MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack this log please, thanks
September 16, 2019, 04:46:46 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 16, 2019, 04:46:46 AM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijack this log please, thanks  (Read 2011 times)
sasch1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« on: October 05, 2004, 05:59:30 AM »

have this window that pops up (2 of them at the same time actually) that says "please select your country" and the only way to close it is through task manager. If you do choose a country it opens a page for a XXX website etc. Other windows constantly pop up looking for my modem and trying to run something but failing (I hope) I tried Ad-Aware and Spybot, but they only fixed part of it and even if they could detect it there it would pop up again in five minutes or so. I got HijackThis. Here is my last log file from HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 19:13:48, on 29/09/2004
Platform:
Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\prfsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\dktime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\System32\dktime.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jan\Mijn documenten\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {4BF10F06-A4F3-42BC-9037-B7BDA53E8BC6} - C:\WINDOWS\System32\leij.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\iehelper.dll
O3 - Toolbar: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [fh] C:\WINDOWS\System32\prfsvc.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Mowl] C:\Documents and Settings\Jan\Application Data\f?q?.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://secure.element5.com
O15 - Trusted Zone: www.secure.element5.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: www.standaard.be
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {02098D07-DE15-7434-D5FD-45360E4EF51A} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {0B241510-81B3-6747-FDCC-36DD1F464D41} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1261A236-5DFC-0B02-ACC9-0F4E6EE58C8E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {12EEBDD5-E14C-6415-2692-223C0DD6B645} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1D08ED5D-91A7-7D48-4E90-02302AC8B1B3} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1D42420D-EBED-3BE6-9BB9-659B176060EA} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1EEC1871-4E2D-318F-D745-3F8C08714835} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1F1180F8-8FAE-14D6-42A4-72A02157F495} - http://205.252.249.254/1/rdgBE1077.exe
O16 - DPF: {256717B7-F082-2307-1DFF-55CC5786BB90} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2A0C0AE4-FE2E-7D43-46F7-193E296AE25E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2A8D5040-B890-27FF-3FE7-7E2D2CE954BE} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {3231D746-CF5B-04EA-C028-22DE39BE8327} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {36A11814-61A8-774E-8974-2E1F24E70E00} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {38C0DBEE-F334-552F-68A4-71515425ECC7} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3D69E5DB-14EA-0982-F857-6703759B3D1F} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3D982693-AEB2-29DA-CEA4-25975B8E2B58} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3F34DDE2-BBCA-7FF9-9C5A-228174AFA9D2} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4492BEA3-C58C-6750-AD0B-430D78634BCF} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {44AB7B12-1D32-2D5A-52F5-78BD478DCB2E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {466A0B6C-545C-0110-D8D8-67F62072F80D} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4A7F9D66-1F55-166F-50EF-3E713B2CE203} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4FC318D0-EB30-1249-9F58-41EF35FB23EB} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {52237F27-DB3C-286E-1601-7C0C4AAE197E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {52820D19-0F47-7A55-33A0-386B2CBD684C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {568FE1EF-E11C-54E4-22C7-07361533EC19} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {57483112-2A06-1EAB-8D61-14825EE18008} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {5C8A8A9E-41FF-413F-CF25-1BAA3023F87D} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {667C5EEC-E3F9-3170-02BA-39F22511504B} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {6B8F0FF9-0DA8-249E-CAC1-47B2732095CC} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {6F5C0810-CFCF-72DA-015E-798754F4737C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {70252354-FE54-4224-0D6B-55F7017FDE71} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {74164B2F-691D-1C7C-9E71-53457321B27C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {746E34B2-A592-45C2-58CC-0CCD7063A6D6} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {7C3F28C5-C9ED-6126-CC13-244C6868BCF5} - http://209.8.161.54/1/rdgBE897.exe
Undecided

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 05, 2004, 12:36:08 PM »

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.


SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.Run HJT and post a new log
Logged

John Vickers
sasch1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #2 on: October 05, 2004, 12:55:02 PM »

Thanks in advance.

The log I posted, was after running Ad-Aware,Spybot S&D.
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: October 05, 2004, 02:02:26 PM »

Run hijack this and fix the following:

R3 - URLSearchHook: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O2 - BHO: (no name) - {4BF10F06-A4F3-42BC-9037-B7BDA53E8BC6} - C:\WINDOWS\System32\leij.dll (file missing)

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\iehelper.dll
O3 - Toolbar: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [fh] C:\WINDOWS\System32\prfsvc.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O15 - Trusted Zone: http://secure.element5.com
O15 - Trusted Zone: www.secure.element5.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: www.standaard.be
O15 - Trusted Zone: *.windupdates.com

Boot to safe mode.Make sure you can see hidden files and folders

How To Boot Into SafeMode!!!
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

How to show hidden files

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Delete The Following:

C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\richfind.dll
C:\WINDOWS\questmod.dll
C:\WINDOWS\System32\leij.dll

Reboot and post a new hjt log

















Logged

John Vickers
sasch1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #4 on: October 06, 2004, 05:28:04 AM »

You're the best!
I think,the problem is solved

Thanks a lot.

Logfile of HijackThis v1.98.2
Scan saved at 19:13:48, on 29/09/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\prfsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\dktime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\System32\dktime.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jan\Mijn documenten\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {4BF10F06-A4F3-42BC-9037-B7BDA53E8BC6} - C:\WINDOWS\System32\leij.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\iehelper.dll
O3 - Toolbar: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [fh] C:\WINDOWS\System32\prfsvc.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Mowl] C:\Documents and Settings\Jan\Application Data\f?q?.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe  -minimize
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://secure.element5.com
O15 - Trusted Zone: www.secure.element5.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: www.standaard.be
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {02098D07-DE15-7434-D5FD-45360E4EF51A} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {0B241510-81B3-6747-FDCC-36DD1F464D41} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1261A236-5DFC-0B02-ACC9-0F4E6EE58C8E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {12EEBDD5-E14C-6415-2692-223C0DD6B645} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1D08ED5D-91A7-7D48-4E90-02302AC8B1B3} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1D42420D-EBED-3BE6-9BB9-659B176060EA} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1EEC1871-4E2D-318F-D745-3F8C08714835} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {1F1180F8-8FAE-14D6-42A4-72A02157F495} - http://205.252.249.254/1/rdgBE1077.exe
O16 - DPF: {256717B7-F082-2307-1DFF-55CC5786BB90} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2A0C0AE4-FE2E-7D43-46F7-193E296AE25E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2A8D5040-B890-27FF-3FE7-7E2D2CE954BE} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {3231D746-CF5B-04EA-C028-22DE39BE8327} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {36A11814-61A8-774E-8974-2E1F24E70E00} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {38C0DBEE-F334-552F-68A4-71515425ECC7} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3D69E5DB-14EA-0982-F857-6703759B3D1F} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3D982693-AEB2-29DA-CEA4-25975B8E2B58} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {3F34DDE2-BBCA-7FF9-9C5A-228174AFA9D2} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4492BEA3-C58C-6750-AD0B-430D78634BCF} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {44AB7B12-1D32-2D5A-52F5-78BD478DCB2E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {466A0B6C-545C-0110-D8D8-67F62072F80D} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4A7F9D66-1F55-166F-50EF-3E713B2CE203} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {4FC318D0-EB30-1249-9F58-41EF35FB23EB} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {52237F27-DB3C-286E-1601-7C0C4AAE197E} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {52820D19-0F47-7A55-33A0-386B2CBD684C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {568FE1EF-E11C-54E4-22C7-07361533EC19} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {57483112-2A06-1EAB-8D61-14825EE18008} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {5C8A8A9E-41FF-413F-CF25-1BAA3023F87D} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {667C5EEC-E3F9-3170-02BA-39F22511504B} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {6B8F0FF9-0DA8-249E-CAC1-47B2732095CC} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {6F5C0810-CFCF-72DA-015E-798754F4737C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {70252354-FE54-4224-0D6B-55F7017FDE71} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {74164B2F-691D-1C7C-9E71-53457321B27C} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {746E34B2-A592-45C2-58CC-0CCD7063A6D6} - http://209.8.161.54/1/rdgBE897.exe
O16 - DPF: {7C3F28C5-C9ED-6126-CC13-244C6868BCF5} - http://209.8.161.54/1/rdgBE897.exe



Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: October 06, 2004, 07:16:25 AM »

You still need to delete in safe mode these
C:\WINDOWS\System32\prfsvc.exe
C:\WINDOWS\System32\dktime.exe
Have HJT fix
R3 - URLSearchHook: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\System32\richfind.dll
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [fh] C:\WINDOWS\System32\prfsvc.exe
O15 - Trusted Zone: http://secure.element5.com
O15 - Trusted Zone: www.secure.element5.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: www.standaard.be
O15 - Trusted Zone: *.windupdates.com
Reboot and post a new log.As I am at work right now I can't analyze your log fully.These are just the ones I can see right away.After you post a new log I will check it from home









Logged

John Vickers
sasch1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #6 on: October 12, 2004, 05:32:00 AM »

Problem is solved.
Thank you very much.

topic closed
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 27, 2018, 01:05:39 AM