11-25-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !!
See you there,
Larry

---

malfunctioning computer - hijackthis enclosed

Go to the Tech-Forums Discussion Home Page

---

Posted by: zhecody

What's up. I am having some major problems here. I did exactly what DMo224 said to do in his "Common Instructions" post. However, that didn't fix anything. So I d/l Hijackthis, installed it, chose to show all system files, restarted my computer and then ran Hijackthis. If you need to know, symptoms are this : mozilla and IE both will just go to this website without any warning when i'm browsing, unusual amount of pop-ups, and my homepage in IE will not stay on google no matter how many times i change it back. I hope someone can help and i thank you greatly.



Logfile of HijackThis v1.99.1
Scan saved at 4:32:14 PM, on 4/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\pctspk.exe
D:\Program Files\PPAVMon.exe
D:\Program Files\PPServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\javacz32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
D:\PROGRA~1\PPInupdt.exe
D:\PROGRA~1\PPTbc.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\apipw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system32\calk.exe
D:\Program Files\POPSCAN.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://unosearch.net/sp.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://unosearch.net/index.html[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://unosearch.net/index.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tscqu.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tscqu.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tscqu.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://unosearch.net/sp.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://unosearch.net/index.html[/url]
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {99DB325C-EB88-33C3-7785-032CC2FC713B} - C:\WINDOWS\system32\atlqy.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [PP2000 InstaUpdate] D:\PROGRA~1\PPInupdt.exe
O4 - HKLM\..\Run: [PP2000 Taskbar Control] D:\PROGRA~1\PPTbc.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [apipw32.exe] C:\WINDOWS\system32\apipw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunOnce: [javacz32.exe] C:\WINDOWS\javacz32.exe
O4 - HKCU\..\Run: [calk] c:\windows\system32\calk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.netglearning.com
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netyj32.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Unknown owner - D:\Program Files\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Unknown owner - D:\Program Files\PPServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

---

Posted by: Warez Monster

Remove at your own risk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tscqu.dll/sp.html#28129 This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tscqu.dll/sp.html#28129 This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tscqu.dll/sp.html#28129 This entry should be fixed by HijackThis!

R3 - Default URLSearchHook is missing Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed.

O4 - HKLM\..\Run: [apipw32.exe] C:\WINDOWS\system32\apipw32.exe It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab This entry is possibly nasty. Should be fixed.

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll

---

Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site