Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help on Hijack This


  • Please log in to reply
1 reply to this topic

#1 txd2death

txd2death

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 03 March 2005 - 02:05 PM

Hope you folks can help me out

Downloaded Hijackthis and ran the other day and came across the following:

Logfile of HijackThis v1.99.1
Scan saved at 9:17:51 PM, on 2/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32ctfmon.exe
C:WINDOWShtpatch.exe
C:WINDOWSSystem32khooker.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSDit.exe
C:WINDOWSSystem32spoolDRIVERSW32X86hpoopm07.exe
C:WINDOWSSystem32qttask.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:WINDOWSSystem32spooldriversw32x86hpztsb11.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32hphmon06.exe
C:Program FilesAdmanager ControllerAdManCtl.exe
C:WINDOWSDitExp.exe
C:Program FilesPreview AdServicePrevAdServ.exe
C:PROGRA~1PANICW~1POP-UP~1PSFree.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesPreview AdServicePrevAdKeep.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32HPZipm12.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesNikonNkView6NkvMon.exe
C:Program FilesMicrosoft OfficeOffice10msoffice.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:Program FilesHPDigital Imaginginhpqgalry.exe
C:Documents and SettingsDianeDesktopJerryHijack removerHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.nowfind.net/umax5/index.php
R1 - HKLMSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/umax5/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/umax5/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.medion.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/umax5/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/umax5/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/umax5/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/umax5/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/umax5/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = xfilter.net:80
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:Program FilesJUSearchSearchEnh1.dll
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:Program FilesJunoToolbar.dll
O4 - HKLM..Run: [HTpatch] C:WINDOWShtpatch.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSSystem32khooker.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Dit] Dit.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [HPAIO_PrintFolderMgr] C:WINDOWSSystem32spoolDRIVERSW32X86hpoopm07.exe
O4 - HKLM..Run: [QuickTime Task] C:WINDOWSSystem32qttask.exe
O4 - HKLM..Run: [WindUpdates] C:Program FilesWindUpdatesWinUpdt.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x86hpztsb11.exe
O4 - HKLM..Run: [HPHUPD06] C:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPHmon06] C:WINDOWSSystem32hphmon06.exe
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngineMain
O4 - HKLM..Run: [Admanager Controller] C:Program FilesAdmanager ControllerAdManCtl.exe
O4 - HKLM..Run: [Preview AdService] C:Program FilesPreview AdServicePrevAdServ.exe
O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe"
O4 - HKCU..Run: [spc_w] "C:Program FilesJUSearchhcm.exe" -w
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [AIM] C:PROGRA~1AIMaim.exe -cnetwait.odl
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPdigital imaginginhpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPdigital imaginginhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:Program FilesNikonNkView6NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRA~1AIMaim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O13 - DefaultPrefix: http://www.nowfind.net/umax3/gallery.php?url=
O13 - WWW Prefix: http://www.nowfind.net/umax3/gallery.php?url=
O13 - Home Prefix: http://www.nowfind.net/umax3/gallery.php?url=
O13 - Mosaic Prefix: http://www.nowfind.net/umax3/gallery.php?url=
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/GamesUnl.../bridge-c18.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O17 - HKLMSystemCCSServicesTcpip..{E1DCF747-AC51-42E1-A83E-2481C380E57B}: NameServer = 66.19.192.200 216.126.128.40
O21 - SSODL: eplrr - {F11F737C-5527-4C13-8221-9A95413C8CC0} - C:WINDOWSSystem32eplrr3.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:WINDOWSsystem32ZoneLabsvsmon.exe

Deleted everything with nowfind.net in it, but did not change anything in my registry. Also deleted the spe folder that I found.

Reran the log and now have:

Logfile of HijackThis v1.99.1
Scan saved at 11:44:13 PM, on 3/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWShtpatch.exe
C:WINDOWSSystem32khooker.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSDit.exe
C:WINDOWSSystem32spoolDRIVERSW32X86hpoopm07.exe
C:WINDOWSSystem32qttask.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:WINDOWSSystem32spooldriversw32x86hpztsb11.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32hphmon06.exe
C:Program FilesAdmanager ControllerAdManCtl.exe
C:Program FilesPreview AdServicePrevAdServ.exe
C:PROGRA~1PANICW~1POP-UP~1PSFree.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
C:PROGRA~1AIMaim.exe
C:Program FilesPreview AdServicePrevAdKeep.exe
C:WINDOWSDitExp.exe
C:WINDOWSSystem32HPZipm12.exe
C:Program FilesNikonNkView6NkvMon.exe
C:Program FilesMicrosoft OfficeOffice10msoffice.exe
C:Program FilesHPDigital Imaginginhpqgalry.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:WINDOWSSystem32wuauclt.exe
C:Documents and SettingsDianeDesktopJerryHijack removerHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mycobbweb.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.medion.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = xfilter.net:80
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:Program FilesJUSearchSearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:Program FilesJunoToolbar.dll
O4 - HKLM..Run: [HTpatch] C:WINDOWShtpatch.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSSystem32khooker.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Dit] Dit.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [HPAIO_PrintFolderMgr] C:WINDOWSSystem32spoolDRIVERSW32X86hpoopm07.exe
O4 - HKLM..Run: [QuickTime Task] C:WINDOWSSystem32qttask.exe
O4 - HKLM..Run: [WindUpdates] C:Program FilesWindUpdatesWinUpdt.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x86hpztsb11.exe
O4 - HKLM..Run: [HPHUPD06] C:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPHmon06] C:WINDOWSSystem32hphmon06.exe
O4 - HKLM..Run: [Admanager Controller] C:Program FilesAdmanager ControllerAdManCtl.exe
O4 - HKLM..Run: [Preview AdService] C:Program FilesPreview AdServicePrevAdServ.exe
O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe"
O4 - HKCU..Run: [spc_w] "C:Program FilesJUSearchhcm.exe" -w
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [AIM] C:PROGRA~1AIMaim.exe -cnetwait.odl
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPdigital imaginginhpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPdigital imaginginhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:Program FilesNikonNkView6NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRA~1AIMaim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O21 - SSODL: eplrr - {F11F737C-5527-4C13-8221-9A95413C8CC0} - C:WINDOWSSystem32eplrr3.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:WINDOWSsystem32ZoneLabsvsmon.exe

My internet browser is still screwed and redirect google to a site blocked by my proxy filter. (xfilter.net) In addition, I keep getting URL error messages and it takes 2 or 3 tries to get to various email sites.

What additional entries can I safely remove and what entries should I have removed from my registry?

Thanks for your help and advice

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:55 PM

Posted 03 March 2005 - 02:50 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O4 - HKLM..Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM..Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\WindUpdates\
C:\Program Files\Admanager Controller\

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users