HJT Log - HELP PLEASE

Unknown
edited November 2004 in Spyware & Virus Removal
Logfile of HijackThis v1.98.2
Scan saved at ?? 12:18:46, on 2004-10-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\appat32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ieft.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0
e4\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {11BEC0B9-C370-4820-FE14-3C42B32E0875} -
C:\WINDOWS\system32\apitx.dll
O4 - HKLM\..\Run: [appat32.exe] C:\WINDOWS\system32\appat32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

Comments

  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited November 2004
    SVT Forum Etiquette

    Steps To Take Before Posting a Hijack This Log
  • ej744
    edited November 2004
    :canflag:

    I ran through the steps in HSA removal guide and things just don't seem
    to be getting any better. Can someone please review this log for anything that sticks out. Thank you.


    Logfile of HijackThis v1.98.2
    Scan saved at ?? 12:18:46, on 2004-10-25
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\appat32.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\ieft.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0
    e4\update\update.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\system32\pqurn.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {11BEC0B9-C370-4820-FE14-3C42B32E0875} -
    C:\WINDOWS\system32\apitx.dll
    O4 - HKLM\..\Run: [appat32.exe] C:\WINDOWS\system32\appat32.exe
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
    SyncroAd\SyncroAd.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O8 - Extra context menu item: Web Rebates - file://C:\Program
    Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
This discussion has been closed.