MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Internet & Email arrow Topic: Wild Tangent infection - HijackThis Log
November 22, 2019, 11:17:58 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 11:17:58 AM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Wild Tangent infection - HijackThis Log  (Read 4103 times)
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« on: July 22, 2004, 01:31:57 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP home edition
Problem Application Name & Version: Internet Explorer
Problem Hardware Make & Model: Dell
Error Messages:



This is for Benditup.

I have been working with some friends to clean up a badly infected computer.  I have a HiJackThis log that I hope you will review for me.  The PC is running much better now and the virus/spyware situation seems like it might be under control.  The worst issue that I had to deal with was the WildTangent infection that came in with AOL Instant Messenger and Web Rebates.  

Thanks,
Jeff

Logfile of HijackThis v1.98.0
Scan saved at 9:22:33 PM, on 7/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\tqeddh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Utilities\HiJackThis1.98\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eexyoyvskprl] C:\WINDOWS\System32\tqeddh.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 22, 2004, 01:57:11 AM »

Yup, I don't like that wild tangent either and Web Rebates
Which usually won't let you uninstall in add/remove programs
Wild Tangent will let you, most of the time, however

There may be 3 seperate entries for Wild Tangent in add/remove

You can have hijackthis fix these ones
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)

Optionally, I would fix this one too
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

MusicMatch jukebox is a tossup, up to you
I like the program, just not sure if it's needed on startup
Restart

But let's tackle this one, can't find no info on it....
O4 - HKLM\..\Run: [eexyoyvskprl] C:\WINDOWS\System32\tqeddh.exe

You can see tqeddh.exe in the running processes too....
I would Set windows to show hidden files and folders

Navigate to the file, Find what you can on it
Right click on it----properties---version
See what it's related too
Could you submit it to Kapersky's for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply use the Browse button to navigate to the file
Right click on it-----Select---Submit

If it's bad you should shut it down in Task Manager, have hijackthis
fix the entry, Restart in safe mode and delete it.....
If it won't shut down in the Task Manager
Then Restart in safe mode and see if it's running, if it's not
Delete the file and then use hijackthis....

If he's having troubles searching from the address bar or wants to set
search and start back too defaults you can use IEFIX
Then Restore Web Settings and change home page

Don't forget to clean out those temp folders(manually or use Disk Cleanup)and Flush out those Restore Points when everything is running good....
Logged

 
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #2 on: July 22, 2004, 02:34:49 AM »

Benditup,

When I tried to uninstall the Wind Tangent, all I coud find was a entry called "Wild Tangent Multiplayer Library".  I had expected to find "Wild Tangent Web Driver", "WT Updater" and "WT GameChannel" similar to what you alluded to.  I still have the WT control Panel in my Control Panel.  Do you think it advisable to uninstall the "MultiPlayer Library"?

I cleared the R3 and O2 and O4.  I left Music Match loading... It is not my machine and the user is out.

I looked everywhere for tqeddh.exe even in SAFE mode.  Can not find it.  I looked in the msconfig (where it showed up yesterday) and it is no longer there.  I think that AdAware might have finally giotten the best of it.

I am posting a new log for your review...

thanks,
Jeff

Logfile of HijackThis v1.98.0
Scan saved at 10:34:57 PM, on 7/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Utilities\HiJackThis1.98\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 22, 2004, 03:21:15 AM »

I would uninstall it, if you have any problems with it, just reinstall
Wild Tangent and go thru the process again, but I can't see you having
any problems

The icon in the desktop<---that should say control panel not desktop
do a search and delete the file related it
Here's some info
Wild Tangent support

Oh ya. I put MusicMatch jukebox on my brothers computer, see If I can
remember, I think I shut down mm-tray within the program itself
and mmtask with hijackthis, I didn't see no problems....
But again, leave it up to the owner
If you do a search for it on startup applications links, you will probably find that MusicMatch Jukebox works fine without it, but
I'm not sure how much resources each use or how much delay in startup
time there is when you first start the computer.....You can always have hijackthis fix it, Restart, see what happens,

Restore it if he/she needs it back
Open hijackthis>>>>Config>>>misc tools>>>backups
« Last Edit: July 22, 2004, 04:18:53 AM by benditup » Logged

 
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #4 on: July 22, 2004, 04:17:41 AM »

Hey Benditup, I was having a heck of a time with your site at around 10:30-11:00 Edst.  I'd request the URL for this page and it took a good minute to load the page so that I could read it.  The activity lights on the DSL icon would go solidly lit for 2-3 seconds and then totally inactive the the same interval of time.  Were you guys having trouble with your server?  If not, there is still something wrong at those people's house.  (I finally left because the refresh was taking FOREVER to do and I did not receive your latest response before I could see that they wanted to shut down for the night.)  I installed the ZoneAlarm firewall, SpywareBlaster and SpybotImmunize/Teatimer before I left.

I'll go back this weekend and complete this work.

Thanks for everything,
Jeff
Logged

 
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #5 on: July 25, 2004, 05:52:05 AM »

Benditup, did you get the response that I sent to you (post #5 above)?  Could you see if there were any server issues tha evening or tell me how I can get that information?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: July 25, 2004, 05:58:10 AM »

Hi Jeff, This is Admin's site
Just feels like home to a lot of us Smiley

You can try private messaging him or by email
Those matters would be in his hands

I've had times where it was tough getting on the site
Could of been a server issue
Don't know???

Is she still having problems accessing the site, or are you
I noticed a bit of a slowdown earlier, but it seems to be normal now....
Logged

 
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #7 on: July 25, 2004, 06:25:53 AM »

I sent that inquiry days ago and I knew that it would be #5 response.  But the response counter in the "support" inventory kept reading "4".  I asked the question because I thought that it might be important... so I was following up on it.  I haven't been back to their home since but I think that I am expecting to learn that their DSL connection is bad after what I experienced the other evening.  You say that I must speak to the Admin?...  I'll try to do that.  

Thanks a lot.
Jeff
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 28, 2017, 03:06:14 AM