TechSpot

Trying to post hijackthis log

By Dunamis5000
Jan 14, 2005
  1. I'm trying to post my hijackthis log but it kept saying that there were URL's in my message...no crap they're part of the log. Even after I deleted the URL's it still said I had some in the message...what's up with this?
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

  3. Dunamis5000

    Dunamis5000 TS Rookie Topic Starter

    My hijackthis log...

    Could someone check over my log? I would greatly appreciate it. And I apologize for asking "silly" questions blackstuff i'll do more research in the future. I attached the log as a txt file to this message. Thanks for your help!
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Run HJT in safe mode, on its own, and let it "fix":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = guardian.oru.edu:8080
    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O2 - BHO: C:\WINDOWS\lbbho.dll - {C7DD1DE5-AF66-4198-A7CA-220FD13DA42E} - C:\WINDOWS\lbbho.dll
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
    O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095818176906
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = oru.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = oru.edu
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = oru.edu
    O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

    Delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
     
  5. Dunamis5000

    Dunamis5000 TS Rookie Topic Starter

    one more problem...

    I really appreciate your help blackstuff, and I'm sorry to bother you again. I have Norton Internet Security and Norton Antivirus, and every couple of hours I get a notification that a virus has been detected and deleted. It keeps happening (for about a week now) and I've been searching google for help on the issue but can't find much about it besides what it is and what happens if the file is opened. Do I have reason to be concerned? Here are the 2 viruses:

    Object Name C:\WINDOWS\system 32\ftpupd.exe
    Virus Name W32.Korgo.W

    Object Name C:\WINDOWS\system 32\QuicktimeMngr.exe
    Virus Name W32.spybot.worm
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    ftpupd.exe
    See removal-instructions here:
    http://www.globalhauri.com/html/support/virus_read.html?page=6&code=WOW3000599

    QuicktimeMngr.exe
    Boot in Safe Mode, in Taskmanager (Ctrl/Alt/Del) try to STOP the process. Then delete the file if you can.
    Click Start/Run and type in msconfig and hit Enter.
    See if it is mentioned in a startup-section. If in the Registry, delete that entry using Regedit. If in Startup, delete it from there.

    Check if you have a file c:\windows\system32\c.bat. If so, delete it
    Then make sure you have your Windoze FULLY updated with ALL the security patches.
    Let us know how you get on.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.