C:\Documents and Settings\Dan Grimes\
Desktop\hijackthis\HijackThis.exe
For the umpteenth time, MOVE Hijackthis to its own folder, NOT on the Desktop!!!!!
As I am not familiar with ColdFusion, I did not check any of its components, I'm assuming they are 'safe'.
Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
netserver.exe
netclient.exe
MsgPlus.exe
iexplore.exe (maybe 2 or more times)
Copy Knob.exe
Objuser.exe
UNinstall, if you can, anything to do with:
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\DOCUME~1\DANGRI~1\APPLIC~1\FilmWipe\Copy Knob.exe
This searchbar: C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (you can always reinstall if you trust it, I wouldn't!)
C:\DOCUME~1\DANGRI~1\APPLIC~1\anteheck\Objuser.exe
Next, run a HJT scan and place a tick-mark in the box before these lines (if still there):
C:\Program Files\
MessengerPlus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\
Netserver.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.pkwumioococgefhbafszvszv...BjAuPG8wRn9tEZYKccVCv_AvTW/ucrkaUyYE4zutF.htm
O2 - BHO: (no name) - {4C0277F9-A0B6-BBC9-F341-A8738A9B76EE} - C:\DOCUME~1\DANGRI~1\APPLIC~1\
FilmWipe\Copy Knob.exe
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\
WSBar\WSBar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Keep Cdrom] C:\DOCUME~1\DANGRI~1\APPLIC~1\
anteheck\Objuser.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
Unless this O17 is YOUR ISP, fix it:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB8B84A-2B48-409C-882C-E25214CD6548}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: NetServer - Unknown owner - C:\WINDOWS\system32\Netserver.exe" -service (file missing)
You need to decide if you want to fix this. The (file missing) indicates some error. HJT can 'fix' it, but I don't know the consequence.
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam
(file missing)
When done, delete the highlighted
bold files. When a
directory-name is
bold, delete everything in it, including that directory itself.
Also delete these files (should be in the same directory as C:\WINDOWS\system32\netserver.exe):
_setup.1
_setup.2
_setup.lib
netclient.exe
netserver.exe
Boot normal. When all OK, switch System Restore back on.