Would you plz help me with this HijackThis log file. Thanks much in advance. Logfile of HijackThis v1.97.2 Scan saved at 21:30:58, on 09.10.2003 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAMFILER\MESSENGER PLUS! 2\MSGPLUS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAMFILER\ROXIO\WINONCD\DIRECTCD\DIRECTCD.EXE C:\PROGRAMFILER\FELLESFILER\REAL\UPDATE_OB\EVNTSVC.EXE C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMFILER\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMFILER\DAP\DAP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAMFILER\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX01.304\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ /> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com /> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAMFILER\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\WinOnCD\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMFILER\WINAMP\WINAMPa.exe" O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [AvxIni] c:\programfiler\softwin\bdhome\avxinit.exe O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Symantec Setup Launcher.lnk = C:\WINDOWS\TEMP\SymLnch.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programfiler\Free Downloads Accelerator\fdaie.htm O9 - Extra button: Kangaroo (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Net2Phone (HKLM) O9 - Extra 'Tools' menuitem: Net2Phone (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab /> O16 - DPF: {73973630-3F6B-4112-972E-F9CB01365C1F} (PalInstl Class) - http://www.paltalk.com/paltalk2/Download/InstlWiz.CAB /> O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab /> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab /> O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab /> O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab /> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab /> O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB /> O16 - DPF: {B842835B-769C-4041-9E0C-5CCC1D0334AB} (kevin.UserControl1) - http://voicecafe.optecs.net/kevin/kevin.CAB /> O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab /> O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab /> O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab /> O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab /> O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab /> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab /> O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab /> O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab /> O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab /> O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab />
Hi Espart, There is not very much wrong with your log. Check the following items in HijackThis. Close all windows except HijackThis and click Fix checked: O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O9 - Extra button: Net2Phone (HKLM) O9 - Extra 'Tools' menuitem: Net2Phone (HKLM) Then reboot. Was there any special reason you posted your log? Regards, Pieter
Thanks alot i will do what u said and the reason i posted the log file was that my loving computer is infected by this virus or whatever its called Dialer...I tried some anti virus programs, but they couldn't remove the virus.
If u have a dialer u will need a differnt program such as spybot search and destroy. U can dl it from the link in my signature.
I'm curious about this startup entry: O4 - Startup: Symantec Setup Launcher.lnk = C:\WINDOWS\TEMP\SymLnch.exe I've never heard of it before, and I somehow doubt it's indeed by Symantec. But that should be easy to find out: Please find the C:\WINDOWS\TEMP\SymLnch.exe file, rightclick it, and choose 'Properties'. What does it say? If it's not by Symantec, please send a copy of the file to this e-mail address for analysis. It smells like a baddie, and in that case we'd want to forward copies to the developers ASAP! We'd appreciate it! Subsequently have Hijack This fix that line, reboot, and delete the ENTIRE contents of your C:\Windows\Temp folder. Cheers,