Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Junior Member
    Join Date
    May 2005
    Location
    Christchurch
    Posts
    43

    Default HijackThis - Help

    Was browsing the post re disconnections on dial up and decided out of curiosity to click on Speedy's link and run a HijackThis scan.
    Now I don't know if we are allowed to do requests but Speedy I'd love it if you could have a look at this and tell me what to do next.All that Host business looks a bit dodgy does it not?
    Thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 12:22:57 p.m., on 13/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Mum's Folder\MSGTAG\MSGTAG.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
    c:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://observer.guardian.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 205.238.40.1 winmx.com
    O1 - Hosts: 205.238.40.1 www.winmx.com
    O1 - Hosts: 205.238.40.1 err.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSGTAG] "C:\Mum's Folder\MSGTAG\MSGTAG.exe" /startup
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...5/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C986BC40-F3D0-4446-91E8-A908762D63C1}: NameServer = 202.27.184.3 202.27.184.5
    O20 - AppInit_DLLs: hplun.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

  2. #2

  3. #3
    VoidMaster
    Join Date
    Dec 2004
    Posts
    6,158

    Default Re: HijackThis - Help

    Those entries in your hosts file are legit. They come from the "PIE patch" that you must have put in as a result of the RIAA taking down the WinMX main server, they are the addresses of nodes that allow you to get onto the network again. That patch has been updated by the way, the entries are more complete and compact in notation. Don't worry about them.
    It's not the least charm of a theory that it is refutable. The hundred-times-refuted theory of "free will" owes its persistence to this charm alone; some one is always appearing who feels himself strong enough to refute it - Friedrich Nietzsche

  4. #4
    Jedi master Rob99's Avatar
    Join Date
    Dec 2004
    Location
    In the wop wops
    Posts
    3,532
    Laziness is nothing more than the habit of resting before you get tired.

  5. #5
    Junior Member
    Join Date
    May 2005
    Location
    Christchurch
    Posts
    43

    Default Re: HijackThis - Help

    Thanks Z
    Is everything else OK because for some reason I can never seem to change my home page from msn.com

  6. #6
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HijackThis - Help

    Turn system restore off, and boot into safe mode.

    Then run hijackthis again, and tick these entries and tick fix checked.

    Then reboot, and update XP to SP1 or 2, and keep it up to date.

    You're asking for more problems without SP1, or SP2, and if you dont keep XP up to date.

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    Last edited by Speedy Gonzales; 13-12-2005 at 01:33 PM.

  7. #7
    VoidMaster
    Join Date
    Dec 2004
    Posts
    6,158

    Default Re: HijackThis - Help

    Wow that was a fast correction, Speedy, I'm as certain as I can be that what I said is correct, not sure about the MSN.com problem but not to do with these host entries.
    It's not the least charm of a theory that it is refutable. The hundred-times-refuted theory of "free will" owes its persistence to this charm alone; some one is always appearing who feels himself strong enough to refute it - Friedrich Nietzsche

  8. #8
    Junior Member
    Join Date
    May 2005
    Location
    Christchurch
    Posts
    43

    Default Re: HijackThis - Help

    Thanks Speedy.Have done all that.
    Have found the PC World CD with SP1 on it and somewhere around here is the one with SP2 on it, so assuming I can find it which one should I go with?
    Cheers




    Logfile of HijackThis v1.99.1
    Scan saved at 2:02:10 p.m., on 13/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Mum's Folder\MSGTAG\MSGTAG.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://observer.guardian.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSGTAG] "C:\Mum's Folder\MSGTAG\MSGTAG.exe" /startup
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...5/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C986BC40-F3D0-4446-91E8-A908762D63C1}: NameServer = 202.27.184.3 202.27.184.5
    O20 - AppInit_DLLs: hplun.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

  9. #9
    Old Hand Pancake's Avatar
    Join Date
    Nov 2005
    Location
    Victoria Australia
    Posts
    632

    Default Re: HijackThis - Help

    Hi

    Download / Install / Update / and Run:
    Adaware SE http://www.download.com/3000-2144-10...ag=buttoncheck for any updates before running it.
    Get the plug-in for fixing VX2 variants. You can download it at this SITE http://www.lavasoftusa.com/software/...2cleaner.shtml
    To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

    Download and install Spybot S&D http://www.safer-networking.org/en/download/index.html. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot.

    Scan your pc with one of these free online scanners:
    Panda ActiveScan http://www.pandasoftware.com/actives..._principal.htm
    RAV AntiVirus http://www.ravantivirus.com/scan/
    Housecall.http://housecall.trendmicro.com/hous...start_corp.asp
    Be sure to put a check the box beside AutoClean.

    Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php

    =====================================

    You will need the Microsoft's Windows Update Page to install ALL Critical Updates for your system (except service pack 2) (SP2).. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to any infection.

    Please apply those updates BEFORE posting your next log.


    **Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

    http://download.microsoft.com/downlo...p1a_en_x86.exe


    A Member of :
    UNITE & ASAP

    Eddy

  10. #10
    Lets play Metla's Avatar
    Join Date
    Dec 2004
    Location
    Mega City One
    Posts
    16,227

    Default Re: HijackThis - Help

    Ive tried this tactic in the past, suggesting that people scan for crap with the usual programs before posting a Hijack log, never managed to gain any traction.

    Far more needs to be removed from just about any log I have seen on here then what gets red-flagged by the auto-analizer sites that some are so find of relying on.
    better Dredd then dead

Similar Threads

  1. HijackThis log
    By Krisby5 in forum PressF1
    Replies: 5
    Last Post: 19-03-2008, 09:16 AM
  2. HijackThis
    By EviLClouD in forum PressF1
    Replies: 1
    Last Post: 31-12-2007, 11:08 AM
  3. Hijackthis log help
    By sam m in forum PressF1
    Replies: 6
    Last Post: 17-09-2007, 09:38 PM
  4. Yet Another Hijackthis log...
    By Sherman in forum PressF1
    Replies: 3
    Last Post: 06-06-2007, 01:22 AM
  5. HiJackThis log
    By SwampShuffle in forum PressF1
    Replies: 4
    Last Post: 31-05-2007, 10:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •