Jump to content

Very annoying problem, need fix ASAP

WutangFlu

By WutangFlu
in Tech and Computers

 Share

Recommended Posts

WutangFlu

WutangFlu

Posted
Posted

half the time when i google something and i click a link it redirects me to some random site thats unrelated..

 

 

 

and i have to do school work so i cant get very far without information..

 

 

 

hers my HJT log.

 

also when i try to run ad-aware or something it freezes when it hits this one file/folder im my Local Settings/Temp/Temporary internet files/IE.5/ or something like that so i cant really remove it if its spyware.. ive tried manually deleting it but my comp freezes when i try.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:36:46 PM, on 4/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\csrss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

C:\WINDOWS\system32\LEXPPS[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Windows Media Connect 2\wmccds[Caution: Executable File]

C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

C:\WINDOWS\System32\alg[Caution: Executable File]

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb[Caution: Executable File]

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag[Caution: Executable File]

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim[Caution: Executable File]

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director[Caution: Executable File]

C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1[Caution: Executable File]

C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

C:\Program Files\Adobe\Photoshop 7.0\Photoshop[Caution: Executable File]

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

C:\WINDOWS\system32\imapi[Caution: Executable File]

C:\WINDOWS\explorer[Caution: Executable File]

C:\Random\Sys-tools\HijackThis[Caution: Executable File]



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: Executable File]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Link to comment
Share on other sites
blade995

blade995

Posted
Posted
C:\WINDOWS\explorer.e3e (CAUTION - executable file)

 

 

 

Im not to good with HJT, but i think that may be one of your problems lol ;)

 

 

 

DO NOT delete this.

 

 

 

This is a Windows file that you cannot run your computer without.

goldenblade995.png
Link to comment
Share on other sites
Mercifull

Mercifull

Posted
Posted

For a start wheres your anti vir8us or firewall? Its no wonder your pc has been compromised...

 

 

 

Try running Spybot and Ad-aware etc in safe mode and then check your HOSTS file for any dodgy entries.

 

C:/Windows/system32/drivers/etc/HOSTS

 

pay particular attention for stuff that says something like...

 

64.24.68.27 google.com (note made up ip)

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites
Albosky

Albosky

Posted
Posted

ya know Mercifull , if you werent a full time Off-topic'r , id stick a techhead emblem on you without even asking :P

 

 

 

great advice :)

I like to fart silently but deadly in movie theaters
Ard Choille says (11:41 PM):

I wouldn't dare tell you what to do m'dear

Link to comment
Share on other sites
WutangFlu

WutangFlu

Posted
  • Author
Posted

no protection for me, although i have a hardware firewall (router)...

 

 

 

i use to have an anti-virus but it slowed down my comp to a crawl so i just removed it...

 

 

 

this is the first problem ive had in a LONG time... ever since that last damn windows update...

Link to comment
Share on other sites
Mercifull

Mercifull

Posted
Posted

I dont really see the point in trying to help someone who doesnt care about their security so some1 else can help you if they want... :-/

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept