Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
my computer is infected with the 'here4search' homepage, because everytime i open internet explorer, the here4search site is the homepage even though i keep on changing it back.

ive scanned with cws shredder and microsoft antispyware and they do not work

here is my hijack this log if you guys can help:

Running processes:
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HEFEI\Application Data\eetu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\HEFEI\My Documents\download\Krusavia\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\75626K~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [oekpwmzhfdfi] C:\WINDOWS\System32\buawuwum.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [f0c7ca8ded38] C:\WINDOWS\System32\CMPROPS0.exe
O4 - HKLM\..\Run: [qklJS9z0.exe] C:\Documents and Settings\HEFEI\Local Settings\Temp\qklJS9z0.exe
O4 - HKLM\..\Run: [A.exe] C:\documents and settings\hefei\local settings\temp\A.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [K7iU9peD.exe] C:\documents and settings\hefei\local settings\temp\K7iU9peD.exe
O4 - HKLM\..\Run: [z7wi6x.exe] C:\documents and settings\hefei\local settings\temp\z7wi6x.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [39224fedbeef] C:\WINDOWS\System32\CMCFG324.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\HEFEI\Application Data\eetu.exe
O4 - HKCU\..\Run: [Jsslnb] C:\WINDOWS\System32\??xplore.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MQSeries Task Bar.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {250144FD-1975-43D9-BE7E-D390CF2EC45D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {250144FD-1975-43D9-BE7E-D390CF2EC45D} - (no file) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F858513-DCB8-40DC-B2FC-D3E8BB57643C}: NameServer =,
O20 - AppInit_DLLs: oro5xpx3fkiu9.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - C:\IBM\MQSeries\bin\amqsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

please find a way to fix my computer. thanks
  • 0




    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Hi and welcome to GTG, I apologize for the delay getting to your log, the helpers here are very busy. If you are still having malware troubles, I will be glad to help.

Please run through the steps outlined in this Topic
Post back a fresh log when done please. The previous log you posted is incomplete, please post the entire log, including the header information.

If you have resolved this issue please let us know.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
thanks, but i got it fixed already. thanks again though
  • 0



    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
This topic is resolved and has been closed. Should the original poster need it reopened, please contact a staff member.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP