Hijack

watto · Mar 25, 2004

Sorry it took so long. Here is my log:

Logfile of HijackThis v1.97.7
Scan saved at 20:52:42, on 25/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopupRemover\PopRController.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\ares.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Documents and Settings\Phil Watson\Local Settings\Temp\Temporary Directory 6 for hijackthis1977.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {3D2C1DA4-BCD3-4317-9548-2E08BD222FF0} - C:\PROGRA~1\POPUPR~1\POPUPS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [PopupRemoverCtrl] C:\Program Files\PopupRemover\PopRController.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\ares.exe" -h
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38010.2418287037
O17 - HKLM\System\CCS\Services\Tcpip\..\{312AFC0A-71D6-4386-B2BC-D93EEA22D419}: NameServer = 80.225.249.186 80.225.249.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{312AFC0A-71D6-4386-B2BC-D93EEA22D419}: NameServer = 80.225.249.186 80.225.249.178

Got MSN search back. Does everything look ok now or, is there anything else that needs delelting?

watto · Mar 25, 2004

I also ran spysweeper and got the following messages in grey boxes, which I cannot delete:

Software definition is bad
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\default prefix.

Software definition is bad
HKEY_CURRENT_USER\software\microsoft\internet explorer\search\url

Don't know if you can help with this one?

watto · Mar 26, 2004

Pieter
I can see you are on line and I am waiting patiently for a reply.

Please

Pieter_Arntz · Mar 26, 2004

quoting: watto link=board=17;threadid=24402;start=15#msg150332 date=1080337805]
Pieter
I can see you are on line and I am waiting patiently for a reply.

Please
Click to expand...

LOL.

Copy & paste the part in bold below into notepad and save it as urls.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\search\url]

Then doubleclick the registry file you made and confirm you want to merge it with the registry.

Regards,

Pieter

watto · Mar 26, 2004

Sorry I have saved it in notepad but don't understand the rest of it. If you could make it a little simpler

puff-m-d · Mar 26, 2004

Hi watto,

Ok you saved it. Is the name you saved it as urls.reg not urls.reg.txt or anything else? If not, rename it url.reg. Then doubleclick it to run and then OK or YES to continue and let it merge its data into your registry....

Then reboot...

HTH...

Regards,
Kent

Log in or Sign up

Hijack

watto Registered Member

watto Registered Member

watto Registered Member

Pieter_Arntz Spyware Veteran

watto Registered Member

puff-m-d Registered Member

Log in or Sign up

Hijack

watto Registered Member

watto Registered Member

watto Registered Member

Pieter_Arntz Spyware Veteran

watto Registered Member

puff-m-d Registered Member

Useful Searches