Alright, I have a Dell Dimension 8250 running IE and XP and I've got something on my computer that keeps fucking up links, loading search engine/resource pages and resetting my home page, as well as repetatively installing "Lycos Sidesearch," "Adult Links," "XXXToolbar" and refusing to permanently delete them.
Anyone familiar with what's going on? Any help?
Need Help!!!!
Moderator: Thanas
-
Illuminatus Primus
- All Seeing Eye
- Posts: 15774
- Joined: 2002-10-12 02:52pm
- Location: Gainesville, Florida, USA
- Contact:
Need Help!!!!
"You know what the problem with Hollywood is. They make shit. Unbelievable. Unremarkable. Shit." - Gabriel Shear, Swordfish
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
Run Spybot Search & Destroy ASAP. Then run HiJack This! and post the logfile.
-
Illuminatus Primus
- All Seeing Eye
- Posts: 15774
- Joined: 2002-10-12 02:52pm
- Location: Gainesville, Florida, USA
- Contact:
The logfile?phongn wrote:Run Spybot Search & Destroy ASAP. Then run HiJack This! and post the logfile.
"You know what the problem with Hollywood is. They make shit. Unbelievable. Unremarkable. Shit." - Gabriel Shear, Swordfish
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
-
Illuminatus Primus
- All Seeing Eye
- Posts: 15774
- Joined: 2002-10-12 02:52pm
- Location: Gainesville, Florida, USA
- Contact:
Code: Select all
Logfile of HijackThis v1.97.7
Scan saved at 5:30:14 PM, on 12/9/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\hffptrms.exe
C:\WINDOWS\qkshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\John Edward Vermazen\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132986
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132986
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {964F4EFE-122D-8DBC-FC35-BEB5E174260B} - C:\WINDOWS\system32\injjjxgu.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [jfalsuoa] C:\WINDOWS\hffptrms.exe
O4 - HKLM\..\Run: [QuikShield] qkshield.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37729.821400463
O16 - DPF: {A3852FBD-AC5C-88C0-3AEC-B8B0AD7EE3A9} (DownloadUL Class) - http://public.searchbarcash.com/cab/348/rpuxgbdz.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-9600-000000000000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Well I was finally able to download this and boot it up."You know what the problem with Hollywood is. They make shit. Unbelievable. Unremarkable. Shit." - Gabriel Shear, Swordfish
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
"This statement, in its utterly clueless hubristic stupidity, cannot be improved upon. I merely quote it in admiration of its perfection." - Garibaldi in reply to an incredibly stupid post.
The Fifth Illuminatus Primus | Warsie | Skeptical Empiricist | Florida Gator | Sustainability Advocate | Libertarian Socialist |
/jaw drops
Rip out this stuff. MAKE A BACKUP. Some of the things to be removed are educated guesses.
Rip out this stuff. MAKE A BACKUP. Some of the things to be removed are educated guesses.
Code: Select all
C:\WINDOWS\hffptrms.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132986
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132986
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {964F4EFE-122D-8DBC-FC35-BEB5E174260B} - C:\WINDOWS\system32\injjjxgu.dll
O4 - HKLM\..\Run: [jfalsuoa] C:\WINDOWS\hffptrms.exe
O16 - DPF: {A3852FBD-AC5C-88C0-3AEC-B8B0AD7EE3A9} (DownloadUL Class) - http://public.searchbarcash.com/cab/348/rpuxgbdz.cab-
darthdavid
- Pathetic Attention Whore
- Posts: 5470
- Joined: 2003-02-17 12:04pm
- Location: Bat Country!
While you're at it get Spyware Guard. If you can run an anti-virus you can run this. It's basically an anti virus for spyware. Free as well. Haven't gotten one bit of spyware since getting it.
-
General Zod
- Never Shuts Up
- Posts: 29211
- Joined: 2003-11-18 03:08pm
- Location: The Clearance Rack
- Contact:
another good one to get is ad-aware from Lava Soft, which is fairly popular. for spyware information and tips i'd recommend going to Spyware Info for help. those should be able to take care of any problems. though i may have mistyped spyware's website (not entirely sure), if so just substsitute .com for .org and it should work.
"It's you Americans. There's something about nipples you hate. If this were Germany, we'd be romping around naked on the stage here."