Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

93gtgrl--HJT log


  • This topic is locked This topic is locked
2 replies to this topic

#1 93gtgrl

93gtgrl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 16 December 2004 - 07:49 PM

Hi--thanks for keeping a site like this one. This is my dad's computer, and he likes to do trivia on IRC. Now, the computer is running very slowly, and I keep getting errors like "your quota is exceeded" and it kills IE about every 4 page loads.

It will not let me initialize any programs, and it puts things in different languages on pages. Please, please help me.

Logfile of HijackThis v1.99.0
Scan saved at 11:02:38 AM, on 12/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Smith Micro Shared\FAX\SMLoader.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Brian Dorff\My Documents\hjt\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\FAX\SMLoader.exe /PRNDRV
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O4 - Global Startup: Trojan Guarder.lnk
O4 - Global Startup: WinZip Quick Pick.lnk
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...11a0351cafa03db
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O19 - User stylesheet: (file missing)
O23 - Service: Application Layer Gateway Service - Unknown - C:\WINDOWS\System32\alg.exe
O23 - Service: Application Management - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Computer Browser - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Indexing Service - Unknown - C:\WINDOWS\System32\cisvc.exe
O23 - Service: COM+ System Application - Unknown - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Cryptographic Services - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: DefWatch - Unknown - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DHCP Client - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Diskeeper - Unknown - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fast User Switching Compatibility - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Gear Security Service - Unknown - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Help and Support - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: IMAPI CD-Burning COM Service - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Intel® Active Monitor - Unknown - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Unknown - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RIP Listener - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Server - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Workstation - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: TCP/IP Print Server - Unknown - C:\WINDOWS\System32\tcpsvcs.exe
O23 - Service: NetMeeting Remote Desktop Sharing - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - Unknown - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Windows Installer - Unknown - C:\WINDOWS\System32\msiexec.exe
O23 - Service: Message Queuing - Unknown - C:\WINDOWS\System32\mqsvc.exe
O23 - Service: Message Queuing Triggers - Unknown - C:\WINDOWS\System32\mqtgsvc.exe
O23 - Service: Net Logon - Unknown - C:\WINDOWS\System32\lsass.exe
O23 - Service: Network Connections - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Norton Internet Security Service - Unknown - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Unknown - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Network Location Awareness (NLA) - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Norton AntiVirus Client - Unknown - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NT LM Security Support Provider - Unknown - C:\WINDOWS\System32\lsass.exe
O23 - Service: Removable Storage - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - Unknown - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Unknown - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Unknown - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - Unknown - C:\WINDOWS\System32\lsass.exe
O23 - Service: Protected Storage - Unknown - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Access Connection Manager - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Registry - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\WINDOWS\System32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP - Unknown - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Security Accounts Manager - Unknown - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Simple TCP/IP Services - Unknown - C:\WINDOWS\System32\tcpsvcs.exe
O23 - Service: Symantec Network Drivers Service - Unknown - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Service - Unknown - C:\WINDOWS\System32\snmp.exe
O23 - Service: SNMP Trap Service - Unknown - C:\WINDOWS\System32\snmptrap.exe
O23 - Service: Print Spooler - Unknown - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: SSDP Discovery Service - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Performance Logs and Alerts - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Uninterruptible Power Supply - Unknown - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Security Center - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - Unknown - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration - Unknown - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - Unknown - C:\WINDOWS\System32\svchost.exe

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:03 PM

Posted 17 December 2004 - 08:25 PM

Hi

Please uninstall from Add/Remove Programs:
Windows AdControl Windupdates

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Download Ad-aware SE 1.05: here
Install it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.
Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.

Download System Security Suite here:
System Security Suite Download & Tutorial. Unzip it to your desktop.
Install the program. Don't use it yet.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a check mark next to all these:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...11a0351cafa03db

O19 - User stylesheet: (file missing)


Close all other windows and browsers, and press the Fix Checked button.

Search for these files and delete them if found:
c:\temp\salm.exe <-- this file

Delete these folders:
C:\Program files\SEARCH~1\ <-- this folder, foldername starts with SEARCH
C:\Program Files\Windows AdControl\ <-- thid folder
C:\Program Files\Windows ControlAd\ <-- this folder

Run AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

Run HijackThis! again and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:03 PM

Posted 29 December 2004 - 03:51 AM

Due to the lack of feedback this topic is closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users