41698855.exe
O4 - HKLM\..\Run: [ffqccebc] C:\WINDOWS\jpmdvj.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Power Scan] C:\Archivos de programa\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\ARCHIV~1\ARCHIV~1\ADAPTE~1\CreateCD\CREATE~1.exe -r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Archivos de programa\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ieupdate] C:\WINDOWS\system32\dvx.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00207\svchost.exe -remove
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [*qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Archivos de programa\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Archivos de programa\GetRight\getright.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6015740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6E0597-4FC1-44CE-91A0-1532808C0168}: NameServer = 200.33.146.201 200.33.146.193Thanks for your concern!. Oh!!! And my main webpage has changed from Google.com to: http://qwertysearch123.biz/?id=1017 . And My Favorite Webpages are gone!!!!!
Is this related to Power scan? I really hope the logfile will help me out with that one as well.
I took a quick look, have HJT fix all of these, the rest you can sort out.
Find this file and delete it. C:\Archivos de programa\Power Scan\powerscan.exe
R1 - HKCU\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\ARCHIV~1\DAP\DAP.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Power Scan] C:\Archivos de programa\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\ARCHIV~1\ARCHIV~1\ADAPTE~1\CreateCD\CREATE~1.exe -r
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00207\svchost.exe -remove
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Archivos de programa\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Archivos de programa\GetRight\getright.exeIf you don't recognize the name of the item in the right-click menu in IE, have HijackThis fix it.
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htmIf you don't recognize the name of the button or menuitem, have HijackThis fix it.
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6015740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
If the domain is not from your ISP or company network, have HijackThis fix it.
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6E0597-4FC1-44CE-91A0-1532808C0168}: NameServer = 200.33.146.201 200.33.146.193These I'm not sure on, if your reconize the name OK if not have HJT fix it.
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)
??O4 - HKLM\..\Run: [qushoak] C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe -QuieT
??O4 - HKLM\..\Run: [qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1
??O4 - HKLM\..\Run: [41698855.exe] C:\WINDOWS\System32\41698855.exe
??O4 - HKLM\..\Run: [ffqccebc] C:\WINDOWS\jpmdvj.exe
??O4 - HKCU\..\Run: [ieupdate] C:\WINDOWS\system32\dvx.exe
??O4 - HKCU\..\Run: [AIM] C:\Archivos de programa\AIM95\aim.exe -cnetwait.odl
0 
If your system is still working...
Update AdAware and run it again.
Download spybot, update, and run.
Run some online virus scans...
and then rescan with HijackThis and repost.
0
MY IE has been defaulting to qwertysearch123 as its home page and this name has been reappearing in my favourites (as well as deleting favourites).
I've done everything you've suggested to kennedy, but it keeps coming back.
Spybot and AdAware don't detect it.
Hope you can help.
0
Kenneth Wright:
Post your results and a new log after updating, in a NEW post and mention what you have done so far.
0
I have the same problem!!!
My startpage will be sett to qwertysearch123.biz
I have it in my Favorites TWICE!
The hell - f---er ... WHAT IS THAT???I tried to delete all unkown autostarting programs, and i killed every regedit-entrie containing qwertyseach123.biz AND lookfor.cc
than the registery is clean.
Reboot and my startpage and the favorite AGAIN are sett to qwertysearch123.biz!
ANd "!!! The Best and The Fastest Search Engine" as favoriteentryss---t rubish!!! Best is GOOGLE!
HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
BTW I ran ad-aware6.0, Search&Destroy1.2 and latest Antivir scanner (updated right now!).
0
heh heh annoying little buggers aren't they..
pop it all into a 'new topic' and post it in a new thread. Things look the same from the symptoms, but usually different bugs gumming up the works.
Oh, and check out the forum guidelines for posting..http://www.computing.net/security/wwwboard/forum/6433.html
0
Hello Folks,
I have the same exact thing happening to me also from what I could tell. If I leave the computer on for a period of time I see that a program wakes up and runs this S _ _ _. I also ran all the most updates on ad-aware6.0, Search&Destroy1.2 and latest Antivirus. Every time I run Hijack after I get an alert from winpatrol I see that qwertysearch123.biz again.
So something else obviously is running, but where and what is it???
0
hmm my computer pauses right after my desktop appears, everything is clickable, its as if my computer is trying to load something but then doesnt and loads my zone alarm after a minute...its really annoying, i really think it has to do with the spyware on my comp that is not detected by ad-ware or window washer
Can someone please help me remove the unnecessary files?
Here's my Log from Hijack:
Logfile of HijackThis v1.97.7
Scan saved at 3:32:55 PM, on 08/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTHELPER.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Winrar\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/h.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.247.51.194:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://register.passport.net/reg.srf?xpwiz=true&lc=1033&langid=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
O1 - Hosts: 64.237.53.4 my.search
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1b340d40-43b6-4c82-af53-2d097151b72f} - C:\DOCUME~1\ADMINI~1\APPLIC~1\lystlleeprzj.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with GetRight - F:\Get Right\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - F:\Get Right\GetRight\GRbrowse.htm
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439ca.exe
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://soapmovie.com/cab/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
0
Kira,
your post and log will get removed for posting in someone else's thread,
and for not following the guidelines.
Computing.Net Guidelines
Post this again in a new thread after downloading and running a new update of CWShredder.exe
CWShredder.exeand click ‘Open’ and 'Fix' ; or 'Scan' and ‘Next’;
(obtain a new version for each run; there is a recent update)
Make sure that you click 'Next' and don't just scan only.
For the full story on CWS:
New address: http://www.merijn.org/cwschronicles.htmlReboot and POST A NEW TOPIC to get the rest of your stuff fixed up.
Don't reply here; you will not get answered.
0
My computer is going real slow, freezes up alot and the internet is slow. A Power scan page pops up as soon as I turn it on. I believe this is somehow connected to my problem. I don't understand all everyone is saying in previous postings, but it seems the power scan screen is somehow connected to my problems, as it began appearing just as I began freezing up. Is there anything I can do to fix this and get rid of this stupid powerscan thing? I don't remember even putting it on my computer.
Thanks
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
