Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows explorer problem


  • Please log in to reply

#1
sammyc

sammyc

    Member

  • Member
  • PipPip
  • 15 posts
hey
iam using widows xp
eveytime i log onto my account, it comes up with an eror saying i have encouted a probelm.....

Logfile of HijackThis v1.99.0
Scan saved at 16:27:23, on 17/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\WINDOWS\system32\WinExplorer32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WinExplorer32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sam\Desktop\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotf...ount_id=1001693
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.pas...uth.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: (no name) - {DAB59B45-05AD-4ABF-A055-FC60E2ADE17D} - (no file)
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Shell32] WinExplorer32.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [logon.exe] C:\WINDOWS\system32\logon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shell32] WinExplorer32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunServices: [logon.exe] C:\WINDOWS\system32\logon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.teen-fantazi.com
O15 - Trusted Zone: install.xxxtoolbar.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...6/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ler/install.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.ho...ex/HMAtchmt.ocx
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

can any one help
  • 0

Advertisements


#2
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
i think your problem is this....

O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe


"deskAdServ.exe " adaware....
goto registry...
start-->run--> regedit and press enter
so
going control panel add/remove and find (DeskAd ) and remove it...scan your pc again spybot or adaware...



take care
and :tazz: days
  • 0

#3
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
sorry
correction!!!!
go to controlpanel and add/remove program and fint the (Deskad) and remove it ......

:tazz:
  • 0

#4
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
"deskAdServ.exe " adaware....
goto registry...
start-->run--> regedit and press enter

when i have got here watch shall i do?

thros no deskadservice on my add/remove
  • 0

#5
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
:tazz:
go to controlpanel and add/remove program and fint the (Deskad) and remove it ......
  • 0

#6
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
there is no deskad there...
  • 0

#7
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
look at in

C:\Program Files\DeskAd Service\
delete the folder........
  • 0

#8
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
there is not a folder there with hat name
  • 0

#9
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
C:\Program Files\DeskAd Service\DeskAdServ.exe(this is from yoour machine hijack)


in the programFiles there has to be folder named "deskAd Service"
  • 0

#10
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
it isnt there tho....? i have checked so many times...
  • 0

Advertisements


#11
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
so where did you get that hijack :tazz: ...
ok go to search by start-->search.
and click all files and folders and chose more advance option to check search system folders, search hiden files and folders, and search subfolders..

and write the file name "deskAd Service" or DeskAdServ.exe

ok
  • 0

#12
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
after searching done let me know if it found....
  • 0

#13
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
cant find anything
  • 0

#14
BlackSea

BlackSea

    Member

  • Member
  • PipPip
  • 54 posts
:tazz: ok bee cool

so let me see that when did you exaxctly get that blody problem?
2days ,3days ago or more....
please let me know?

;)
  • 0

#15
sammyc

sammyc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
erm about week and half ago
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP