Help with frends hijack log

Posted 4/13/2003 2:00 AM
#12812
User avatar

makija Valued member

Date Joined Nov 2016
Total Posts: 18
ogfile of HijackThis v1.99.1 <br/>Scan saved at 8:44:49 PM, on 4/12/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\Mixer.exe <br/>C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Creative\Shared Files\CAMTRAY.EXE <br/>C:\Program Files\Cyberlink\PowerCinema\PCMService.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe <br/>C:\Documents and Settings\Jovanka\Desktop\New Folder\Winamp\winampa.exe <br/>C:\PROGRA~1\Toolbar\TBPS.exe <br/>C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe <br/>c:\progra~1\intern~1\iexplore.exe <br/>C:\Program Files\WinZip\WZQKPICK.EXE <br/>C:\PROGRA~1\Toolbar\PIB.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe <br/>C:\WINDOWS\System32\Ati2evxx.exe <br/>C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe <br/>C:\Program Files\CA\eTrust Antivirus\InoRpc.exe <br/>C:\Program Files\CA\eTrust Antivirus\InoRT.exe <br/>C:\Program Files\CA\eTrust Antivirus\InoTask.exe <br/>C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\PROGRA~1\Toolbar\TBPSSvc.exe <br/>C:\Program Files\Common Files\WinTools\WToolsS.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Program Files\Common Files\WinTools\WSup.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Documents and Settings\Jovanka\My Documents\My Received Files\hijackthis\hijackthis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a target="_blank" href=":ol('http://www.websearch.com/ie.aspx?tb_id%3d50188');">[color=#0000ff>http://www.websearch.com/ie.aspx?tb_id=50188</FONT></a> <br/>R1]http://www.websearch.com/ie.aspx?tb_id=50188[/color]</a> <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <a target="_blank" href=":ol('http://www.websearch.com/ie.aspx?tb_id%3d50188');">[color=#0000ff>http://www.websearch.com/ie.aspx?tb_id=50188</a> <br/>R0]R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll <br/>O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll <br/>O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll <br/>O2 - BHO: (no name) - {B210EF5B-D2C1-8113-75F0-8D0F27168180} - C:\DOCUME~1\Diana\APPLIC~1\WAYCOM~1\Bias Loud.exe <br/>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O3 - Toolbar: toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Cyberlink\PowerCinema\PCMService.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe <br/>O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" <br/>O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jovanka\Desktop\New Folder\Winamp\winampa.exe <br/>O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe <br/>O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe <br/>O4 - HKLM\..\Run: [copy city mfcd stop] C:\Documents and Settings\All Users\Application Data\FunkSecondCopyCity\stupid chic.exe <br/>O4 - HKCU\..\Run: [Webamen] C:\DOCUME~1\Diana\APPLIC~1\SHOWWA~1\Title Bleh Mp3.exe <br/>O4 - Startup: PowerReg Scheduler.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: hp psc 1000 series.lnk = ? <br/>O4 - Global Startup: hpoddt01.exe.lnk = ? <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - <a target="_blank" href=":ol('http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab');">http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/color]</a> <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - <a target="_blank" href=":ol('http://software-dl.real.com/1585c456317a4eba2e03/netzip/RdxIE601.cab');">[color=#0000ff>http://software-dl.real.com/1585c456317a4eba2e03/netzip/RdxIE601.cab</a> <br/>O16]http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab[/color]</a> <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - <a target="_blank" href=":ol('http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab');">[color=#0000ff>http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab</a> <br/>O16]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/color]</a> <br/>O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - <a target="_blank" href=":ol('http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab');"><FONT color=#0000ff>http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab</a> <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{384BA70B-FCC3-40F0-9D46-8533C9D153F3}: NameServer = 142.161.130.155 142.161.2.155 <br/>O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe <br/>O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe <br/>O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe <br/>O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe <br/>O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe <br/>O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe <br/>O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe <br/>O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe <br/>O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe <br/>O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe <br/>O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>same i tryd all you said an notin
Posted 4/11/2005 6:39 AM
#12705
User avatar

makija Valued member

Date Joined Nov 2016
Total Posts: 18
i did the scan and try removing few of this things but they keep coming back so here is the log any specific instructions helppppp plz :( <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 1:38:55 AM, on 4/11/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\PROGRA~1\Toolbar\PIB.exe <br/>C:\Program Files\Common Files\WinTools\WSup.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\Mixer.exe <br/>C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\PROGRA~1\CA\ETRUST~1\realmon.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Creative\Shared Files\CAMTRAY.EXE <br/>C:\Program Files\Cyberlink\PowerCinema\PCMService.exe <br/>C:\Documents and Settings\Jovanka\Desktop\New Folder\Winamp\winampa.exe <br/>C:\PROGRA~1\Toolbar\TBPS.exe <br/>C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe <br/>C:\PROGRA~1\Toolbar\PIB.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Common Files\WinTools\WSup.exe <br/>c:\progra~1\intern~1\iexplore.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe <br/>C:\Program Files\WinZip\WZQKPICK.EXE <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe <br/>C:\PROGRA~1\Toolbar\PIB.exe <br/>C:\Program Files\Common Files\WinTools\WSup.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\Documents and Settings\Jovanka\My Documents\My Received Files\hijackthis\hijackthis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ntxbyqeeho.net/nmkqMhgjeIyiCcghlaSkOyDRR8EH2MGcESBOYr6HcjxkgwnVEtWbqHRaVOb4DnBW.htm <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll <br/>O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll <br/>O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll <br/>O2 - BHO: (no name) - {B210EF5B-D2C1-8113-75F0-8D0F27168180} - C:\DOCUME~1\Diana\APPLIC~1\WAYCOM~1\Bias Loud.exe (file missing) <br/>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll <br/>O3 - Toolbar: toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Cyberlink\PowerCinema\PCMService.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe <br/>O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" <br/>O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jovanka\Desktop\New Folder\Winamp\winampa.exe <br/>O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe <br/>O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe <br/>O4 - HKLM\..\Run: [copy city mfcd stop] C:\Documents and Settings\All Users\Application Data\FunkSecondCopyCity\stupid chic.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Webamen] C:\DOCUME~1\Jovanka\APPLIC~1\SHOWWA~1\Title Bleh Mp3.exe <br/>O4 - HKCU\..\Run: [copy city mfcd stop] C:\Documents and Settings\All Users\Application Data\FunkSecondCopyCity\roaddrive.exe <br/>O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O4 - Global Startup: hp psc 1000 series.lnk = ? <br/>O4 - Global Startup: hpoddt01.exe.lnk = ? <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1585c456317a4eba2e03/netzip/RdxIE601.cab <br/>O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab <br/>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab <br/>O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{384BA70B-FCC3-40F0-9D46-8533C9D153F3}: NameServer = 142.161.130.155 142.161.2.155 <br/>O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll <br/>O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe <br/>O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe <br/>O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe <br/>O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe <br/>O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe <br/>O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe <br/>O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe <br/>O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe <br/>O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe <br/>O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe <br/>O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
Posted 4/11/2005 4:17 PM
#12731
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hey makija :cool: <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button</FONT></U></A> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff>http://www.safer-networking.org/en/download/index.html</U></A> <br/></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><FONT face="Times New Roman"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Go to Start | Control Panel | Add-Remove Programs <br/>Remove the following if found or any variation: <br/> <br/>Toolbar <br/>TBPS <br/>WinTools<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: #222222; mso-ansi-language: EN-GB">Please go offline<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">Run <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Spybot<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">, click on the Immunize button. Then "Scan System" button. Next, close all Internet Explorer windows, and click - Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB">Adware<SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB">Click Start and on the next screen choose: <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB">In settings under 'scanning,' have it set to <SPAN lang=EN-GB style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>'scan within archives,' <br/><SPAN class=postbody>'scan active processes,' <br/><SPAN class=postbody>'scan registry,' <br/><SPAN class=postbody>'deepscan registry' <br/><SPAN class=postbody>'scan my IE Favourites for banned URL's,' <br/><SPAN class=postbody>'scan my host's file.' <br/><SPAN class=postbody>In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.' <br/><SPAN class=postbody>Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.' <br/><SPAN class=postbody>Select 'activate in-depth scan' before starting scan. <br/><SPAN class=postbody>When the scan is finished select 'next.' <br/><SPAN class=postbody>Remove what it finds by placing a check in the box to the left of the object. <SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB">Save the log file when it asks and then click Finish. <br/>When finished, mark everything for removal and get rid of it. (Right-click on any of the entries and choose Select All from the drop down menu and click Next.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <br/><SPAN style="mso-spacerun: yes"> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Reboot<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Go to Start | Run and type: cleanmgr.exe and hit enter. <SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>When prompted what drive to clean select your hard drive c: <br/><SPAN class=postbody>If asked what folders to clean in a list, tick them all to clean all temp folders, downloaded program folders, temporary internet files, etc., and the recycle/trash bin. <br/> <br/><SPAN style="mso-spacerun: yes"> <SPAN style="COLOR: black"><SPAN style="mso-spacerun: yes"> Post fresh hijackthis<SPAN style="mso-spacerun: yes"> log<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 5:19 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.