windowssearch- hijackthislog- PLEASE HELP!

  1. 08-02-2005  #1
    brianm
    brianm is offline Newbie

    windowssearch- hijackthislog- PLEASE HELP!

    please help me! we've used, in this order (i think) norton a.v., spybot s&d, ad-aware se and mcafee on my girlfriends computer, to try to remove windowssearch homepage hijacker, but to no avail.

    here is our hijackthis log

    Logfile of HijackThis v1.99.0
    Scan saved at 10:25:16, on 8/02/05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SNMP.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\WINDOWS\CPQALERT.EXE
    C:\WINDOWS\CPQDMI.EXE
    C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\DMI98\WIN32\BIN\WIN32SL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\OPTIONS\CABS\CDOCK.EXE
    C:\PROGRAM FILES\COMPAQ\POWERCON ENHANCEMENTS\CPQACDC.EXE
    C:\PROGRAM FILES\COMPAQ\HOT KEY SUPPORT SOFTWARE\HKSS.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\ADWARESOFT\ADV0000.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windowssearch\windowssearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
    O4 - HKLM\..\Run: [Check Dock] c:\windows\options\cabs\cdock.exe
    O4 - HKLM\..\Run: [Hibernation] C:\Program Files\COMPAQ\PWRCON\HIB32.EXE
    O4 - HKLM\..\Run: [CPQCalib] C:\Program Files\COMPAQ\PWRCON\CPQCALIB.EXE
    O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
    O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hot Key Support Software\hkss.exe
    O4 - HKLM\..\Run: [Compaq Computer Security] rundll32.exe C:\PROGRA~1\COMPAQ\SECURI~1\SECURE32.CPL,Service
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adv0000.exe" hide
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SNMP agent] SNMP.EXE
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [CPQALERT] CPQALERT.EXE
    O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plab.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O13 - DefaultPrefix: http://htpps.ws?a=adv0000&s=
    O13 - WWW Prefix: http://htpps.ws?a=adv0000&s=
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...26/mcfscan.cab

    THANKS TO ANY WHO CAN HELP

  3. 08-02-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windowssearch\windowssearch.html
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
    O4 - HKLM\..\Run: [AdwareSoft] "C:\Program Files\AdwareSoft\adv0000.exe" hide
    O13 - DefaultPrefix: http://htpps.ws?a=adv0000&s=
    O13 - WWW Prefix: http://htpps.ws?a=adv0000&s=
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Go to the Control Panel and double click Add/Remove program. Uninstall:
    AdwareSoft
    Spy Annihilator

    Delete the following files and folders:
    c:\windowssearch
    C:\Program Files\AdwareSoft

    Reboot and post a fresh log
+ Reply to Thread
« Please Help with Freezeups/Hangs! | TIBS Dialer, Dialer.WSV and hiden.exe errors »