Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I REALLY NEED HELP


  • Please log in to reply
2 replies to this topic

#1 peaches

peaches

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:NC
  • Local time:08:42 PM

Posted 20 January 2005 - 01:39 PM

I think my computer is infected w/ realsearch and 69sexsearch virus (and who knows what else). I ran Hijackthis but I don't know how to post my log on this site. I am running Windows XP. Any help would be greatly appreciated. :thumbsup:

BC AdBot (Login to Remove)

 


#2 peaches

peaches
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:NC
  • Local time:08:42 PM

Posted 20 January 2005 - 02:07 PM

Logfile of HijackThis v1.98.2
Scan saved at 1:26:16 PM, on 1/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\cmd64.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\System32\tibs3.exe
C:\WINDOWS\system32\dvpilatt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\Program Files\WebSiteViewer\125930.dlr
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Machelle Nash\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Flash Extender - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\System32\smiehlp.dll
O2 - BHO: (no name) - {C892AB1B-69A6-1171-D71B-33861A397AE6} - C:\WINDOWS\System32\bsgpnir.dll
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [B0F65D5B] C:\WINDOWS\system32\Aumut.exe
O4 - HKLM\..\Run: [9D7A87E6] C:\WINDOWS\system32\dvpilatt.exe
O4 - HKLM\..\Run: [A7C90F56] C:\WINDOWS\system32\vpsdeomnsol.exe
O4 - HKLM\..\Run: [09FE3E86] C:\WINDOWS\system32\ivedtmg.exe
O4 - HKLM\..\Run: [E8CA39F3] C:\WINDOWS\system32\srvceer.exe
O4 - HKLM\..\Run: [C63AEC4E] C:\WINDOWS\system32\tmvicert.exe
O4 - HKLM\..\Run: [AA5C4246] C:\WINDOWS\system32\pcupac.exe
O4 - HKLM\..\Run: [A5119C73] C:\WINDOWS\system32\tresvpsad.exe
O4 - HKLM\..\Run: [E17AB1F3] C:\WINDOWS\system32\trescat.exe
O4 - HKLM\..\Run: [1D39796E] C:\WINDOWS\system32\pctex.exe
O4 - HKLM\..\Run: [99A1D7F3] C:\WINDOWS\system32\upsx3xmrt.exe
O4 - HKLM\..\Run: [DE5EF4C3] C:\WINDOWS\system32\ivcon.exe
O4 - HKLM\..\Run: [F8A046D3] C:\WINDOWS\system32\ldpkctsapi.exe
O4 - HKLM\..\Run: [ED9655DB] C:\WINDOWS\system32\aamoacc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AEF50446] C:\WINDOWS\system32\clupar.exe
O4 - HKLM\..\Run: [CDBDC806] C:\WINDOWS\system32\rtmMDM.exe
O4 - HKLM\..\Run: [D38EAA86] C:\WINDOWS\system32\dptipobj.exe
O4 - HKLM\..\Run: [8D3E235E] C:\WINDOWS\system32\nvfcry.exe
O4 - HKLM\..\Run: [A0B8230B] C:\WINDOWS\system32\ldatatsr.exe
O4 - HKLM\..\Run: [A39A8373] C:\WINDOWS\system32\o4siwser.exe
O4 - HKLM\..\Run: [83D4F9EB] C:\WINDOWS\system32\QShbken.exe
O4 - HKLM\..\Run: [BBC2BB53] C:\WINDOWS\system32\tclnetc.exe
O4 - HKLM\..\Run: [AEDA867E] C:\WINDOWS\system32\cabrds.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\MACHEL~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [E8CA39F3] C:\WINDOWS\system32\srvceer.exe
O4 - HKCU\..\Run: [A7C90F56] C:\WINDOWS\system32\vpsdeomnsol.exe
O4 - HKCU\..\Run: [09FE3E86] C:\WINDOWS\system32\ivedtmg.exe
O4 - HKCU\..\Run: [C63AEC4E] C:\WINDOWS\system32\tmvicert.exe
O4 - HKCU\..\Run: [AA5C4246] C:\WINDOWS\system32\pcupac.exe
O4 - HKCU\..\Run: [E17AB1F3] C:\WINDOWS\system32\trescat.exe
O4 - HKCU\..\Run: [A5119C73] C:\WINDOWS\system32\tresvpsad.exe
O4 - HKCU\..\Run: [B0F65D5B] C:\WINDOWS\system32\Aumut.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [1D39796E] C:\WINDOWS\system32\pctex.exe
O4 - HKCU\..\Run: [9D7A87E6] C:\WINDOWS\system32\dvpilatt.exe
O4 - HKCU\..\Run: [99A1D7F3] C:\WINDOWS\system32\upsx3xmrt.exe
O4 - HKCU\..\Run: [DE5EF4C3] C:\WINDOWS\system32\ivcon.exe
O4 - HKCU\..\Run: [F8A046D3] C:\WINDOWS\system32\ldpkctsapi.exe
O4 - HKCU\..\Run: [ED9655DB] C:\WINDOWS\system32\aamoacc.exe
O4 - HKCU\..\Run: [AEF50446] C:\WINDOWS\system32\clupar.exe
O4 - HKCU\..\Run: [CDBDC806] C:\WINDOWS\system32\rtmMDM.exe
O4 - HKCU\..\Run: [D38EAA86] C:\WINDOWS\system32\dptipobj.exe
O4 - HKCU\..\Run: [8D3E235E] C:\WINDOWS\system32\nvfcry.exe
O4 - HKCU\..\Run: [A39A8373] C:\WINDOWS\system32\o4siwser.exe
O4 - HKCU\..\Run: [A0B8230B] C:\WINDOWS\system32\ldatatsr.exe
O4 - HKCU\..\Run: [BBC2BB53] C:\WINDOWS\system32\tclnetc.exe
O4 - HKCU\..\Run: [83D4F9EB] C:\WINDOWS\system32\QShbken.exe
O4 - HKCU\..\Run: [AEDA867E] C:\WINDOWS\system32\cabrds.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103947677500
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab

Thanx for reviewing my log.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:42 PM

Posted 26 January 2005 - 11:04 AM

If you are still having a problem, please post a brand new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users