|
| ||
| I need help I am 13 and I tried everything I could to remove whats on my computer. I have trojan guarder gold version (from downlosad.com) and it keeps says I have winupd. What is it and can I remove it and how? I also have homesearch as a homepage and can't get rid of it as one. I also get bestsearch and only the best or something like that. Once, Norton said I had bloodhound. Is this dangerous. The computer is goin very slow to. :sad: |
| ||
| Re: I need help It also says I need hijackthis on my logs...what is this? |
| ||
| Re: I need help The best way to fix your problems is to start here: http://daniweb.com/techtalkforums/thread5690.html There will be instructions there for hijackthis if you still need it. |
| ||
| Re: I need help Logfile of HijackThis v1.97.7 Scan saved at 09:12, on 10/3/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\msnmsg.exe C:\WINDOWS\nthp32.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\SPYWAR~1\SPYDOC~1.EXE C:\WINDOWS\System32\avp-32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\dzmrkz.dat C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\BRMFRSMG.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2762540F-4027-464D-8A3D-AD282EE653AB} - C:\WINDOWS\system32\ipcb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe O4 - HKLM\..\Run: [AVP-SE] avp-32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe O4 - HKLM\..\Run: [TE_RegProtect] C:\Program Files\Anti Trojan Elite\TERegPct.exe O4 - HKLM\..\Run: [nthp32.exe] C:\WINDOWS\nthp32.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe O4 - HKLM\..\RunServices: [AVP-SE] avp-32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\SPYDOC~1.EXE /Q O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O4 - Global Startup: Verizon Online Account Setup.lnk = C:\Program Files\Verizon Online\VOLSW\Accstp4.0.exe O4 - Global Startup: SmartUI.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: AIM (HKLM) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...abb9ec24c7b353 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/securit...?1095215288762 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{50077D79-8696-45D5-BDA9-D35E2504C020}: NameServer = 151.197.0.38 151.197.0.39 I guess this is my log...what do I do? If you have time help me...if not don't worry. |
| ||
| Re: I need help You have a hijacker that is very complicated to remove. Want to try it? |
| ||
| Re: I need help Help me any way possible!! |
| ||
| Re: I need help Quote:
Logfile of HijackThis v1.97.7 Aaack! You are waaay behind on your patches. These are the original, unpatched Windows versions--but let's clean up the mess, first. Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Not good... remove this later. C:\WINDOWS\dzmrkz.dat Here's the baddies. Everything from here out should be removed using the updated HijackThis in Safe Mode: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sgvbh.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {2762540F-4027-464D-8A3D-AD282EE653AB} - C:\WINDOWS\system32\ipcb.dll This seems to be your main problem. O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe O4 - HKLM\..\Run: [nthp32.exe] C:\WINDOWS\nthp32.exe O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...abb9ec24c7b353 FunWebProducts is a major source of adware, and should be dumped. O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab |
| ||
| Re: I need help First of all, you're using an older version of HijackThis; please download the latest version (1.98.2) and post a fresh log from that version. |
| ||
| Re: I need help Okay...Let me download the newer version....then I'll delete those and put up a new log |
| ||
| Re: I need help Must I do this in safe mode? |
| All times are GMT -4. The time now is 9:44 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC