Need help with Hijackthis log

Discussion in 'Computer Support' started by Andrew Spiehler, Jul 31, 2004.

  1. Hi group:

    I've already run Spyware S&D, Adaware, Norton Antivirus, and
    CWShredder. The first three programs found a lot of junk and fixed it.
    I'm still having a problem whenever I sign into XP: my quick launch
    bar keeps getting reset to it's default (3 icon) size, and a "Search
    Assistant" toolbar shows up on the taskbar next to my system tray. If
    I right-click on the search input field, it gives me a choice of four
    different search engines, including BlazeFind. I can turn off the
    search bar, but it just keeps coming back every time I sign back in to
    my system.

    Hijackthis log follows:

    Logfile of HijackThis v1.98.0
    Scan saved at 9:21:14 PM, on 7/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\PGPserv.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\System32\hrhezxvj.exe
    C:\Program Files\WindowsSA\omniscient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software
    Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
    C:\Documents and Settings\Andrew Spiehler\My Documents\My
    Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.hp.com/go/notebookaccessories
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) -
    _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
    C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
    file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
    file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
    Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital
    Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
    Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
    Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program
    Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [xcaiywaw] C:\WINDOWS\System32\hrhezxvj.exe
    O4 - HKLM\..\Run: [Windows SA] C:\Program
    Files\WindowsSA\omniscient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
    & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: PGPtray.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
    - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
    Upload Tool Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
     
    Andrew Spiehler, Jul 31, 2004
    #1
    1. Advertising

  2. Andrew Spiehler

    °Mike° Guest

    On 30 Jul 2004 19:44:24 -0700, in
    <>
    Andrew Spiehler scrawled:

    >Hi group:
    >
    >I've already run Spyware S&D, Adaware, Norton Antivirus, and
    >CWShredder. The first three programs found a lot of junk and fixed it.
    >I'm still having a problem whenever I sign into XP: my quick launch
    >bar keeps getting reset to it's default (3 icon) size, and a "Search
    >Assistant" toolbar shows up on the taskbar next to my system tray. If
    >I right-click on the search input field, it gives me a choice of four
    >different search engines, including BlazeFind.


    TROJ_BLAZEFIND.A
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BLAZEFIND.A

    >I can turn off the search bar, but it just keeps coming back every
    >time I sign back in to my system.
    >
    >Hijackthis log follows:
    >
    >Logfile of HijackThis v1.98.0
    >Scan saved at 9:21:14 PM, on 7/30/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:


    >C:\WINDOWS\System32\hrhezxvj.exe


    End task the above process and delete the
    hrhezxvj.exe file. Empty the recycle bin.


    >C:\Program Files\WindowsSA\omniscient.exe


    End task the above process and delete
    the entire WindowsSA folder. Empty the
    recycle bin.


    >R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    >Settings,ProxyOverride = localhost


    Have HijackThis fix the above.

    >R3 - URLSearchHook: (no name) -
    >_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


    Have HijackThis fix the above.

    >F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,


    Have HijackThis fix the above.


    >O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
    >C:\WINDOWS\nem219.dll (file missing)


    Have HijackThis fix the above.


    >O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
    >file)


    Have HijackThis fix the above.


    >O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
    >file)


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [xcaiywaw] C:\WINDOWS\System32\hrhezxvj.exe


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [Windows SA] C:\Program
    >Files\WindowsSA\omniscient.exe


    Have HijackThis fix the above.


    >O4 - Global Startup: PGPtray.lnk = ?


    Broken link -- fix it.


    >O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    >- (no file)


    Have HijackThis fix the above.


    >O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop


    If you have a HP computer, leave the above, else fix it.



    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jul 31, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ~*Eternity*~

    Help with HijackThis! Log

    ~*Eternity*~, May 14, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    838
    Toolman Tim
    May 15, 2004
  2. nik_marquise

    HijackThis help . . . not log file . . . Help

    nik_marquise, Jun 8, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    404
    °Mike°
    Jun 8, 2004
  3. Warren Briggs

    Help with Hijackthis!! LOG

    Warren Briggs, Jun 9, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    608
    discogail
    Jun 9, 2004
  4. Mocha

    A Little Help With My Hijackthis Log please

    Mocha, Jun 10, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    523
    °Mike°
    Jun 11, 2004
  5. Adamnation

    HijackThis Log Help

    Adamnation, Jul 2, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    559
    °Mike°
    Jul 2, 2004
Loading...

Share This Page