1
   

hijackthis

Forums: Computers
Email this Topic Print this Page
 
 
dkDarkStar
 
Reply Tue 2 Nov, 2004 10:27 am
I have been getting popups, my computer has been running slower, and evertime i set my home page it chages once i close out of the internet explorer window. Can someone please tell me what i need to delet? thanks!

Logfile of HijackThis v1.97.7
Scan saved at 8:26:54 AM, on 11/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\mfcbj32.exe
C:\WINDOWS\System32\arvqsh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan\Application Data\msrc.exe
C:\WINDOWS\System32\w?wexec.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\sdkwh.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan\Desktop\DansStuff\Virus_Killer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
O2 - BHO: (no name) - {97B9D480-3E6F-E85D-516A-07F1EB5299DA} - C:\WINDOWS\mfcnu.dll
O4 - HKLM\..\Run: [\\448SM01\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P40 "\\448SM01\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on 448SM01] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P46 "Auto EPSON Stylus Photo R300 Series on 448SM01" /O20 "\\448SM01\Epson_300R" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mfcbj32.exe] C:\WINDOWS\mfcbj32.exe
O4 - HKLM\..\Run: [fneirdlla] C:\WINDOWS\System32\arvqsh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Sloa] C:\Documents and Settings\Dan\Application Data\msrc.exe
O4 - HKCU\..\Run: [Apv] C:\WINDOWS\System32\w?wexec.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 792 • Replies: 1
No top replies

 
Don77
 
  1  
Reply Tue 2 Nov, 2004 09:48 pm
HidkDarkstart and welcome to A2K

We need you to do a few things for ups, Print out the following instructions,


First
Unzip AboutBuster to your desk top, Check it for updates, Don't run it yet,

Next
Dowload the following program

CWShredder
It should be the current version, but check for updates

Run Program cwshredder and have it fix anything it finds.

Make sure you click the "Fix" button

Next
Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer


Next
Dowload the latest version of Spybot 1.3. Please check it for updates, Run the program and have it fix anything it finds in Red.


Restart your computer,

I only want you to download the above programs and update them, Print out these instructions, After all the above programs are downloaded and update, Do Not get back online till you are finshed with the following,


Next
Next reboot to safe mode ( By tapping the F8 key on start up)
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ujlkl.dll/sp.html#32777
O2 - BHO: (no name) - {97B9D480-3E6F-E85D-516A-07F1EB5299DA} - C:\WINDOWS\mfcnu.dll
O4 - HKLM\..\Run: [mfcbj32.exe] C:\WINDOWS\mfcbj32.exe
O4 - HKLM\..\Run: [fneirdlla] C:\WINDOWS\System32\arvqsh.exe
O4 - HKCU\..\Run: [Apv] C:\WINDOWS\System32\w?wexec.exe

Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\mfcnu.dll
C:\WINDOWS\mfcbj32.exe
C:\WINDOWS\System32\arvqsh.exe
C:\WINDOWS\System32\w?wexec.exe

Next
Open AboutBuster and run the program please,
Save the log in generates,
Run 1 more time again save the log again.

Next
Restart your computer,
Open AboutBuster again running it 2 more times in normal mode, Again save the logs it generates,
Next
Perform the scans with Ad-aware, CWShredder and spybot,
Restart your computer.

Next
Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt.
Unzip HijackThis into this folder. Launch Hijack This, then press Scan, and press Save Log

Next
Post back the logs from AboutBuster and HJT please
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » hijackthis
Copyright © 2026 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 02/01/2026 at 10:18:24