Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ads 234 and Hijack this log

Started by hurley999er , Sep 09 2004 12:22 PM

  • Please log in to reply

#1
hurley999er
Posted 09 September 2004 - 12:22 PM

hurley999er

    New Member

  • Member
  • Pip
  • 1 posts
[bleep] keeps popping up whenever my friend opens up the internet, here is my hijack this log, any help would be much appreciated so they dont have to pay some rip off company to fix the problem

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofin....php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofin....php?id=15&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ASHLT] C:\WINDOWS\Ashlt.exe
O4 - HKLM\..\Run: [Mmgsvc] C:\WINDOWS\mmgsvc.exe
O4 - HKLM\..\Run: [w3si3ER] telug.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Corel Network monitor worker - {7B771ABD-7A9E-4A7C-9A6B-5E8A9DA672B7} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {7B771ABD-7A9E-4A7C-9A6B-5E8A9DA672B7} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O13 - DefaultPrefix: http://www.heretofin...ow.php?id=15&q=
O13 - WWW Prefix: http://www.heretofin...ow.php?id=15&q=
O13 - Home Prefix: http://www.heretofin...ow.php?id=15&q=
O13 - Mosaic Prefix: http://www.heretofin...ow.php?id=15&q=
O13 - Gopher Prefix: http://www.heretofin...ow.php?id=15&q=

thanks in advance <_<
  • 0

Advertisements

#2
admin
Posted 09 September 2004 - 02:02 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi hurley999er, welcome to Geeks to Go! <_<

Please download this to fix the Start.chm Hijack:
http://tools.zerosre...startchmfix.exe
(The following is typically seen in the HijackThis log: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html)
Run it and extract the folder to the desktop preferably.
Open the folder after extracted.
Double click the fix.bat
Please make sure all Internet Explorer windows are closed.
Only run it once or you will lose the backups although they shouldn't be needed.
Notepad will open at the end with a message and the bad file listing at the end. Reboot Windows and delete that bad file.

Reboot and paste a fresh Hijack This log. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP