Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This log file...Please help!


  • Please log in to reply

#31
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I think I am running more then one antivirus program, I have downloaded a bunch in the last few months. And as far as I know I haven't chenged anything in the startup config. But like I said too whenever my computer boots up internet explorer comes up at the msn search page.
  • 0

Advertisements


#32
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Download, unzip, and run this utility:
http://bagpuss.swan....torv0[1].62.zip

It checks for the Hacker Defender infection. Please reply with the results.
  • 0

#33
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Never run more than one antivirus program at a time. They can conflict with each other causing stability problems, and offer less protection -- not more.

Click Start -> Run, type msconfig, click OK. Normal Startup should be ticked.
  • 0

#34
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
When i ran it it went through dos and it checked through a bunch of things, came up at the end and said no suspicios files then closed on its own.
  • 0

#35
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Do you have your original Windows XP installation CD?
  • 0

#36
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
When I try to run msconfig it says that windows cannot open this file select an appropriate file to open this program.
  • 0

#37
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I do not think I have the cd for Windows XP Professional
  • 0

#38
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

I do not think I have the cd for Windows XP Professional

Well you're going to need it.

1. We're going to boot from the CD into XP's Recovery Console to delete those files that refuse to leave (using the command line).

2. We're going to run System File Checker to repair damaged files in your Windows installation, and/or perform a repair installation.
  • 0

#39
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
what if I don't have it, am I pretty much screwed?
  • 0

#40
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

I think I am running more then one antivirus program

Be sure to choose one you're going to keep, and uninstall all the rest!
  • 0

Advertisements


#41
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The only problem is I don't know which ones are antivirus programs, and which ones are other adware remover and spyware remover programs.
  • 0

#42
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

what if I don't have it, am I pretty much screwed?

There are other work arounds, but it depends on your file system.
Double-click My Computer.
Right-click each hard drive letter and choose Properties.
Navigate to the General tab. Here, Windows will identify the file system type.
Follow the previous steps for each drive letter, reply which ones are labeled FAT32 or NTFS.

The only problem is I don't know which ones are antivirus programs, and which ones are other adware remover and spyware remover programs.

At this point you could remove them all. They're not doing any good. <_<
  • 0

#43
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok, I managed to find my way in to the msconfig, now what do I do in here again?
  • 0

#44
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

Normal Startup should be ticked.

If it wasn't ticked, post a new Hijack Log. If it was, there will be no change, so follow the instructions in my previous post.
  • 0

#45
Brewman

Brewman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
When I ran msconfig it showed smot and 410ir so I disabled them both, I don't know what kind of difference that will make. I restarted my computer which now takes a long time to bring up Windows XP, I mean a really long time! Then I ran hijack this and this is the new log:

Logfile of HijackThis v1.98.2
Scan saved at 2:30:05 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLinkTotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\jason\Local Settings\Temp\U.dll (file missing)
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA880F} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msconfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...94f3fdc891b75c6
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094619181401
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownload...m/installer.dll
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instants...erxsigned35.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?323
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP