| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64369 | 2005-12-12 23:44:00 | HijackThis - Help | olwyn (8088) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 412224 | 2005-12-12 23:44:00 | Was browsing the post re disconnections on dial up and decided out of curiosity to click on Speedy's link and run a HijackThis scan. Now I don't know if we are allowed to do requests but Speedy I'd love it if you could have a look at this and tell me what to do next.All that Host business looks a bit dodgy does it not? Thanks Logfile of HijackThis v1.99.1 Scan saved at 12:22:57 p.m., on 13/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Fast.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskswitch.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Mum's Folder\MSGTAG\MSGTAG.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe c:\Program Files\Microsoft Money\System\urlmap.exe C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = 103.nowfind.biz R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = 103.nowfind.biz R1 - HKLM\Software\Microsoft\Internet Explorer,Search = 103.nowfind.biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://observer.guardian.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 205.238.40.1 winmx.com O1 - Hosts: 205.238.40.1 www.winmx.com O1 - Hosts: 205.238.40.1 err.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSGTAG] "C:\Mum's Folder\MSGTAG\MSGTAG.exe" /startup O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - download.ewido.net O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - fdl.msn.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - bin.mcafee.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by7fd.bay7.hotmail.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - pdl.stream.aol.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C986BC40-F3D0-4446-91E8-A908762D63C1}: NameServer = 202.27.184.3 202.27.184.5 O20 - AppInit_DLLs: hplun.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe |
olwyn (8088) | ||
| 412225 | 2005-12-12 23:47:00 | OMG! Hahahahahahaha :yuck: | Sultan_Emerr (7444) | ||
| 412226 | 2005-12-13 00:21:00 | Those entries in your hosts file are legit. They come from the "PIE patch" that you must have put in as a result of the RIAA taking down the WinMX main server, they are the addresses of nodes that allow you to get onto the network again. That patch has been updated by the way, the entries are more complete and compact in notation. Don't worry about them. | zqwerty (97) | ||
| 412227 | 2005-12-13 00:25:00 | hjt.iamnotageek.com | Rob99 (151) | ||
| 412228 | 2005-12-13 00:29:00 | Thanks Z Is everything else OK because for some reason I can never seem to change my home page from msn.com |
olwyn (8088) | ||
| 412229 | 2005-12-13 00:30:00 | Turn system restore off, and boot into safe mode. Then run hijackthis again, and tick these entries and tick fix checked. Then reboot, and update XP to SP1 or 2, and keep it up to date. You're asking for more problems without SP1, or SP2, and if you dont keep XP up to date. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll |
Speedy Gonzales (78) | ||
| 412230 | 2005-12-13 00:40:00 | Wow that was a fast correction, Speedy, I'm as certain as I can be that what I said is correct, not sure about the MSN.com problem but not to do with these host entries. | zqwerty (97) | ||
| 412231 | 2005-12-13 01:09:00 | Thanks Speedy . Have done all that . Have found the PC World CD with SP1 on it and somewhere around here is the one with SP2 on it, so assuming I can find it which one should I go with? Cheers Logfile of HijackThis v1 . 99 . 1 Scan saved at 2:02:10 p . m . , on 13/12/2005 Platform: Windows XP (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 (6 . 00 . 2600 . 0000) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\brsvc01a . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\System32\brss01a . exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss . exe C:\Program Files\Eset\nod32krn . exe C:\WINDOWS\System32\nvsvc32 . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\Fast . exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui . exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\System32\taskswitch . exe C:\WINDOWS\System32\ezSP_Px . exe C:\Program Files\Eset\nod32kui . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Mum's Folder\MSGTAG\MSGTAG . exe C:\WINDOWS\System32\wuauclt . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz R1 - HKLM\Software\Microsoft\Internet Explorer,Search = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://observer . guardian . co . uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm . ocx O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\ . . \Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch . exe O4 - HKLM\ . . \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD . EXE O4 - HKLM\ . . \Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px . exe O4 - HKLM\ . . \Run: [nod32kui] "C:\Program Files\Eset\nod32kui . exe" /WAITSERVICE O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKCU\ . . \Run: [MSGTAG] "C:\Mum's Folder\MSGTAG\MSGTAG . exe" /startup O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC . HTM O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC . HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC . HTM O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF . HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF . HTM O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw . dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer . dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS . EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS . EXE O12 - Plugin for . pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32 . dll O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O14 - IERESET . INF: START_PAGE_URL=http://www . xtra . co . nz O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - . ewido . net/ewidoOnlineScan . cab" target="_blank">download . ewido . net O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - . msn . com/public/chat/msnchat41 . cab" target="_blank">fdl . msn . com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee . com Operating System Class) - . mcafee . com/molbin/shared/mcinsctl/en-us/4,0,0,5/mcinsctl . cab" target="_blank">bin . mcafee . com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - . bay7 . hotmail . msn . com/resources/MsnPUpld . cab" target="_blank">by7fd . bay7 . hotmail . msn . com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsClient . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - . stream . aol . com/downloads/aol/unagi/ampx_en_dl . cab" target="_blank">pdl . stream . aol . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{C986BC40-F3D0-4446-91E8-A908762D63C1}: NameServer = 202 . 27 . 184 . 3 202 . 27 . 184 . 5 O20 - AppInit_DLLs: hplun . dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a . exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss . exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn . exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 . exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr . exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12 . exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv . exe |
olwyn (8088) | ||
| 412232 | 2005-12-13 01:42:00 | Hi Download / Install / Update / and Run: Adaware SE . download . com/3000-2144-10045910 . html?part=69274&subj=dlpage&tag=buttoncheck" target="_blank">www . download . com for any updates before running it . Get the plug-in for fixing VX2 variants . You can download it at this SITE . lavasoftusa . com/software/addons/vx2cleaner . shtml" target="_blank">www . lavasoftusa . com To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner . Then click Run Tool and OK to start it . If it's clean, it will say Status System Clean . Otherwise, you will have to click on the Clean button to remove the VX2 infection . Download and install Spybot S&D . safer-networking . org/en/download/index . html . " target="_blank">www . safer-networking . org Run Spybot and click on the 'Search for Updates' button . Install any updates that are available . Next click on the 'Check for Problems' button . Let it run the scan . If it finds something, check all those in RED and hit the Fix Selected Problems button . Exit Spybot . Scan your pc with one of these free online scanners: Panda ActiveScan . pandasoftware . com/activescan/com/activescan_principal . htm" target="_blank">www . pandasoftware . com RAV AntiVirus . ravantivirus . com/scan/" target="_blank">www . ravantivirus . com Housecall . . trendmicro . com/housecall/start_corp . asp" target="_blank">housecall . trendmicro . com Be sure to put a check the box beside AutoClean . Open Hijack This and click on Scan . Check the following entries (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer,Search = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz R1 - HKLM\Software\Microsoft\Internet Explorer,Search = . nowfind . biz/pps . php" target="_blank">103 . nowfind . biz ===================================== You will need the Microsoft's Windows Update Page ( . windowsupdate . microsoft . com/default . asp" target="_blank">v4 . windowsupdate . microsoft . com) to install ALL Critical Updates for your system (except service pack 2) (SP2) . . At the minimum install at least SP1a for both XP and IE6 . Without these updates your system is wide open to any infection . Please apply those updates BEFORE posting your next log . **Note** If your having trouble locating the service pack SP1a here is a direct link to download it from . . . microsoft . com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86 . exe" target="_blank">download . microsoft . com |
Pancake (6359) | ||
| 412233 | 2005-12-13 01:52:00 | Ive tried this tactic in the past, suggesting that people scan for crap with the usual programs before posting a Hijack log, never managed to gain any traction. Far more needs to be removed from just about any log I have seen on here then what gets red-flagged by the auto-analizer sites that some are so find of relying on. |
Metla (12) | ||
| 1 2 | |||||