Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 09-13-2004, 11:39 PM   #1
Beta Member
 
Join Date: Sep 2004
Posts: 1
Default need help getting rid of virus using hijack

having trouble finding which files to delete after a hijack scan. Recieved this file using aim and am recieving tons of popups and cant use task manager. please help?



Logfile of HijackThis v1.98.2
Scan saved at 10:32:54 PM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ntdel\wircd.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winad Client\Winad.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Winad Client\WinClt.exe
C:\active.exe
C:\documents and settings\mike hinterlong\local settings\temp\ZH92gv.exe
C:\documents and settings\mike hinterlong\local settings\temp\KyIX5zF.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exe
C:\WINDOWS\System32\REAIPLAY.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Documents and Settings\Mike Hinterlong\Application Data\hgv?e.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\WINDOWS\System32\EfkBS4.exe
C:\WINDOWS\System32\GzvUc25s.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike Hinterlong\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chicago.cubs.mlb.com/NASApp/m...x.jsp?c_id=chc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3DF0105E-C762-09CF-8122-66550DA12918} - C:\WINDOWS\System32\zkqgmytk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mike Hinterlong\Local Settings\Temp\oho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
__________________

schwing00 is offline   Reply With Quote
Old 09-14-2004, 01:47 AM   #2
Solid State Member
 
Join Date: Sep 2004
Posts: 14
Default Re: need help getting rid of virus using hijack

Hello


Download and run Bazooka Spy Scanner and X-Cleaner...

http://www.spychecker.com/software/antispy.html
__________________

Windoze is offline   Reply With Quote
Old 09-14-2004, 02:49 AM   #3
Fully Optimized
 
Dynamix's Avatar
 
Join Date: Aug 2004
Posts: 2,463
Default Re: need help getting rid of virus using hijack

For virus checker AVG from www.grisoft.com
Dynamix is offline   Reply With Quote
Old 09-14-2004, 05:04 PM   #4
BSOD
 
FuRgy's Avatar
 
Join Date: Aug 2004
Posts: 1,692
Default Re: need help getting rid of virus using hijack

Also try Ad-aware...Just type it into google...good program...Helped me clean up my PC Of spyware adware
FuRgy is offline   Reply With Quote
Old 09-14-2004, 05:22 PM   #5
Fully Optimized
 
Dynamix's Avatar
 
Join Date: Aug 2004
Posts: 2,463
Default Re: need help getting rid of virus using hijack

its at www.lavasoft.com
Dynamix is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:32 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0