hijack log

Question

I'm unable to get hijack this button to do anything on Tomcoyote, or whatever it is, website to do anything to get a hijack log. My explorer is running slowly and I would like someone to look at my log.

Deborah B · Answer

try this direct link http://tomcoyote.com/hjt/HijackThis.exe

RyanDVM · Answer

Sorry, thanks for being patient.  Through all this, the problem is that Internet Explorer is running very slowly and sometimes my computer will re-boot.  See if there is anything in here that might be responsible.  I prob. won't look back until tomorrow.   Logfile of HijackThis v1.97.7Scan saved at 11:19:37 PM, on 5/25/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Compaq\Easy Access Button Support\StartEAK.exeC:\WINDOWS\System32\Smtray.exeC:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXEC:\WINDOWS\BBStore\DSS\DSSAGENT.EXEC:\COMPAQ\CPQINET\CPQInet.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\PROGRA~1\NORTON~1
avapw32.exeC:\Compaq\EAKDRV\EAUSBKBD.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exeC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exeC:\Program Files\Borland\InterBase\bin\ibguard.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exeC:\WINDOWS\System32\hpoipm07.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Borland\InterBase\bin\ibserver.exeC:\Program Files\Common Files\Real\Update_OBealsched.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Outlook Express\msimn.exeC:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\S5MFOLEJ\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megavision.net/home.aspR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megavision.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dtnspeed.net/home/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = provided by Community Internet Systems, Inc.R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] 'C:\Program Files\COMPAQ\Coloreal\coloreal.exe' O4 - HKLM\..\Run: [Smapp] Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Support (HKCU) O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin5.dll O14 - IERESET.INF: START_PAGE_URL=http://www.dtnspeed.net/home/ O15 - Trusted Zone: www.dvaucvtionline.com O15 - Trusted Zone: *.www.d O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.agdayta.com/AgToolbar/Install.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24dc7f589873fc890402/netzip/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37594.4545486111 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: Domain = megavision.com O17 - HKLM\System\CCS\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: NameServer = 204.77.164.100,204.77.178.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{74A601C8-9548-4ADD-BD1F-3F55AF3C0E30}: Domain = megavision.com O17 - HKLM\System\CCS\Services\Tcpip\..\{74A601C8-9548-4ADD-BD1F-3F55AF3C0E30}: NameServer = 204.77.164.100,204.77.178.124 O17 - HKLM\System\CS1\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: Domain = megavision.com O17 - HKLM\System\CS1\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: NameServer = 204.77.164.100,204.77.178.124

RyanDVM · Answer

All it does is open another identical link

Deborah B · Answer

try these mirror links: http://www.spywareinfo.com/~merijn/files/HijackThis.exehttp://www.siena.edu/antivirus/software/hjtlog.exe

RyanDVM · Answer

No, I can browse these sites albeit slowly.  Think I'll give it a rest till tomorrow.  Any ideas let me know.  Thanks.

Deborah B · Answer

well we need to at least get a copy/paste of it somehow. does this not work?

in the hijackthis logfile:
click edit>>select all. everything gets selected, then
click edit>>copy. that copies everything.
come back here, then
right-click, then click paste

RyanDVM · Answer

How do I get you to view my hijack log?

RyanDVM · Answer

I have a hijack log saved on a HJT folder on my local disk in a notepad file but it won't let me copy and paste it.  How can I get it sent here.

Deborah B · Answer

hmmm, well i dont think the forum allows the upload of actual files.  how have you tried to copy/paste?

Deborah B · Answer

hmmm, clicking on that link should force a download of the file.  are you having problems browsing other sites?  yahoo? google? maybe an antivirus site like symantec? or mcafee?

RyanDVM · Answer

Hey, I got a log via spyware link.  However I need help on how to post it so someone can see it.  Sorry I'm not the swiftest about PC's.

Deborah B · Answer

when your computer reboots, do you remember any of the messages it gives, if you get them at all? maybe a message about having 60 seconds until shutdown? if so, that sounds like the sasser worm, or even the older blaster worm. your log doesnt look too out of the ordinary, however, i'd like you to check the following entries, when you do that , make sure all other windows are closed then click "fix".

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.agdayta.com/AgToolbar/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24dc7f589873fc890402/netzip/RdxIE601.cab
O15 - Trusted Zone: *.www.d

as far as the sasser worm possibility, it wont hurt to make sure you are patched. make sure you goto http://windowsupdate.microsoft.com and make sure you have all critical updates, as I suspect this might be the issue with the rebooting.

ChrisRLG · Answer

Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. When you run HijackThis from this folder and have it 'Fixed checked' it will create a backup file of modifications to use if restore is necessary. Please delete the old copy (including the zip copy) so it can't be used.

RyanDVM · Answer

Once again here is my hijack log.  internet explorer is running slowly.  I wonder if antyhing in here is resposible.  I have the log saved on my c drive in a HJT folder I created but I need help on how to run 'fixed checked' from this folder or how to run 'fixed checked' period.  I'm afraid I'll delete something important.     Logfile of HijackThis v1.97.7Scan saved at 6:49:58 PM, on 5/26/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Compaq\Easy Access Button Support\StartEAK.exeC:\WINDOWS\System32\Smtray.exeC:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXEC:\COMPAQ\CPQINET\CPQInet.exeC:\Compaq\EAKDRV\EAUSBKBD.EXEC:\WINDOWS\BBStore\DSS\DSSAGENT.EXEC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\PROGRA~1\NORTON~1
avapw32.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exeC:\Program Files\Common Files\Real\Update_OBealsched.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exeC:\Program Files\Borland\InterBase\bin\ibguard.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exeC:\WINDOWS\System32\hpoipm07.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exeC:\Program Files\Borland\InterBase\bin\ibserver.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\hjtlog.exec:\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megavision.net/home.aspR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megavision.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dtnspeed.net/home/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = provided by Community Internet Systems, Inc.R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] 'C:\Program Files\COMPAQ\Coloreal\coloreal.exe' O4 - HKLM\..\Run: [Smapp] Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Support (HKCU) O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin5.dll O14 - IERESET.INF: START_PAGE_URL=http://www.dtnspeed.net/home/ O15 - Trusted Zone: www.dvaucvtionline.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24dc7f589873fc890402/netzip/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37594.4545486111 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: Domain = megavision.com O17 - HKLM\System\CCS\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: NameServer = 204.77.164.100,204.77.178.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{74A601C8-9548-4ADD-BD1F-3F55AF3C0E30}: Domain = megavision.com O17 - HKLM\System\CCS\Services\Tcpip\..\{74A601C8-9548-4ADD-BD1F-3F55AF3C0E30}: NameServer = 204.77.164.100,204.77.178.124 O17 - HKLM\System\CS1\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: Domain = megavision.com O17 - HKLM\System\CS1\Services\Tcpip\..\{10C81F69-BB60-4B70-8E25-3478C14E47C4}: NameServer = 204.77.164.100,204.77.178.124

ChrisRLG · Answer

Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked. All R0/R1 lines except the one home and one searc h page you would like to keep.O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\DSSAGENT.EXEO15 - Trusted Zone: www.dvaucvtionline.com (If not set by you)O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24dc7f589873fc890402/netzip/RdxIE601.cabThen Reboot to safe mode (F8 on boot) and delete the following files/folders:-NOTE: To avoid the risk of any of the above not being found due to them having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show: How to Show Hidden/System Files : http://www.xtra.co.nz/help/0,,4155-1916458,00.html Folder > C:\WINDOWS\BBStore\DSS\Then Reboot and post a fresh log for me to check.

Virus & Spyware

Was this post helpful?