1,105,197 Community Members

URLsearchhook (na name) wont stay deleted, notsure if virus -PLEASE HELP

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

yes, hello, ok, heres the problem, i have ran spybot s&d, found stuff and deleted it, malewarebytes isnt finding anything, but, when i run hijackthis it pops up the "urlsearchhook ( no name) with a bunch of numbers (no file), there are teo of them, they both pretty much look the same, except the second one says urlsearchhook a couple different times in the same line, like it repeat itself on the line ok, well when i delete them they go to the backups, but, there still also in the scan again, everytime i try and delete them they still pop back up on the scan, also, all the backups that i delete, when in the backups, come back in the backup folder also, they go away, but when i leave the backup and go back to it, there all right back there again, there are a couple other files i deleted that are in the backup folder that dont show up on the scan anymore but still pop up in the backups even after i delete them, bascially nothing will leave the backups, and i cant get rid of the urlsearchhook crap, i know there viruses, i have looked them up, if there not please inform me otherwise, if anyone has any advice or knows what to do please let me know, ty

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

here is the log file , the scan!


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-4108389560-3910850498-3852262214-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4108389560-3910850498-3852262214-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://aol.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.../blockwerx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7096 bytes

Member Avatar
SouthSeaPirate
Newbie Poster
6 posts since Mar 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Avira has suprised me on finding things Malwarebytes didnt. Give Avira a shot.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

ok, i ran avira, it found 52 suspected malware, all pretty much temporary internet files, html's, they were all quarantined and then deleted, but, then i ran hijackthis again, and the 2 URLsearchhook's were there, not 1 but 2, its in the scan report above, the same as before, but see, when i delete them they still are in the scan but they also do show up in the backup folder, when i delete anything from the backup's they all apear right back when i leave and go back, no matter how long i wait to go back, even other files i have deleted from the scan wont stay deleted from the backups. So, thats my basic issue, getting rid of the urlsearchhook's from the scan and keeping the files i delete that show up in backups stay deleted..please someone help, lol..ty for whomever assist me.. rj

Member Avatar
Godsp3ed
Posting Whiz in Training
235 posts since Jan 2009
Reputation Points: -7 [?]
Q&As Helped to Solve: 30 [?]
Skill Endorsements: 0 [?]
 
0
 

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)

The 'R3' Refers to extra registry values, you'll have to run a registry scan to clear this, try some good registry registry cleaner

Else download 'Ccleaner' and run a scan in the 'Issues' section of it which scans for registry errors..
And restart the computer as soon as u run the scan and fix the issues....

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

If you want help, you need to post the entire log from hijackthis, not just half of it.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

that is the whole log from hijackthis, what do you mean, thats everything it scanned, without the c: stuff . didnt think that stuff was important, just the stuff it scanned,

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

here is everything that was on the log i just saved after the hijackthis scan..also a couple bho's (no name)'s came up again, i cant get the backups to stay deleted, every time i delete them they come right back when i go back in there, every time, grrrrr,..please help.

Logfile of HijackThis v1.99.1
Scan saved at 4:22:49 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} -
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} -
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Ok. Now I can see the whole log, it tells me it is an ancient version.
Uninstall it and download the latest version, (2.0.2) and post a new log with that one.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

lol, i dont know how that happened, the first scan i did in this post was with hijackthis 2.0, but i deleted it when i tried another program, but forgot i still had the old version there so when i scanned with hijackthis i didnt realize it was the old one, anyway, here is the scan, theres alot different this time than the first scan now, but like i said, my main question is why wont the backups stay deleted and how do i get these stupid urlsearchhooks (na name) off the scan and my pc, they go to the backups when i delete them but they come right back up on the scan, its wierd cause now theres like 6 or 7 urlsearchhooks in my backups for hijackthis because like i said they go to the backup when i delete them but not off my pc, lol..anyway here it is...oh, i also did the regisrty cleaner program but it didnt get rid of the url's either, hope you can help, lol.thanks again. rj

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:01 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-4108389560-3910850498-3852262214-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} -
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} -
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4933 bytes

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Rule number 1. NEVER use a registry cleaner!

==

Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done :).
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Programs like SUPERAntiSpyware, may interfere with the following fix, so we need to temporarily disable it.

  • Right-click on the SUPERAntiSpyware icon in the system tray.
  • Choose View Control Center... "Preferences/options" button/tab.
  • On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts"
  • click Close to exit.

Don't forget to enable your SUPERAntiSpyware protection, when your computer is clean.

===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - 3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} -
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} -
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} -
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} -
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

hey, thank you very much for the advice, im on it right as i am writing this, lol..i will be back soon with the results, ttys. rj

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

im sorry but when i click on the link you have there for "resetteatimer.bat, it says the link is broken and i cant find it elsewhere on the web, or it shows another link called "subratam.org and when i go to that link theres no teatimer link like you showed me, what can i do

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Just disable it as normal and make certain it is not running in task manager before doing the fix.
I have the reset tea timer on pc at home, so if the above does not work, I will upload it for you to try again.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

im sorry, i dont wanna sound like an idiot, but i dont understand what your saying now, if i follow the steps you provided i need the resetteatimer.bat program thing to finish everything, what do you mean just disable it, disable what?

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Tea-Timer.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

ok, your probably gonna be tired of tryinna help me, lol, but what you just gave me i didnt see anything bout teatimer, the bottom links are just scan programs, the top one just took me to that proffesional page or whatever it is and they had a bunch of programs listed on the left of there page but nothing bout tea timer, do i need the tea timer thing to finish what you have told me to do in the beginning?

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Younjust need to manually disable Tea-Timer for the period of time you need to follow the rest of the instructions I gave.
If you do not disable it, hijackthis will not be able to 'Fix.'
That is why I said I would upload the resetteatimer.bat file if you had trouble disabling it yourself.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

yes, i am having trouble disabling it myself, please help me, grrrrrr.

Member Avatar
rjmc79
Light Poster
28 posts since Mar 2009
Reputation Points: -5 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

here is the new scan i did, because i just deleted superantispyware after uploading another program called ad-aware which i rather have, and for some reason, i dont know if it was one of the items ad-aware found but the urlsearchhook i couldnt get rid of before isnt there anymore, watch, here is the new scan after deleting what you told me to ok, please tell me if you see anything else that could be something bad, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:33 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4108389560-3910850498-3852262214-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237240278455&h=72516874bbbfc06a5042a1efd3e4290f/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 4616 bytes

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article