Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log


  • This topic is locked This topic is locked
6 replies to this topic

#1 grfast

grfast

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 01 December 2004 - 05:09 AM

hi just wondered if someone could check this log

cheers
Logfile of HijackThis v1.98.2
Scan saved at 10:04:15, on 01/12/04
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB06.EXE
C:\WINDOWS\SYSTEM\HPLOCK.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
C:\Program Files\ICE.TCP\DEJAWINT.EXE
C:\WINDOWS\SYSTEM\WSASRV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPARTNERS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [HPLock] C:\WINDOWS\SYSTEM\HPLock.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\RunServices: [HP Off] SafeOff.exe -soft
O4 - HKLM\..\RunOnce: [0000 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0001 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0002 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0003 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0004 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0005 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKLM\..\RunOnce: [0006 - C:\Program Files\hewlett-packard\hpz\glue] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hpz\glue"
O4 - HKLM\..\RunOnce: [0007 - C:\Program Files\hewlett-packard\hpz] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hpz"
O4 - HKLM\..\RunOnce: [0008 - C:\Program Files\hewlett-packard] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard"
O4 - HKLM\..\RunOnce: [0009 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\9x] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\9x"
O4 - HKLM\..\RunOnce: [0010 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global\content] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global\content"
O4 - HKLM\..\RunOnce: [0011 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global"
O4 - HKLM\..\RunOnce: [0012 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit"
O4 - HKLM\..\RunOnce: [0013 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages"
O4 - HKLM\..\RunOnce: [0014 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global\skin] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global\skin"
O4 - HKLM\..\RunOnce: [0015 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global"
O4 - HKLM\..\RunOnce: [0016 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern"
O4 - HKLM\..\RunOnce: [0017 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins"
O4 - HKLM\..\RunOnce: [0018 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\nt4] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\nt4"
O4 - HKLM\..\RunOnce: [0019 - C:\WINDOWS\Start Menu\Programs\Hewlett-Packard] C:\WINDOWS\command.com /c rmdir "C:\WINDOWS\Start Menu\Programs\Hewlett-Packard"
O4 - HKLM\..\RunOnce: [0020 - C:\Program Files\hp deskjet 5550 series\images] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series\images"
O4 - HKLM\..\RunOnce: [0021 - C:\Program Files\hp deskjet 5550 series\ir documentation] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series\ir documentation"
O4 - HKLM\..\RunOnce: [0022 - C:\Program Files\hp deskjet 5550 series] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series"
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - User Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O13 - WWW. Prefix: http://
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com/downlo...LL58/banner.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = grfasteners.co.uk
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 158.152.1.43,158.152.1.58

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:12 PM

Posted 01 December 2004 - 08:53 AM

Hi

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a check mark next to all these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPARTNERS.DLL

O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O13 - WWW. Prefix: http://

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com/downlo...LL58/banner.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx


Close all other windows and browsers, and press the Fix Checked button.

Search for these files and delete them if found:
C:\WINDOWS\SYSTEM\ATPARTNERS.DLL <-- this file

Delete these folders:
C:\PROGRAM FILES\WIN COMM\ <-- this folder

Empty the Recycle Bin.

REBOOT normally.

Perform a full scan here: Trendmicro, check AutoClean and let him remove anything he finds.

Run HijackThis! again and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 grfast

grfast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 02 December 2004 - 03:29 AM

thanks for your help, i dind't manage to delete the WIN COMM and it didn't give me the option to start in safe mode.

here the new log though.

cheers

Logfile of HijackThis v1.98.2
Scan saved at 16:57:24, on 01/12/04
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB06.EXE
C:\WINDOWS\SYSTEM\HPLOCK.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [HPLock] C:\WINDOWS\SYSTEM\HPLock.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\RunServices: [HP Off] SafeOff.exe -soft
O4 - HKLM\..\RunOnce: [0000 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win9x_me"
O4 - HKLM\..\RunOnce: [0001 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_nt"
O4 - HKLM\..\RunOnce: [0002 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers\win_2k"
O4 - HKLM\..\RunOnce: [0003 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu\drivers"
O4 - HKLM\..\RunOnce: [0004 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\enu"
O4 - HKLM\..\RunOnce: [0005 - C:\Program Files\Hewlett-Packard\HPZ\GLUE\util] C:\WINDOWS\command.com /c rmdir "C:\Program Files\Hewlett-Packard\HPZ\GLUE\util"
O4 - HKLM\..\RunOnce: [0006 - C:\Program Files\hewlett-packard\hpz\glue] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hpz\glue"
O4 - HKLM\..\RunOnce: [0007 - C:\Program Files\hewlett-packard\hpz] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hpz"
O4 - HKLM\..\RunOnce: [0008 - C:\Program Files\hewlett-packard] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard"
O4 - HKLM\..\RunOnce: [0009 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\9x] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\9x"
O4 - HKLM\..\RunOnce: [0010 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global\content] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global\content"
O4 - HKLM\..\RunOnce: [0011 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit\global"
O4 - HKLM\..\RunOnce: [0012 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages\widget-toolkit"
O4 - HKLM\..\RunOnce: [0013 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\packages"
O4 - HKLM\..\RunOnce: [0014 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global\skin] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global\skin"
O4 - HKLM\..\RunOnce: [0015 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern\global"
O4 - HKLM\..\RunOnce: [0016 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins\modern"
O4 - HKLM\..\RunOnce: [0017 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\chrome\skins"
O4 - HKLM\..\RunOnce: [0018 - C:\Program Files\hewlett-packard\hp deskjet assistant\bin\nt4] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hewlett-packard\hp deskjet assistant\bin\nt4"
O4 - HKLM\..\RunOnce: [0019 - C:\WINDOWS\Start Menu\Programs\Hewlett-Packard] C:\WINDOWS\command.com /c rmdir "C:\WINDOWS\Start Menu\Programs\Hewlett-Packard"
O4 - HKLM\..\RunOnce: [0020 - C:\Program Files\hp deskjet 5550 series\images] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series\images"
O4 - HKLM\..\RunOnce: [0021 - C:\Program Files\hp deskjet 5550 series\ir documentation] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series\ir documentation"
O4 - HKLM\..\RunOnce: [0022 - C:\Program Files\hp deskjet 5550 series] C:\WINDOWS\command.com /c rmdir "C:\Program Files\hp deskjet 5550 series"
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - User Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = grfasteners.co.uk
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 158.152.1.43,158.152.1.58

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:12 PM

Posted 02 December 2004 - 04:06 AM

Hi

i dind't manage to delete the WIN COMM

Try to delete it again. Right click, select Properties and check if it is not read-only. Uncheck read-only and delete the folder.

Log looks clean...great job ! :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

How did I get infected?, With steps so it does not happen again!

Glad I was able to help.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 grfast

grfast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 02 December 2004 - 08:23 AM

Hi re WIN COMM folder i have check the properties and all boxes are un checked. but when i try to delete it it says file may be in use by windows

cheers.

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:12 PM

Posted 02 December 2004 - 08:34 AM

Download KillBox here: KillBox. Unzip it to your desktop.

Start Killbox.exe

Select the Delete on reboot option.

Copy and paste the following folder to the address bar:
C:\PROGRAM FILES\WIN COMM

Press the Delete button (the button that looks like a red circle with a white X in it).

A dialog box will ask if you want to delete and reboot now - answer Yes.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:12 PM

Posted 23 December 2004 - 03:53 AM

Due to the lack of feedback this topic is closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users