Someone please help. Hijacked

Discussion in 'adware, spyware & hijack cleaning' started by lagner, May 27, 2004.

Thread Status:
Not open for further replies.
  1. lagner

    lagner Registered Member

    Joined:
    May 27, 2004
    Posts:
    6
    spywareblaster help

    Everytime I try to run spywareblaster I get this error message:

    -This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it.-

    I have tried reinstalling several times and it is still the same.
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: spywareblaster help

    For some users this has been reported as a result of a CoolWebSearch Highjack. If by chance your experiencing other difficulties unrelated to SpywareBalster and want to check your system for possible problems....I suggest you follow the steps in the below thread.

    This thread---> Please read before posting your log!

    Also....Javacool hopes to have this fixed with the next revision\version.

    Bubba
     
  3. lagner

    lagner Registered Member

    Joined:
    May 27, 2004
    Posts:
    6
    hijack help

    Ok thank you very much.
     
    Last edited: May 28, 2004
  4. lagner

    lagner Registered Member

    Joined:
    May 27, 2004
    Posts:
    6
    I have used ad-ware and spybot but the files keep coming back. I have no clue what to do. Can someone pleeeease help me.



    Logfile of HijackThis v1.97.7
    Scan saved at 3:33:40 AM, on 5/28/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\STOPzilla!\szntsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\WINDOWS\csrss.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\docume~1\owner\locals~1\temp\wmplayer.exe
    C:\docume~1\owner\locals~1\temp\explorer.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    c:\docume~1\owner\locals~1\temp\explorer.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\My Documents\hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.yahoo.com
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\wintx\wintx32.dll
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Owner\Application Data\wintx\appnt32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\IbdJ5ZW.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [gfxhdeui] C:\WINDOWS\System32\gfxhdeui.exe
    O4 - HKLM\..\Run: [joyv] C:\WINDOWS\System32\joyv.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
    O4 - HKLM\..\Run: [srvpau] C:\WINDOWS\System32\srvpau.exe
    O4 - HKLM\..\Run: [xwmap] C:\WINDOWS\System32\xwmap.exe
    O4 - HKLM\..\Run: [ZCoreS] C:\WINDOWS\System32\ZCoreS.exe
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\inetdl_2.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [wmplayer.exe] C:\docume~1\owner\locals~1\temp\wmplayer.exe
    O4 - HKCU\..\Run: [explorer.exe] c:\docume~1\owner\locals~1\temp\explorer.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: explorer.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/cre3a46es.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Please send these files to submit@diamondcs.com.au

    C:\WINDOWS\csrss.exe
    C:\WINDOWS\sdkqh32.dll
    C:\WINDOWS\System32\joyv.exe
    C:\WINDOWS\System32\srvpau.exe
    C:\WINDOWS\System32\xwmap.exe
    C:\WINDOWS\System32\ZCoreS.exe
    C:\docume~1\owner\locals~1\temp\wmplayer.exe
    c:\docume~1\owner\locals~1\temp\explorer.exe

    Then click Start > Run and type this
    rundll32 C:\WINDOWS\sdkqh32.dll,Uninstall

    Then close all programs except Hijack this. Tick all of these and choose FIX SELECTED.

    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - (no file)

    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

    O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
    O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\IbdJ5ZW.exe
    O4 - HKLM\..\Run: [gfxhdeui] C:\WINDOWS\System32\gfxhdeui.exe
    O4 - HKLM\..\Run: [joyv] C:\WINDOWS\System32\joyv.exe
    O4 - HKLM\..\Run: [srvpau] C:\WINDOWS\System32\srvpau.exe
    O4 - HKLM\..\Run: [xwmap] C:\WINDOWS\System32\xwmap.exe
    O4 - HKLM\..\Run: [ZCoreS] C:\WINDOWS\System32\ZCoreS.exe
    O4 - HKCU\..\Run: [wmplayer.exe] C:\docume~1\owner\locals~1\temp\wmplayer.exe
    O4 - HKCU\..\Run: [explorer.exe] c:\docume~1\owner\locals~1\temp\explorer.exe
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install


    Then reboot and post a new log, I'm not sure about some of these yet, sorry
     
Thread Status:
Not open for further replies.