hijack log, please help

rrrel · Mar 7, 2004

hola,

First of all, thanks in advance....

I have a browser still displaying popups after running adaware and spybot. I had many other issuses including very slow performance, all of which have been fixed by disk cleanup, defrag, spybot and adaware. I cant seem to ged rid of one of the popups, so I figured I'd ask those that know more than I do. If I need to do anything else please let me know. If I followed the "before posting" directions, I would apperciate any help that you could give me. Thanks again.

Dell inspirion 1100 running xp

Hijack log as follows

Logfile of HijackThis v1.97.7
Scan saved at 2:14:25 AM, on 3/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Jenn\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\whistlesoftware\WselServices\WhistleHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HXBEI] C:\WINDOWS\HXBEI.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Whistle (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab

thanks again

rrrel · Mar 7, 2004

in addition to above post

Almost forgot....

I have disabled what I recognized as "not needed" but left what i did not recognise from my startup on msconfig and spybot

thanks

Pieter_Arntz · Mar 7, 2004

Hi rrrel,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\whistlesoftware\WselServices\WhistleHelper.dll

O4 - HKLM\..\Run: [HXBEI] C:\WINDOWS\HXBEI.exe

O9 - Extra button: Whistle (HKLM)

O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab

Then reboot and delete:

C:\Program Files\whistlesoftware <= entire folder

Regards,

Pieter

rrrel · Mar 7, 2004

Thanks for your help Pieter.

rrrel

Pieter_Arntz · Mar 7, 2004

My pleasure.

Pieter

challenger1 · Mar 10, 2004

what is this and how does it get on the pc? I had a user with ie problems and found this running. after i disabled it it would let you go to next logon page. Just doing more research on it

Pieter_Arntz · Mar 10, 2004

Hi challenger1,

Welcome at Wilders.

Are you referring to whistlesoftware?
http://www.uslocalweather.com/privacy.asp
Suspected spyware and certified "bad programming"ware.

Regards,

Pieter

Log in or Sign up

hijack log, please help

rrrel Registered Member

rrrel Registered Member

Pieter_Arntz Spyware Veteran

rrrel Registered Member

Pieter_Arntz Spyware Veteran

challenger1 Registered Member

Pieter_Arntz Spyware Veteran

Log in or Sign up

hijack log, please help

rrrel Registered Member

rrrel Registered Member

Pieter_Arntz Spyware Veteran

rrrel Registered Member

Pieter_Arntz Spyware Veteran

challenger1 Registered Member

Pieter_Arntz Spyware Veteran

Useful Searches