Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJ Log Help


  • Please log in to reply
3 replies to this topic

#1 dispatcher4life

dispatcher4life

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 November 2004 - 09:43 PM

Logfile of HijackThis v1.98.2
Scan saved at 7:39:38 PM, on 11/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=632
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=632
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=632
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\RP7CP7~1.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - AppInit_DLLs: sirzmd6rmc31lxll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

BC AdBot (Login to Remove)

 


#2 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 21 November 2004 - 12:31 AM

Hi dispatcher4life,

Run HJT again and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=632
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=632
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=632
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\RP7CP7~1.DLL

O20 - AppInit_DLLs: sirzmd6rmc31lxll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

Close any open browsers and windows and click "Fix Checked".

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Show hidden files/folders:
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Go to Start -> Search

Search for "All files or Folders"

In Advanced Options, make sure:
Search System Folders is checked
Search Hidden Files and Folders is checked
Search subfolders is checked
Case sensitive is unchecked.

In the search box, type in: sirzmd6rmc31lxll

If it finds any results, delete this file.

Your log seems small... please make sure you post the full log and everything in msconfig is enabled.

Reboot and post a new log.
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#3 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 28 November 2004 - 07:33 PM

EDIT: Because of the time since the last post, I am taking this topic off my "Watch Topic" post". Please PM me if you want to continue this thread.
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#4 real_supahstar

real_supahstar

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 December 2004 - 07:13 AM

Guys... I really need help... I had just reformatted my PC a week ago because I can't remove the http://win-eto.com/hp.htm?id=632

And guess what, I have it again... I don't know how I got it but I don't want to reformat again my PC...

Please help me...

you can e-mail me

hope to hear it from ya




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users