Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help Me!


  • Please log in to reply

#1
mushroomhead057

mushroomhead057

    New Member

  • Member
  • Pip
  • 1 posts
I have multiple internet shortcuts appearing over and aover again on my desktop. Also i get a great deal of pop ups and programs that install themselves onto my PC. Please help me... here is my Hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 9:03:10 PM, on 9/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\twink64.exe
C:\WINDOWS\System32\dzzqwe.exe
C:\Documents and Settings\Mike\Application Data\uxm?j.exe
C:\WINDOWS\System32\?xplorer.exe
C:\WINDOWS\System32\golumm\services.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\usb.exe
C:\Documents and Settings\Mike\xxx.exe
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\T4WNH901\avg6762fu_free[1].exe
C:\avg6762fu_free.exe
C:\WINDOWS\System32\mshta.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\documents and settings\mike\local settings\temp\dUuh9TOv.exe
C:\WINDOWS\System32\mshta.exe
c:\documents and settings\mike\local settings\temp\gA.exe
c:\TVM_B5 Bundle 10.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\sfccheck.exe
C:\WINDOWS\System32\shdiagn.exe
C:\PROGRA~1\eZula\mmod.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\VfcRql42.exe
C:\WINDOWS\System32\Tvi9.exe
C:\Program Files\Save\Save.exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\WhenUSearch\Search.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.new-search.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.new-search.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.new-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Mike\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Search Toolbar BHO Object - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O2 - BHO: (no name) - {47F96B2F-EC1C-009A-D250-175508A87141} - C:\WINDOWS\System32\runtlwc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {627761D7-8BA8-487A-92E4-AC6FCBCFEC9E} - C:\WINDOWS\System32\fobpca.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mike\Local Settings\Temp\yolBD.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
O4 - HKLM\..\Run: [xufoun] C:\WINDOWS\System32\dzzqwe.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [dUuh9TOv] c:\documents and settings\mike\local settings\temp\dUuh9TOv.exe
O4 - HKLM\..\Run: [gA] c:\documents and settings\mike\local settings\temp\gA.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [vF7k37P] sfccheck.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [5T2SGZ@2YQQC64] C:\WINDOWS\System32\NuzK63G.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cuwp] C:\Documents and Settings\Mike\Application Data\uxm?j.exe
O4 - HKCU\..\Run: [Xzifs] C:\WINDOWS\System32\?xplorer.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [eooqRXjEj] shdiagn.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Last Minute Cruises -   - http://new-search.in... Minute Cruises (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Last Minute Cruises -   - http://new-search.in... Minute Cruises (file missing) (HKCU)
O9 - Extra button: Free Sex Pictures - {0234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/sex.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Free Sex Pictures - {0234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/sex.html (file missing) (HKCU)
O9 - Extra button: Craps Online Tour - {1234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Craps (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Craps Online Tour - {1234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Craps (file missing) (HKCU)
O9 - Extra button: Online Pharmacy 24h - {2234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...Online Pharmacy (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Online Pharmacy 24h - {2234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...Online Pharmacy (file missing) (HKCU)
O9 - Extra button: Remover Spyware - {3234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...remover Spyware (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Remover Spyware - {3234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...remover Spyware (file missing) (HKCU)
O9 - Extra button: Cash Advance - {4234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...qq=Cash Advance (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Cash Advance - {4234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...qq=Cash Advance (file missing) (HKCU)
O9 - Extra button: New Strip Poker - {6234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Poker (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: New Strip Poker - {6234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Poker (file missing) (HKCU)
O9 - Extra button: Free Viagra - {7234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Viagra (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Free Viagra - {7234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Viagra (file missing) (HKCU)
O9 - Extra button: Sex Drug Soma - {8234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Soma (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Sex Drug Soma - {8234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Soma (file missing) (HKCU)
O9 - Extra button: Hair Loss - {9234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...hp?qq=Hire Loss (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Hair Loss - {9234f700-cba3-4071-b251-47cb894244cd} - http://new-search.in...hp?qq=Hire Loss (file missing) (HKCU)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Filter: text/html - {3864798C-0D4E-4322-A8AC-D0315523E73B} - C:\WINDOWS\System32\fobpca.dll
O18 - Filter: text/plain - {3864798C-0D4E-4322-A8AC-D0315523E73B} - C:\WINDOWS\System32\fobpca.dll
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
To get rid of the desktop shortcuts, right-click on the icon and hit delete. If it is a shortcut, it will not delete the program, just the shortcut.

Someone will be with you to look at your log.
  • 0

#3
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Before we start on your log, we will need you to install your critical updates. Without critical updates, you're wide open to re-infection, and we're both just wasting our time. Do not install SP2 until we get your log cleaned up. Having malware on your computer can cause SP2 to malfunction.


Click here: http://windowsupdate.microsoft.com/
-or-
Order if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx

I'll also need you to do a few things:

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.

Reboot and post a fresh Hijack This Log.

<_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP