TechSpot

Hijckthis log anyone help please

By docks
Jan 7, 2005
  1. hi Im a new member here and I need some help. PC is freezing up. Not sure what to do. thanks
     

    Attached Files:

  2. iamevl

    iamevl TS Rookie

    get rid of these in hijack this and it will help


    O1 - Hosts: 203.161.127.141 xxx.dcsresearch.xxx (spyware)
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

    C:\Program Files\DeskAd Service\DeskAdServ.exe
    C:\Program Files\DeskAd Service\DeskAdKeep.exe (these are part of windows update but a spyware supported )

    find out about these unknown items they might be a hinderance

    O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - //xxx.eingang69.de/EroticAccess/Cabs/1843023.cab

    run ad-aware with the latest update, fix all probs then re hijack and repost that




    :giddy:
     
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    iamevl

    I don't claim to have a monopoly on HJT-logs, but you would be better advised, to send any new people with a Hijackthis log to my post here: How to remove Begin2Search / Coolwebsearch
    And giving only SOME advise is just as dangerous as giving WRONG advise.


    docks

    Go to my above mentioned post first and follow the instructions EXACTLY.

    Then reboot in Safe Mode

    Uninstall anything to do with:
    C:\Program Files\DeskAd Service\DeskAdServ.exe
    Delete C:\Program Files\DeskAd Service\ with everything that might still be in it

    Run HJT on its own and let it "fix" (if still there):

    C:\Program Files\DeskAd Service\DeskAdServ.exe
    C:\Program Files\DeskAd Service\DeskAdKeep.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ntlworld.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.254.128.5:8080
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
    O4 - Global Startup: Startup.exe
    O4 - Global Startup: Startup.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe
    O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
    O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    --->>> You do NOT trust ANYbody EVER <<<---
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843023.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c336.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100900742051
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O20 - AppInit_DLLs: apihookdll.dll <<-- wherever it sits on your HD

    Delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
     
  4. iamevl

    iamevl TS Rookie

    roger that rbs

    i only posted coz no one else had yet and i know how frustrating it is waiting!!! :grinthumb

    dont suppose you got any clue on my prob with firebird??
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    iamevl (or should this be iamevil?)

    that's OK. In my timezone (GMT/UTC), docks posted while I was having my dinner, and in the evening I (and a lot of other people) have other things to do.
    Check your other Firefox post.
     
  6. docks

    docks TS Rookie Topic Starter

    heres new log

    thanks realblackstuff, followed you guide and here id new log. anything else
    cheers.
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...