Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me get rid of this PLEASE


  • This topic is locked This topic is locked
3 replies to this topic

#1 ptrainerboi

ptrainerboi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 17 November 2004 - 03:14 PM

Logfile of HijackThis v1.98.2
Scan saved at 2:43:00 PM, on 11/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ho4z4a8ffvy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\WINDOWS\System32\ho4z4a8ffvy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\J\Local Settings\Temp\Temporary Directory 2 for HijackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.easysearch.cc/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.motor-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\IEXPLORE.EXE
O4 - HKLM\..\Run: [mxmqpreuzo] C:\WINDOWS\System32\nzifjq.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\70658.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\ho4z4a8ffvy.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - Global Startup: winlogin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\qjhdbouo.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O19 - User stylesheet: (file missing)

BC AdBot (Login to Remove)

 


#2 Submit2s

Submit2s

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA-Missouri
  • Local time:01:53 AM

Posted 18 November 2004 - 08:50 AM

Welcome ptrainerboi,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
"We are what we think, All that we are arises in our thoughts; with our thoughts, we make the world. You can make your world or break your world by your thinking." Buddha~

#3 ptrainerboi

ptrainerboi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 18 November 2004 - 07:51 PM

Thanks

Jason

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 18 November 2004 - 10:49 PM

Closing this duplicate posting of the log.

ptrainerboi, please stick to one thread when posting logs to avoid condusion. And please have some patience, our volunteers have a lot of logs to do and they are very time consuming--we get to everyone as soon as we can.

Your issue is being addressed at the following link, please work in that thread from now on:
http://www.bleepingcomputer.com/forums/ind...n-eto\.com

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users