1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Making a clean start

Discussion in 'Malware and Virus Removal Archive' started by Ranger SVO, 2006/08/29.

Thread Status:
Not open for further replies.
  1. 2006/08/29
    Ranger SVO

    Ranger SVO Inactive Thread Starter

    Joined:
    2006/05/13
    Messages:
    297
    Likes Received:
    4
    Hello
    I'm going to be changing from dial-up to broadband and changing my anti virus. While my computer seems to be OK, I decided to run Hijackthis.

    While I have no idea what I'm looking at, I noticed alot of Winmx.com things on the log. Winmx has been removed from the system for over 2 years. What are these listings and how do I get rid of them?


    Logfile of HijackThis v1.99.1
    Scan saved at 6:56:54 PM, on 8/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O1 - Hosts: 205.238.40.1 winmx.com
    O1 - Hosts: 205.238.40.1 www.winmx.com
    O1 - Hosts: 205.238.40.1 err.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125799138913
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138159222812
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    If you see any thing strange will you please tell me

    As always I Appreciate you taking you time to help
    Thank you
     
    Ranger SVO,
    #1
  2. 2006/08/29
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hey there Ranger.

    Well moving up to broadband is indeed a big step, compared to dial up. But you don't need me to tell you that. :p

    If you're changing av, I'd ask is it from your current av, Norton to something else? The reason I ask is that Norton has a terrible reputation for leaving alot of junk behind when it is uninstalled and overall it generally seems to go awry.

    You can find some unistallation tips and tools right from Symantec here

    Your log is ok, but those entries into your hosts file certainly don't need to be there. We can fix those easily tho.

    Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

    Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com


    O1 - Hosts: 205.238.40.1 winmx.com
    O1 - Hosts: 205.238.40.1 www.winmx.com
    O1 - Hosts: 205.238.40.1 err.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
    O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
    O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
    O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
    O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com


    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    Reboot your system, those lines should be gone, if so, no need to repost with another log.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2006/08/30
    Ranger SVO

    Ranger SVO Inactive Thread Starter

    Joined:
    2006/05/13
    Messages:
    297
    Likes Received:
    4
    Worked great, thank you again
     
    Ranger SVO,
    #3
  5. 2006/08/30
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Excellent, glad we cold be of service.

    Click on this link for the apps we recommend to keep your PC secure as possible. All are free, and have no conflicts with any other apps, and are time tested to be some of the leading apps in the security field.

    And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
    Calendar of Updates

    Subscribe to update alerts for the most popular security apps here.

    You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
    TeMerc Test Box Forum


    Happy surfing!!
    Tom :D

    Due to resolution this topic is closed.

    If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.
     
    TeMerc,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...