Edited by joecool666, 01 September 2005 - 01:20 PM.
problem fixed
Started by
joecool666
, Aug 31 2005 10:35 PM
5 replies to this topic
#1
joecool666
-
- Member
-
- 4 posts
New Member
Posted 31 August 2005 - 10:35 PM
well ne ways so i downloaded star wars episode III (yes i know not smart but hey im careful about this crap) ne ways i checked it out with norton antivirus and it didnt pick up ne thing and i had a good look at the file and made sure everything matched up and it did so i ran it and media player said there was a problem with it (which is common with dl'ed movies) so i go to delete it and it says its running off of another program so i closed media player well that didnt fix it and i started noticeing my computer was running slow.. like really slow. so i went into control panel and noticed that explorer was using about 55% of my cpu so im thinkin its runnin off of that well da** LOL so ive tried everything i can think of to remove it (norton and other crap) but this ones got me stumped any help is appreciated this is the name of the file if ne one has ever seen it before, Star_wars_III (3)_Revenge_of_the_Sith_2005_Divx_AC3 (1).avi i got it off of bearshare if that helps? yeah u have no idea how slow my comp is goin help soon plz
#2
LoPhatPhuud
-
- General Admin
-
- 15,730 posts
Master of Disaster Recovery
Posted 01 September 2005 - 12:17 AM
Obviously you were not careful enough, But hey, that;s the risk you take downloading pirated movies.
Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.
Download HijackThis from:
HijackThis Download Site
Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.
Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.
Create a reply to this post here and right click in message area and select paste to paste the log into the post.
Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.
To see a tutorial with screenshots on using HijackThis you can click on the link below:
How to use HijackThis to remove Browser Hijackers, Malware, & Spyware
Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.
Download HijackThis from:
HijackThis Download Site
Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.
Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.
Create a reply to this post here and right click in message area and select paste to paste the log into the post.
Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.
To see a tutorial with screenshots on using HijackThis you can click on the link below:
How to use HijackThis to remove Browser Hijackers, Malware, & Spyware
#3
joecool666
-
- Member
-
- 4 posts
New Member
Posted 01 September 2005 - 01:51 AM
this is the hijackthis log,
Logfile of HijackThis v1.99.1
Scan saved at 7:47:54 PM, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rlourevvv...yozU3I6gOXg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phzcogwrg...5hUQAYrEVY.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medionusa.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2378E768-80AD-2F92-4512-DFEE39B17960} - C:\DOCUME~1\Owner\APPLIC~1\STYLEA~1\firstidle.exe (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [greyboobthunkooze] C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\Keep heck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Joydupe] C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\DeleteCakeLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124552517406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
plz reply fast rents mad that comp is running slow lmao
Logfile of HijackThis v1.99.1
Scan saved at 7:47:54 PM, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rlourevvv...yozU3I6gOXg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phzcogwrg...5hUQAYrEVY.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medionusa.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2378E768-80AD-2F92-4512-DFEE39B17960} - C:\DOCUME~1\Owner\APPLIC~1\STYLEA~1\firstidle.exe (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [greyboobthunkooze] C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\Keep heck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Joydupe] C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\DeleteCakeLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124552517406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
plz reply fast rents mad that comp is running slow lmao
#4
LoPhatPhuud
-
- General Admin
-
- 15,730 posts
Master of Disaster Recovery
Posted 01 September 2005 - 02:23 AM
First:
Messenger Plus! 3 (and it predecessors) are a source of malware and will eventually compromise your system, if it has not already.
I strongly suggest that you remove Messenger Plus. Here's a page with instructions for proper removal of Messenger plus and it's sponsor.
http://chooseknowled...senger-Plus.htm
Second:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rlourevvv...yozU3I6gOXg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phzcogwrg...5hUQAYrEVY.html
O2 - BHO: (no name) - {2378E768-80AD-2F92-4512-DFEE39B17960} - C:\DOCUME~1\Owner\APPLIC~1\STYLEA~1\firstidle.exe (file missing)
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [greyboobthunkooze] C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\Keep heck.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKCU\..\Run: [Joydupe] C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\DeleteCakeLite.exe
Close all windows except HijackThis and click Fix checked.
While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\Program Files\Save\ <--delete entire folder
C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\ <--delete entire folder
C:\Program Files\Personal Money Tree\ <--delete entire folder
C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\ <--delete entire folder
*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.n...1916458,00.html
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
Messenger Plus! 3 (and it predecessors) are a source of malware and will eventually compromise your system, if it has not already.
I strongly suggest that you remove Messenger Plus. Here's a page with instructions for proper removal of Messenger plus and it's sponsor.
http://chooseknowled...senger-Plus.htm
Second:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rlourevvv...yozU3I6gOXg.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phzcogwrg...5hUQAYrEVY.html
O2 - BHO: (no name) - {2378E768-80AD-2F92-4512-DFEE39B17960} - C:\DOCUME~1\Owner\APPLIC~1\STYLEA~1\firstidle.exe (file missing)
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [greyboobthunkooze] C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\Keep heck.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKCU\..\Run: [Joydupe] C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\DeleteCakeLite.exe
Close all windows except HijackThis and click Fix checked.
While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\Program Files\Save\ <--delete entire folder
C:\Documents and Settings\All Users\Application Data\DRVPLAYGREYBOOB\ <--delete entire folder
C:\Program Files\Personal Money Tree\ <--delete entire folder
C:\DOCUME~1\Owner\APPLIC~1\VIEWBI~1\ <--delete entire folder
*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.n...1916458,00.html
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
#5
joecool666
-
- Member
-
- 4 posts
New Member
Posted 01 September 2005 - 03:01 AM
hey thanks that that did the trick well i got this sight bookmarked so i will be sure to come back here if i have ne more problems and that hijackthis tool is pretty useful for gettin rid of the addware and spyware and what not well ill probly be back here in like a few days LOL oh well
later
later
#6
LoPhatPhuud
-
- General Admin
-
- 15,730 posts
Master of Disaster Recovery
Posted 01 September 2005 - 03:23 AM
If you want to post here again, I suggest you follow the instructions given.
You were asked to run HiJackThis again and post the new log in this thread. We ask this to confirm that the log is clean, and that nothing was missed.
You were asked to run HiJackThis again and post the new log in this thread. We ask this to confirm that the log is clean, and that nothing was missed.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
