can some one please help me

Discussion in 'adware, spyware & hijack cleaning' started by swtmaiden, Jul 1, 2004.

Thread Status:
Not open for further replies.
  1. swtmaiden

    swtmaiden Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    im not sure on what needs to go or to stay if you could please help me it would be much appriciated



    Logfile of HijackThis v1.98.0
    Scan saved at 7:58:00 PM, on 7/1/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\System32\dodsij.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\keli\My Documents\My Music\all my downlaods\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    R3 - Default URLSearchHook is missing
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
    O1 - Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [vbsjlrn] C:\WINDOWS\System32\dodsij.exe
    O4 - HKLM\..\Run: [edwipesq] C:\WINDOWS\System32\edwipesq.exe
    O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DKMessenger] C:\Program Files\DKware\DKMessenger\DKMessenger.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{492C9503-1576-4AF6-B2CE-CC311C6BD42F}: NameServer = 203.97.33.14 203.97.37.14



    thnk you very much for you time
     
    swtmaiden, Jul 1, 2004
    #1
  2. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello swtmaiden,

    I would like you to start with this:

    Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

    Next, download Spybot S&D Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

    Reboot the computer.

    Run Hijackthis again and post a fresh log here.
     
    Taz71498, Jul 2, 2004
    #2
  3. swtmaiden

    swtmaiden Registered Member

    Joined:
    May 4, 2004
    Posts:
    4
    thanks taz that is a fresh one after cwshredder and spybot was used
     
    swtmaiden, Jul 3, 2004
    #3
  4. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hi,

    Ok, then run HJT again and check these items and then on Fix:

    R3 - Default URLSearchHook is missing


    O4 - HKLM\..\Run: [vbsjlrn] C:\WINDOWS\System32\dodsij.exe
    O4 - HKLM\..\Run: [edwipesq] C:\WINDOWS\System32\edwipesq.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Reboot the computer into safe mode

    Make sure you can view all hidden files and folders

    Find and delete these files/folders:

    C:\WINDOWS\System32\dodsij.exe
    C:\WINDOWS\System32\edwipesq.exe

    Reboot into normal mode and post a new log.
     
    Taz71498, Jul 6, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...