Hijckthis log anyone help please

Status
Not open for further replies.
Hi Im a new member here and I need some help. PC is freezing up. Not sure what to do. thanks
 

Attachments

  • Logfile of HijackThis v1.txt
    5 KB · Views: 8
get rid of these in hijack this and it will help


O1 - Hosts: 203.161.127.141 xxx.dcsresearch.xxx (spyware)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe (these are part of windows update but a spyware supported )

find out about these unknown items they might be a hinderance

O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - //xxx.eingang69.de/EroticAccess/Cabs/1843023.cab

run ad-aware with the latest update, fix all probs then re hijack and repost that




:giddy:
 
iamevl

I don't claim to have a monopoly on HJT-logs, but you would be better advised, to send any new people with a Hijackthis log to my post here: How to remove Begin2Search / Coolwebsearch
And giving only SOME advise is just as dangerous as giving WRONG advise.


docks

Go to my above mentioned post first and follow the instructions EXACTLY.

Then reboot in Safe Mode

Uninstall anything to do with:
C:\Program Files\DeskAd Service\DeskAdServ.exe
Delete C:\Program Files\DeskAd Service\ with everything that might still be in it

Run HJT on its own and let it "fix" (if still there):

C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.254.128.5:8080
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - Global Startup: Startup.exe
O4 - Global Startup: Startup.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O15 - Trusted Zone: .windowsupdate.microsoft.com[/url]
O15 - Trusted Zone: http://download.windowsupdate.com
--->>> You do NOT trust ANYbody EVER <<<---
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843023.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c336.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100900742051
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - AppInit_DLLs: apihookdll.dll <<-- wherever it sits on your HD

Delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
 
roger that rbs

i only posted coz no one else had yet and i know how frustrating it is waiting!!! :grinthumb

dont suppose you got any clue on my prob with firebird??
 
iamevl (or should this be iamevil?)

that's OK. In my timezone (GMT/UTC), docks posted while I was having my dinner, and in the evening I (and a lot of other people) have other things to do.
Check your other Firefox post.
 
Clean, except:

Let HJT "fix" in safe mode:
O15 - Trusted Zone: .windowsupdate.microsoft.com[/url]
O15 --->>> You do NOT trust ANYbody EVER <<<---
 
Status
Not open for further replies.
Back