also @ TechSpot: Windows logo to get a Metro makeover in Windows 8
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Software > Software Apps
Reload this Page Hijckthis log anyone help please

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

Hijckthis log anyone help please
Thread Tools Search this Thread
  #1  
Old 01-07-2005
Newcomer, in training
  
Member since: Jan 2005, 2 posts
Hijckthis log anyone help please
hi Im a new member here and I need some help. PC is freezing up. Not sure what to do. thanks
Attached Files
File Type: txt Logfile of HijackThis v1.txt (5.0 KB, 8 views)
  #2  
Old 01-07-2005
iamevl's Avatar
Newcomer, in training
  
Location: uk
Member since: Jan 2005, 8 posts
get rid of these in hijack this and it will help


O1 - Hosts: 203.161.127.141 xxx.dcsresearch.xxx (spyware)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe (these are part of windows update but a spyware supported )

find out about these unknown items they might be a hinderance

O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - //xxx.eingang69.de/EroticAccess/Cabs/1843023.cab

run ad-aware with the latest update, fix all probs then re hijack and repost that




:giddy:
  #3  
Old 01-08-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
iamevl

I don't claim to have a monopoly on HJT-logs, but you would be better advised, to send any new people with a Hijackthis log to my post here: How to remove Begin2Search / Coolwebsearch
And giving only SOME advise is just as dangerous as giving WRONG advise.


docks

Go to my above mentioned post first and follow the instructions EXACTLY.

Then reboot in Safe Mode

Uninstall anything to do with:
C:\Program Files\DeskAd Service\DeskAdServ.exe
Delete C:\Program Files\DeskAd Service\ with everything that might still be in it

Run HJT on its own and let it "fix" (if still there):

C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.254.128.5:8080
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - Global Startup: Startup.exe
O4 - Global Startup: Startup.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
--->>> You do NOT trust ANYbody EVER <<<---
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843023.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c336.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100900742051
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - AppInit_DLLs: apihookdll.dll <<-- wherever it sits on your HD

Delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
  #4  
Old 01-08-2005
iamevl's Avatar
Newcomer, in training
  
Location: uk
Member since: Jan 2005, 8 posts
roger that rbs

i only posted coz no one else had yet and i know how frustrating it is waiting!!!

dont suppose you got any clue on my prob with firebird??
  #5  
Old 01-08-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
iamevl (or should this be iamevil?)

that's OK. In my timezone (GMT/UTC), docks posted while I was having my dinner, and in the evening I (and a lot of other people) have other things to do.
Check your other Firefox post.
  #6  
Old 01-08-2005
Newcomer, in training
  
Member since: Jan 2005, 2 posts
heres new log
thanks realblackstuff, followed you guide and here id new log. anything else
cheers.
Attached Files
File Type: txt Logfile of HijackThis v2.txt (2.8 KB, 4 views)
  #7  
Old 01-09-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
Clean, except:

Let HJT "fix" in safe mode:
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 --->>> You do NOT trust ANYbody EVER <<<---
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 04:37 AM.