Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help -someone has hijacked my browser [resolved]

Started by snillocjnhoj , Dec 02 2004 02:21 AM

  • This topic is locked This topic is locked

#1
snillocjnhoj
Posted 02 December 2004 - 02:21 AM

snillocjnhoj

    Member

  • Member
  • PipPip
  • 21 posts
Hi

something has got my computer and wont let go. It runs slowly and when I connect to the internet with Mozilla, it cant find my home page and then 3 windows of Internet explorer open accessing page 63.246.131.130 which eventually ask me to click and download Activex.

Mozilla cant access any pages unless I try 3 times and then it takes ages - and eventually stops altogether.

I have Norton Antivirus 2004, updated. I have run Spybot, Ad-aware and CWShredder. They have all found something which I have deleted. However, problem still reoccurs.

I cannot access the internet with that computer (- not the one I am now using -) so cannot run the online virus scan or trojan scan.

I have just deleted all the temp files and have not tried reconnecting to the internet in case of additional infection as I have run HijackThis

Here is the Hijack this log. Any help gratefully received.

Logfile of HijackThis v1.98.2
Scan saved at 00:09:21, on 02/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\WINDOWS\system32\SystemStats.exe
C:\WINDOWS\system32\mpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\sites.exe
C:\WINDOWS\logs.exe
C:\WINDOWS\system32\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\gam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [System Stats] SystemStats.exe
O4 - HKLM\..\Run: [MP Services] mpsvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\sites.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\logs.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\Run: [pmvux] C:\WINDOWS\pmvux.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\gam.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\RunServices: [System Stats] SystemStats.exe
O4 - HKLM\..\RunServices: [MP Services] mpsvc.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [MP Services] mpsvc.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [System Stats] SystemStats.exe
O4 - HKCU\..\Run: [MP Services] mpsvc.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [MP Services] mpsvc.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  • 0

Advertisements

#2
Guest_thatman_*
Posted 02 December 2004 - 07:31 AM

Guest_thatman_*
  • Guest
Hi snillocjnhoj

I am looking a you log will post a reply soon


kc <_<
  • 0

#3
Guest_thatman_*
Posted 02 December 2004 - 08:28 AM

Guest_thatman_*
  • Guest
Hi
Please download Ad-awre se http://www.majorgeek...ownload506.html


To set up Ad-aware se follow these simple steps
1) Run the WebUpdate feature.

2) Set up the Configurations as follows: click on the gear icon
If any icons are greyed out you can not use that item

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

Click on "Proceed"

3) Click on "Scan Now"

4) Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
If these are included in your logfile it will be removed as it just takes up space and we will not give advice on them, they are users choice.

5) Run the scanner using the Full Scan (Perform full system scan) mode.
A full scan is the in-depth scan mode that scans your whole computer for Spyware infections. When performing a full scan the following scan settings are used:

- Full Memory Scan is performed
- Registry Scan is performed
- Deep Registry scan is performed
- Cookie-Scan is performed
- Favorites are scanned
- Hosts file is scanned
- Conditional scans are performed
- Archive files are scaned
- All fixed drives are scanned

Copy onto a CD-writer THEN LOAD IT ONTO YOUR LAPTOP
When the scan has completed, Post a new HijackThis.Log

Thank You

kc <_<
  • 0

#4
snillocjnhoj
Posted 02 December 2004 - 02:50 PM

snillocjnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi

thanks for advice. Am doing the download now.

I assume that I delete all that Ad-aware finds in its scan

Will post as soon as I can
  • 0

#5
snillocjnhoj
Posted 02 December 2004 - 05:57 PM

snillocjnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi once more

Have downloaded, copied to laptop and scanned

Below is the hijack log just run.
Logfile of HijackThis v1.98.2
Scan saved at 23:32:17, on 02/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\WINDOWS\system32\SystemStats.exe
C:\WINDOWS\system32\mpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\sites.exe
C:\WINDOWS\logs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\gam.exe
C:\WINDOWS\system32\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [System Stats] SystemStats.exe
O4 - HKLM\..\Run: [MP Services] mpsvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\sites.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\logs.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\Run: [pmvux] C:\WINDOWS\pmvux.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\gam.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\RunServices: [System Stats] SystemStats.exe
O4 - HKLM\..\RunServices: [MP Services] mpsvc.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [MP Services] mpsvc.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [System Stats] SystemStats.exe
O4 - HKCU\..\Run: [MP Services] mpsvc.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [MP Services] mpsvc.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

hope it makes sense

Thanks <_<
  • 0

#6
Guest_thatman_*
Posted 03 December 2004 - 01:16 AM

Guest_thatman_*
  • Guest
Hi snillocjnhoj

Looking at your log now

kc <_<
  • 0

#7
Guest_thatman_*
Posted 04 December 2004 - 01:45 PM

Guest_thatman_*
  • Guest
Hi snillocjnhoj

(1) You are running Hjt from your Desktop, HijackThis Needs to be run in it own folder to do this create a new folder in the C:\ drive, name the folder HJT so it looks like this C:\HJT\HijackThis <_<

(2) Please run HijackThis and tick the box to delete the following

O4 - HKLM\..\Run: [System Stats] SystemStats.exe

O4 - HKLM\..\Run: [MP Services] SystemStats.exe

O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\SystemStats.exe

O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\sites.exe

O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\logs.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe

O4 - HKLM\..\Run: [pmvux] C:\WINDOWS\pmvux.exe

O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\gam.exe

O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe

O4 - HKLM\..\RunServices: [System Stats] SystemStats.exe

O4 - HKLM\..\RunServices: [MP Services] mpsvc.exe

O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe

O4 - HKLM\..\RunOnce: [MP Services] mpsvc.exe

O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe

O4 - HKCU\..\Run: [System Stats] SystemStats.exe

O4 - HKCU\..\Run: [MP Services] mpsvc.exe

O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe

O4 - HKCU\..\RunOnce: [MP Services] mpsvc.exe

(3) Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

(4) Using windows explorer (Start -> run -> explorer.exe) delete the following folders:

C:\Program files\180solutions\sais.exe<-delete this folder->

C:\Program Files\Windows TaskAd\WinTaskAd.exe<-delete this folder->


Please delete the following files

C:\WINDOWS\pmvux.exe<-delete this file

C:\WINDOWS\system32\SystemStats.exe<-delete this file

C:\WINDOWS\system32\mpsvc.exe<-delete this file

C:\WINDOWS\sites.exe<-delete this file

C:\WINDOWS\logs.exe<-delete this file

C:\WINDOWS\gam.exe<-delete this file

C:\WINDOWS\paint.exe<-delete this file

When done reboot computer to normal


(5) Rerun Ad-aware se


(6) Run HijackThis and post your log

Thank You

kc thumbsup.gif
  • 0

#8
snillocjnhoj
Posted 04 December 2004 - 05:41 PM

snillocjnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
<_<

Hi

Thanks for the help. By the way, whats the problem with running Hijackthis from the desktop?

Anyway, here is the log>
Logfile of HijackThis v1.98.2
Scan saved at 00:15:55, on 05/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Documents and Settings\John\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://global.acer.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [MP Services] mpsvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Thanks again
  • 0

#9
Guest_thatman_*
Posted 04 December 2004 - 07:00 PM

Guest_thatman_*
  • Guest
Hi just looking at thelog
hows your system running

kc <_<
  • 0

#10
Guest_thatman_*
Posted 04 December 2004 - 07:11 PM

Guest_thatman_*
  • Guest
*** Your log is clean ***
Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D


kc :D
  • 0

#11
admin
Posted 04 December 2004 - 10:44 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

By the way, whats the problem with running Hijackthis from the desktop?

The desktop location is okay, but some people prefer it be located in a permanent folder so that the backups are always accessible.
  • 0

#12
snillocjnhoj
Posted 05 December 2004 - 06:01 PM

snillocjnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi

Thanks for all your help. really appreciated it.

Am about to take your advice to keep the computer clean.

Thanks again

John <_<
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP