Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with computer registry


  • Please log in to reply
7 replies to this topic

#1 yang47

yang47

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 May 2005 - 06:09 AM

Printed below is a copy of my registry,

Logfile of HijackThis v1.99.1
Scan saved at 9:01:03 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\WL.exe
C:\Desktop\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NJStar Communicator\Njcom32.exe
C:\Program Files\NJStar Communicator\NJSIME.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\d\Desktop\BitComet\BitComet.exe
C:\Documents and Settings\d\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - C:\WINDOWS\system32\eefd.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\system32\WL.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Desktop\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\d\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www
O18 - Filter: text/html - {17A2E8FF-E0B3-4703-B67C-4CBA6C51FBFD} - C:\WINDOWS\system32\eefd.dll
O18 - Filter: text/plain - {17A2E8FF-E0B3-4703-B67C-4CBA6C51FBFD} - C:\WINDOWS\system32\eefd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thank you for your help

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 04 May 2005 - 06:11 AM

  • Please download this file: SpSeHjfix
  • Extract the file on your desktop.
  • Run SpSeHjfixXXX.exe.
  • Click Start disinfection
  • Reboot your system.
You will find on your desktop a log: SPSeHjFix.log.
  • Post the SPSeHjFix log and a new HJT log please


#3 yang47

yang47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 May 2005 - 04:51 PM

I have printed below a copy of the SPSeHjFix.log file as well as a new HJT log file.

(5/5/05 7:43:08 AM) SPSeHjFix started v1.1.2
(5/5/05 7:43:08 AM) OS: WinXP Service Pack 2 (5.1.2600)
(5/5/05 7:43:08 AM) Language: english
(5/5/05 7:43:08 AM) Win-Path: C:\WINDOWS
(5/5/05 7:43:08 AM) System-Path: C:\WINDOWS\system32
(5/5/05 7:43:08 AM) Temp-Path: C:\DOCUME~1\d\LOCALS~1\Temp\
(5/5/05 7:43:14 AM) Disinfection started
(5/5/05 7:43:14 AM) Bad-Dll(IEP): c:\docume~1\d\locals~1\temp\se.dll
(5/5/05 7:43:14 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\system32\eefd.dll
(5/5/05 7:43:14 AM) Searchassistant Uninstaller - Keys Deleted
(5/5/05 7:43:14 AM) UBF: 6 - UBB: 2 - UBR: 9
(5/5/05 7:43:14 AM) FilterKey: HKCR\text/html (deleted)
(5/5/05 7:43:14 AM) FilterKey: HKCR\CLSID\{17A2E8FF-E0B3-4703-B67C-4CBA6C51FBFD} (deleted)
(5/5/05 7:43:14 AM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/5/05 7:43:14 AM) FilterKey: HKCR\text/plain (deleted)
(5/5/05 7:43:14 AM) FilterKey: HKCR\CLSID\{17A2E8FF-E0B3-4703-B67C-4CBA6C51FBFD} (error while deleting)
(5/5/05 7:43:14 AM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/5/05 7:43:14 AM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} (deleted)
(5/5/05 7:43:14 AM) BHO-Key: HKCR\CLSID\{ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} (deleted)
(5/5/05 7:43:14 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\d\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(5/5/05 7:43:14 AM) UBF: 4 - UBB: 1 - UBR: 8
(5/5/05 7:43:14 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\d\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\d\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/5/05 7:43:14 AM) Stealth-String not found
(5/5/05 7:43:14 AM) File added to delete: c:\windows\system32\eefd.dll
(5/5/05 7:43:14 AM) File added to delete: c:\docume~1\d\locals~1\temp\se.dll
(5/5/05 7:43:14 AM) Reboot




Logfile of HijackThis v1.99.1
Scan saved at 7:50:06 AM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\WL.exe
C:\Desktop\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\d\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - C:\WINDOWS\system32\eefd.dll (file missing)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\system32\WL.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Desktop\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\d\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www
O18 - Filter: text/html - {1CEB0753-A4C2-4111-BA00-3FEE234AF9BA} - C:\WINDOWS\system32\eefd.dll
O18 - Filter: text/plain - {1CEB0753-A4C2-4111-BA00-3FEE234AF9BA} - C:\WINDOWS\system32\eefd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Btw,thank you for spending time to help me with my computer problems.
Cheerio

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 05 May 2005 - 04:15 AM

Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - C:\WINDOWS\system32\eefd.dll (file missing)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\d\LOCALS~1\Temp\se.dll,DllInstall
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {527BF730-2FFD-43DF-B9F4-3927E6A87153} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O18 - Filter: text/html - {1CEB0753-A4C2-4111-BA00-3FEE234AF9BA} - C:\WINDOWS\system32\eefd.dll
O18 - Filter: text/plain - {1CEB0753-A4C2-4111-BA00-3FEE234AF9BA} - C:\WINDOWS\system32\eefd.dll

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Make sure all hidden files and folders are visible (Instructions )
Reboot your computer into safe mode (Instructions)

Find and delete these files and folders (if they are still there):
C:\WINDOWS\system32\eefd.dll <= this file

Reboot your computer back into normal mode

Please go to this site: http://virusscan.jotti.org/
On top you'll find "File to upload and scan".
Browse to the next file, submit ith on that site and let it scan:

C:\WINDOWS\system32\WL.exe

Several scanning engines will be used to check the file for any threats. Please post the results of the scans + a new HijackThis log back here.

#5 yang47

yang47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 May 2005 - 05:04 AM

Pasted below is a copy of the scan results from the website as well as the registry results from the latest Hijackscan.

Service
Service load: 0% 100%

File: WL.exe
Status: OK
MD5 e121b46e957dbf783819ddf243a7f17e
Packers detected: -
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing


Logfile of HijackThis v1.99.1
Scan saved at 8:02:43 PM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\WL.exe
C:\Desktop\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\d\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - (no file)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\system32\WL.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Desktop\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thanks again for your time

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 05 May 2005 - 05:58 AM

* You have Spybot s&d (Teatimer option) running on your machine and that is good.

But prior to doing the fix below with hijackthis it need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.

Unless it is turned off it could interfer with the fix by hijackthis.

* Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\d\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - (no file)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

* Reboot your computer and post a new HijackThis log!

#7 yang47

yang47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 May 2005 - 11:49 AM

Pasted below is my latest version of my scanned registry.

Logfile of HijackThis v1.99.1
Scan saved at 2:45:35 AM, on 5/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\WL.exe
C:\Desktop\iTunesHelper.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\d\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cable.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - (no file)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\system32\WL.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Desktop\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thank you for your help

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 05 May 2005 - 12:22 PM

* You have Spybot s&d (Teatimer option) running on your machine and that is good.

But prior to doing the fix below with hijackthis it need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.

Unless it is turned off it could interfer with the fix by hijackthis.

* Scan again with HijackThis and check the following items:

O2 - BHO: (no name) - {AFF63FFE-6973-4B27-B679-66F0F64035C2} - (no file)
O2 - BHO: (no name) - {ECBBE8FB-5BCF-4623-8E8F-A4E29093AEA3} - (no file)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer and post a new log!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users