hijack log, please help

Discussion in 'adware, spyware & hijack cleaning' started by rrrel, Mar 7, 2004.

Thread Status:
Not open for further replies.
  1. rrrel

    rrrel Registered Member

    Joined:
    Mar 7, 2004
    Posts:
    10
    hola,

    First of all, thanks in advance....

    I have a browser still displaying popups after running adaware and spybot. I had many other issuses including very slow performance, all of which have been fixed by disk cleanup, defrag, spybot and adaware. I cant seem to ged rid of one of the popups, so I figured I'd ask those that know more than I do. If I need to do anything else please let me know. If I followed the "before posting" directions, I would apperciate any help that you could give me. Thanks again.

    Dell inspirion 1100 running xp

    Hijack log as follows

    Logfile of HijackThis v1.97.7
    Scan saved at 2:14:25 AM, on 3/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Documents and Settings\Jenn\Desktop\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\whistlesoftware\WselServices\WhistleHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [HXBEI] C:\WINDOWS\HXBEI.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Whistle (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab

    thanks again
     
  2. rrrel

    rrrel Registered Member

    Joined:
    Mar 7, 2004
    Posts:
    10
    in addition to above post

    Almost forgot....

    I have disabled what I recognized as "not needed" but left what i did not recognise from my startup on msconfig and spybot

    thanks
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi rrrel,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\whistlesoftware\WselServices\WhistleHelper.dll

    O4 - HKLM\..\Run: [HXBEI] C:\WINDOWS\HXBEI.exe

    O9 - Extra button: Whistle (HKLM)

    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab

    Then reboot and delete:

    C:\Program Files\whistlesoftware <= entire folder

    Regards,

    Pieter
     
  4. rrrel

    rrrel Registered Member

    Joined:
    Mar 7, 2004
    Posts:
    10
    Thanks for your help Pieter.

    rrrel
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    My pleasure. :)

    Pieter
     
  6. challenger1

    challenger1 Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    1
    what is this and how does it get on the pc? I had a user with ie problems and found this running. after i disabled it it would let you go to next logon page. Just doing more research on it
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi challenger1,

    Welcome at Wilders. :)

    Are you referring to whistlesoftware?
    http://www.uslocalweather.com/privacy.asp
    Suspected spyware and certified "bad programming"ware. ;)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.