hi i need help

Discussion in 'adware, spyware & hijack cleaning' started by djmax60514, Jun 13, 2004.

Thread Status:
Not open for further replies.
  1. djmax60514

    djmax60514 Registered Member

    Jun 13, 2004
    Logfile of HijackThis v1.97.7
    Scan saved at 7:44:17 AM, on 6/13/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\ISS\BlackICE\blackd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\Program Files\ISS\BlackICE\blackice.exe
    C:\Program Files\ISS\BlackICE\rapapp.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\NetZero\qsacc\x1exec.exe
    C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\gabriel\My Documents\my downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://djmax60514.webcindario.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;;;searchap.untd.com;;localhost;*windowsupdate.microsoft.com;
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\gabriel\Application Data\Mozilla\Profiles\default\mhsonjl2.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
    O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapisvsu.exe
    O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'c:\progra~1\newdot~1\newdot~1.dll' missing
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38074.435162037
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://download.yahoo.com/dl/mail/ac4sbc.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6834293-90E4-4434-BE2C-F1A55D3729DE}: NameServer =

    i want to fix it I have one problem went i start i recivi a meseges from clickspring need to conect to internet and i now that is a spyware rigth!!!
    well i use spyhunter and ad-ware 6.0 please tell me what to fix
    Last edited by a moderator: Jun 13, 2004
  2. CalamityJane

    CalamityJane Registered Member

    Sep 29, 2002
    Central Florida
    Hi djmax60514 :)

    These are the harmful things you need to fix (that first one is Clickspring). To remove them follow these steps.

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*

    O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapisvsu.exe

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

    Reboot your PC

    Delete: C:\WINDOWS\System32\wapisvsu.exe

    You have no Service packs on your WinXP or on IE. You need to go to Windows update and get ALL the recommended critical security updates ASAP, otherwise you are going to be fighting infections constantly as today's new malware is using exploits in unpatched systems to silently install on you.
    Additionally this entry in your log indicates a leftover problem from improper removal of Newdot.Net
    (O10 - Broken Internet access because of LSP provider 'c:\progra~1\newdot~1\newdot~1.dll' missing)

    To fix it download LSPfix here:

    Start the program and then check the I know what I'm doing box.

    Disconnect from the internet.

    Move all instances of newdotnet to the Remove pane. click the Finish Button.
    Optional - Do you really want all those search settings by NetZero and Yahoo plus their tools bars? They can be removed safely using Hijackthis.

    More Optional but recommended:

    While Adaware is a great antispyware scanner and well respected, Spyhunter iis not. It is put out by a company who marketing tactics are dubious at best and many question it's effectiveness. Most of us use Spybot Search & Destroy in addition to Adaware and it is FREE and much more reliable and effective - it does not require you to pay anything to remove items it finds. It is strictly donationware - donate if you choose to. If I were you I would get rid of Spyhunter and use Adaware and Spybot instead.
    Here is the link
    Download Spybot Search and Destroy
Thread Status:
Not open for further replies.