Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
Hey guys -

I'm looking for any help or anyone that wouldn't mind helping me out. Besides, the basics I'm not an expert in terms of downloading programs and getting rid of viruses. My computer is infected with w32.desktophijack and I have no clue as to how to get rid of it. I'm operating on Windows XP, but I feel like my computer might be on the verge of crashing if I don't get rid of this soon...

Thank you so much!

  • 0




    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome cnuchristine to Geeks to Go!

Please download the latest version of HijackThis. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.
Double-click HijackThis.exe
Choose scan and save the log.
Copy and paste that log into your reply to this topic and we can start cleaning.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you SO much. I really do appreciate your help! Here is the logfile...

- Christine

Logfile of HijackThis v1.99.1
Scan saved at 2:11:26 AM, on 7/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Christine.BARNHILL\Application Data\secserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Documents and Settings\Christine.BARNHILL\Application Data\secserv.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christine.BARNHILL\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O1 - Hosts: www.google.ae
O1 - Hosts: www.google.am
O1 - Hosts: www.google.as
O1 - Hosts: www.google.at
O1 - Hosts: www.google.az
O1 - Hosts: www.google.be
O1 - Hosts: www.google.bi
O1 - Hosts: www.google.ca
O1 - Hosts: www.google.cd
O1 - Hosts: www.google.cg
O1 - Hosts: www.google.ch
O1 - Hosts: www.google.ci
O1 - Hosts: www.google.cl
O1 - Hosts: www.google.co.cr
O1 - Hosts: www.google.co.hu
O1 - Hosts: www.google.co.il
O1 - Hosts: www.google.co.in
O1 - Hosts: www.google.co.je
O1 - Hosts: www.google.co.jp
O1 - Hosts: www.google.co.ke
O1 - Hosts: www.google.co.kr
O1 - Hosts: www.google.co.ls
O1 - Hosts: www.google.co.nz
O1 - Hosts: www.google.co.th
O1 - Hosts: www.google.co.ug
O1 - Hosts: www.google.co.uk
O1 - Hosts: www.google.co.ve
O1 - Hosts: www.google.com
O1 - Hosts: www.google.com.ag
O1 - Hosts: www.google.com.ar
O1 - Hosts: www.google.com.au
O1 - Hosts: www.google.com.br
O1 - Hosts: www.google.com.co
O1 - Hosts: www.google.com.cu
O1 - Hosts: www.google.com.do
O1 - Hosts: www.google.com.ec
O1 - Hosts: www.google.com.fj
O1 - Hosts: www.google.com.gi
O1 - Hosts: www.google.com.gr
O1 - Hosts: www.google.com.gt
O1 - Hosts: www.google.com.hk
O1 - Hosts: www.google.com.ly
O1 - Hosts: www.google.com.mt
O1 - Hosts: www.google.com.mx
O1 - Hosts: www.google.com.my
O1 - Hosts: www.google.com.na
O1 - Hosts: www.google.com.nf
O1 - Hosts: www.google.com.ni
O1 - Hosts: www.google.com.np
O1 - Hosts: www.google.com.pa
O1 - Hosts: www.google.com.pe
O1 - Hosts: www.google.com.ph
O1 - Hosts: www.google.com.pk
O1 - Hosts: www.google.com.pr
O1 - Hosts: www.google.com.py
O1 - Hosts: www.google.com.sa
O1 - Hosts: www.google.com.sg
O1 - Hosts: www.google.com.sv
O1 - Hosts: www.google.com.tr
O1 - Hosts: www.google.com.tw
O1 - Hosts: www.google.com.ua
O1 - Hosts: www.google.com.uy
O1 - Hosts: www.google.com.vc
O1 - Hosts: www.google.com.vn
O1 - Hosts: www.google.de
O1 - Hosts: www.google.dj
O1 - Hosts: www.google.dk
O1 - Hosts: www.google.es
O1 - Hosts: www.google.fi
O1 - Hosts: www.google.fm
O1 - Hosts: www.google.fr
O1 - Hosts: www.google.gg
O1 - Hosts: www.google.gl
O1 - Hosts: www.google.gm
O1 - Hosts: www.google.hn
O1 - Hosts: www.google.ie
O1 - Hosts: www.google.it
O1 - Hosts: www.google.kz
O1 - Hosts: www.google.li
O1 - Hosts: www.google.lt
O1 - Hosts: www.google.lu
O1 - Hosts: www.google.lv
O1 - Hosts: www.google.mn
O1 - Hosts: www.google.ms
O1 - Hosts: www.google.mu
O1 - Hosts: www.google.mw
O1 - Hosts: www.google.nl
O1 - Hosts: www.google.no
O1 - Hosts: www.google.off.ai
O1 - Hosts: www.google.pl
O1 - Hosts: www.google.pn
O1 - Hosts: www.google.pt
O1 - Hosts: www.google.ro
O1 - Hosts: www.google.ru
O1 - Hosts: www.google.rw
O1 - Hosts: www.google.se
O1 - Hosts: www.google.sh
O1 - Hosts: www.google.sk
O1 - Hosts: www.google.sm
O1 - Hosts: www.google.td
O1 - Hosts: www.google.tm
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\CHRIST~1.BAR\LOCALS~1\Temp\pajufqpifel.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteryx32.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [AutoLoadersFpd1dOeaMaN] "C:\WINDOWS\System32\dpvhnd.exe"
O4 - HKLM\..\Run: [ss6X3pT] dpvhnd.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jaopar.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [secserv.exe] C:\Documents and Settings\Christine.BARNHILL\Application Data\secserv.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Owner\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06170DE0-5FC0-4DA2-B0B9-630DC12AC2F4}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{06170DE0-5FC0-4DA2-B0B9-630DC12AC2F4}: NameServer =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0



    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Christine, you edited the log you posted. I really need to see a full log.

Download and unzip http://metallica.gee...m/MADEbyOSC.zip
Run the file by doubleclicking metallica.bat
and post the log.
Do not reboot until can look at your log and give you the next step.
If you have to reboot repeat this part when you are back online.

As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 14 August 2005 - 02:25 PM.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP