1
   

Here is my HIJACK THIS Report, PLEASE HELP!!!>>>...

Forums: Internet
Email this Topic Print this Page
 
 
rluto
 
Reply Mon 14 Jun, 2004 03:46 pm
I ran Hijack This and came up with this report. I have adaware and spybot search and destroy, and i also ran cw shredder. Ok, ever since yesterday i've been having 2 problems with my computer.

1. any website i type in without the "www" or the "http://" doesnt go to the website like it used to, instead it brings me to a "windows help center" website. How do I stop this from happening and go back to the way it was? For example, before I could type in "pc.ign.com" and it would just go to it but now it brings me to this "help" website that probobaly isnt related to windows at all.

2. I keep getting this "only the best" pop up add and I cant figure out how to stop it.

I have ran adaware, norton antivirus, and spybot search and destroy and am still having problems. Here is my Hijack This report

Logfile of HijackThis v1.97.7
Scan saved at 4:26:00 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sdkjb.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\atldl32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\briwk.dll/sp.html#1701983794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://briwk.dll/index.html#1701983794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://briwk.dll/index.html#1701983794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\briwk.dll/sp.html#1701983794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://briwk.dll/index.html#1701983794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\briwk.dll/sp.html#1701983794
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FD93A6CA-5B7B-199D-F228-FCAC0ADAFD02} - C:\WINDOWS\mfcnm32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKLM\..\Run: [d3ey32.exe] C:\WINDOWS\system32\d3ey32.exe
O4 - HKLM\..\Run: [sdkjb.exe] C:\WINDOWS\sdkjb.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15a6c936d6675df15306/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 743 • Replies: 3
No top replies

 
rluto
 
  1  
Reply Mon 14 Jun, 2004 04:37 pm
Ohh and now I cant run any applications that connect to the internet either, such as City of Heroe's, Kazaa and windows update. It just gives me an error message and says it has to close. However I can download programs etc. directly from the internet. Im thinking about just re-installing windows. I wont lose everything on my hard drive will I?
0 Replies
 
rluto
 
  1  
Reply Wed 16 Jun, 2004 01:26 am
Can I get some help?
0 Replies
 
Nirvana
 
  1  
Reply Thu 17 Jun, 2004 05:14 pm
You certainly can, please follow these instructions:

Step 1. Download this file from
http://downloads.subratam.org/dllfix.exe
or
http://tools.zerosrealm.com/dllfix.exe
and save it in a place you like.


Step 2. The file when downloaded will be dllfix.exe.

Step 3. Double-Click or Open the self-extracting file. It will ask for installation and change location. Please Keep it in BOOT drive and not in any place else. Preferably in Desktop.

Step 4. Navigate to the folder with the contents of the file. You will see there are two more folders inside and two BAT files.

Step 5. Run start.bat and you should get a screen with 4 options.

Run the Option 1. for report.

Step 6. Once the search is complete a ".txt" file should pop up with the name "Output.txt".

Copy and paste that file back to this thread.

Whatever you do, don't reboot before I reply to your posted report as we are looking for a bad .dll file which is hidden. If you reboot it may morph (change it's name) then we'll be back to square one.
0 Replies
 
 

Related Topics

Obama Promotes Making the Internet a Utility - Discussion by engineer
YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Tracking and revealing the trolls....ok or not? - Question by dlowan
You are calling Congress about SOPA today, right? - Discussion by maxdancona
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Are you for or against net neutrality, and why? - Discussion by Pronounce
Internet Explorer 8? - Question by Pitter
Blizzard Forum Says You Must Use Real Names ... - Discussion by jespah
 
  1. Forums
  2. » Here is my HIJACK THIS Report, PLEASE HELP!!!>>>...
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 01/11/2025 at 06:45:08