|
| ||
| yet another "hijackthis" log... hey, i'm a newb...and to my techie friends i'm refered to as computer illiterate, which, i really can't argue with...hmm...so a bad two days with computers...just yesterday, my sister downloaded a virus onto my hard drive and i end up having to decide to reinstall windows and lose everything saved on that hard drive...or wait for the tiny chance that my wonderful computer mastermind friend can fix it...but anyways, i'm on my parents' computer...lucky i'm back home and have a backup computer, right?...well anyways...it seems that i have a little problem on this one as well...so lets see if i can fix it Logfile of HijackThis v1.99.0 Scan saved at 4:03:55 AM, on 1/7/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\cfgbkend.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\windows\hvbynjx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\HOTSYNC.EXE C:\WINDOWS\system32\javayp32.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\g3torrent\g3torrent.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Hesuk Ahn\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/asianpanthers R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [xgVH] c:\documents and settings\albert ahn\local settings\temp\xgVH.exe O4 - HKLM\..\Run: [w] C:\documents and settings\albert ahn\local settings\temp\w.exe O4 - HKLM\..\Run: [e7fdbd9d1f37] C:\WINDOWS\System32\cfgbkend.exe O4 - HKLM\..\Run: [RJr] C:\documents and settings\albert ahn\local settings\temp\RJr.exe O4 - HKLM\..\Run: [sJw7FKGyG] C:\documents and settings\albert ahn\local settings\temp\sJw7FKGyG.exe O4 - HKLM\..\Run: [4XLLHM45F#JA@G] C:\WINDOWS\System32\Yan1K.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [tcfjmeo] c:\windows\anajnkv.exe O4 - Global Startup: 922794.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted IP range: (HKLM) O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayp32.exe and i know that there's something wrong...somewhere in here, so i was hoping that someone could tell me what's wrong here? i know the "search4u" deal isn't good...since it constantly changes itself to my home page no matter what i do...i've run constant virus scans and adware scans and i keep on getting new viruses and spywares...out of now where...i feel like i'm going to pull my hair out, so someone please help asap |
| ||
| Re: yet another "hijackthis" log... Asianpanthers, first you need to go to Window Update to get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean. Next, you are currently running hijackthis from a temp folder; you need to put hijackthis into it's own permanent folder (like c:\hjt\hijackthis.exe). The reason for this is part of cleaning your system may require all temporary folders to be cleaned out; also, hijackthis puts it's backups into the same folder where it is installed, so your backups will be at risk of being deleted as well. After you put hijackthis into it's own folder, close all browser windows, scan with HJT, and post a new log please. |
| ||
| Re: yet another "hijackthis" log... Logfile of HijackThis v1.99.0 Scan saved at 2:51:30 PM, on 1/7/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\javayp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\cfgbkend.exe C:\documents and settings\albert ahn\local settings\temp\RJr.exe C:\documents and settings\albert ahn\local settings\temp\sJw7FKGyG.exe C:\windows\qbyqawk.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\HOTSYNC.EXE C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe C:\Documents and Settings\Hesuk Ahn\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Documents and Settings\Hesuk Ahn\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dr-search4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Hesuk Ahn\Local Settings\Temp\Ap26.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [xgVH] c:\documents and settings\albert ahn\local settings\temp\xgVH.exe O4 - HKLM\..\Run: [w] C:\documents and settings\albert ahn\local settings\temp\w.exe O4 - HKLM\..\Run: [e7fdbd9d1f37] C:\WINDOWS\System32\cfgbkend.exe O4 - HKLM\..\Run: [RJr] C:\documents and settings\albert ahn\local settings\temp\RJr.exe O4 - HKLM\..\Run: [sJw7FKGyG] C:\documents and settings\albert ahn\local settings\temp\sJw7FKGyG.exe O4 - HKLM\..\Run: [4XLLHM45F#JA@G] C:\WINDOWS\System32\Yan1K.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [fhgftmh] c:\windows\mfccyvm.exe O4 - Global Startup: 922794.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted IP range: (HKLM) O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayp32.exe ok, i'm updated all the windows were closed at time of scan, so someone please help @.@ i think it's getting worse |
| ||
| Re: yet another "hijackthis" log... I see why you don't argue with you friends .:) lol You need to unzip you copy of hijackthis to a folder of its own not run it from the zip program! And your log is in bad shape!! ,,,,,,,,,,,,,,,,,,,,,,, Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process! 1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'. 2. Copy and paste HijackThis.exe to the new folder. 3. Close ALL windows except HJT 4. SCAN with HJT 5. POST the new log in this thread using 'Add Reply' DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH |
| ||
| Re: yet another "hijackthis" log... Logfile of HijackThis v1.99.0 Scan saved at 5:35:31 PM, on 1/7/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\javayp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\cfgbkend.exe C:\documents and settings\albert ahn\local settings\temp\RJr.exe C:\documents and settings\albert ahn\local settings\temp\sJw7FKGyG.exe C:\windows\qbyqawk.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\HOTSYNC.EXE C:\WINDOWS\system32\iekd.exe C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe C:\Documents and Settings\Hesuk Ahn\My Documents\HIJACKTHIS\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dr-search4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Hesuk Ahn\Local Settings\Temp\Ap26.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [xgVH] c:\documents and settings\albert ahn\local settings\temp\xgVH.exe O4 - HKLM\..\Run: [w] C:\documents and settings\albert ahn\local settings\temp\w.exe O4 - HKLM\..\Run: [e7fdbd9d1f37] C:\WINDOWS\System32\cfgbkend.exe O4 - HKLM\..\Run: [4XLLHM45F#JA@G] C:\WINDOWS\System32\Yan1K.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [fhgftmh] c:\windows\mfccyvm.exe O4 - Global Startup: 922794.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted IP range: (HKLM) O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayp32.exe |
| ||
| Re: yet another "hijackthis" log... You have a pepper infection the uninstaller is available from these locations:- http://www.memorywatcher.com/uninst.exe http://www.mjc1.com/files/peperpage/uninst.exe http://www.downloads.subratam.org/uninst.exe When you run the uninstaller, you MUST have an internet connection active for it to work. Please run this twice with a reboot in between. |
| ||
| Re: yet another "hijackthis" log... After that dot the following !! ,,,,,,,,,,, Go Here and Get Trojan-Hunter Fully working trial! ,,,,,,,,,,,,,,,,,, Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example C:\WINDOWS\Temp\ C:\Temp\ C:\Documents and Settings\username\Local Settings\Temp\ Also delete your Temporary Internet Files, be sure to also select delete all offline content. Do a virus scan here. If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply. ,,,,,,,,,,,,,,,,,,,,,,,,,, Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds. CWShredder available from these places :- http://www.aluriasoftware.com/tools/cwshredder.zip Or this as a full download without any unzipping required http://www.downloads.subratam.org/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode. To get to safe mode use the F8 key while booting the machine. Detailed instructions from :- HERE ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT First use Spybot S&D. (Version 1.3) Spybot Unzip, and update. Install the updates and run. Delete all that it marks in red. Reboot Then it’s time for Ad-Aware Ad-Aware Install and update by using the globe icon. Restart your computer and run Ad-Aware. Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer. Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware How To Setup Spybot SD and Ad-Aware Then post a HJT log as a reply to this topic. |
| ||
| Re: yet another "hijackthis" log... Logfile of HijackThis v1.99.0 Scan saved at 9:41:05 PM, on 1/7/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\cfgbkend.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\HOTSYNC.EXE C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe C:\WINDOWS\System32\jitpcopg.exe C:\Documents and Settings\Hesuk Ahn\My Documents\HIJACKTHIS\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dr-search4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} - C:\WINDOWS\system32\d3ui.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [xgVH] c:\documents and settings\albert ahn\local settings\temp\xgVH.exe O4 - HKLM\..\Run: [w] C:\documents and settings\albert ahn\local settings\temp\w.exe O4 - HKLM\..\Run: [e7fdbd9d1f37] C:\WINDOWS\System32\cfgbkend.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [nafrixi] c:\windows\enjxutm.exe O4 - Global Startup: 922794.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted IP range: (HKLM) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayp32.exe (file missing) hmmm...how am i looking? |
| ||
| Re: yet another "hijackthis" log... Can I play too? :). Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dr-search4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} - C:\WINDOWS\system32\d3ui.dll (file missing) O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [xgVH] c:\documents and settings\albert ahn\local settings\temp\xgVH.exe O4 - HKLM\..\Run: [w] C:\documents and settings\albert ahn\local settings\temp\w.exe O4 - HKLM\..\Run: [e7fdbd9d1f37] C:\WINDOWS\System32\cfgbkend.exe O4 - HKCU\..\Run: [nafrixi] c:\windows\enjxutm.exe O4 - Global Startup: 922794.exe O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O15 - Trusted IP range: (HKLM) O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayp32.exe (file missing) Reboot into safe mode following the instructions here and navigate to and delete the following if found: C:\Program Files\Viewpoint\Viewpoint Manager<----folder C:\Program Files\DeskAd Service<----folder c:\documents and settings\albert ahn\local settings\temp<----folder contents C:\Documents and Settings\All Users\Start Menu\Programs\Startup\922794.exe<----file C:\WINDOWS\System32\cfgbkend.exe<----file c:\windows\enjxutm.exe<----file In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here. Reboot normally after doing the above, rescan with hijackthis, then post that log here please. |
| ||
| Re: yet another "hijackthis" log... Quote:
|
| All times are GMT -4. The time now is 6:52 am. |
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC