Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bad bad thing


  • This topic is locked This topic is locked
3 replies to this topic

#1 scubadan

scubadan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 18 August 2005 - 12:13 AM

Posted Image

Posted Image

client host

127.0.0.1 localhost

127.0.0.1 www.f1organizer.com #REMOVED ADWARE URL
127.0.0.1 www.netpalnow.com #REMOVED ADWARE URL
127.0.0.1 www.addictivetechnologies.com #REMOVED ADWARE URL

Posted Image

Logfile of HijackThis v1.99.1
Scan saved at 11:50:09 PM, on 8/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\System32\runouce.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122842571608
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

its that dang runonce thing. i couldnt find anything on it except someone saying it was probably cws which it is not.

BC AdBot (Login to Remove)

 


m

#2 scubadan

scubadan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 18 August 2005 - 12:27 AM

here something interesting. i just noticed that my AIM profile has modified itself, and said soemthing about readme.. i updated aim recently.. so maybe this is aol's fault.

... and now my computer wont read the cd drive..... :thumbsup:

and its modified ewido and adaware as well.

lol. i deleted the readme file from the location it gave me, now it just says cannot find file or whatever, but its still making 4 instances of foxfire whenever i open it, and the first 3 do the file not found thing. i never opened the readme file i always canceled.

Edited by scubadan, 18 August 2005 - 06:17 AM.


#3 scubadan

scubadan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 19 August 2005 - 05:06 PM

nevermind looks like i got it... everything is back to normal. man that thing was nasty tho.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:39 PM

Posted 19 August 2005 - 10:03 PM

Thanks for telling us that you've solved this problem.

Should you experience similar please open a new HJT thread.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users