Options
viruses..help me!
i am pretty sure that my computer is still infected with viruses, also it appears to be unstable because when i am accessing the internet, often my computer will automatically close all of my open folders or internet pages.
here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 3:46:26 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\sebzgn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\shlbth.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Basic\PSBasic.exe
C:\WINDOWS\system32\shahelp.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\98 WINDOWS USER\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://about:blank[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [sebzgn] c:\windows\system32\sebzgn.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [r99S36W] shlbth.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\Program Files\Panicware\Pop-Up Stopper Basic\PSBasic.exe"
O4 - HKCU\..\Run: [ayq2RWapj] shahelp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4BA8BE59-2F5C-4CF3-B0C9-DB1DF7CD8112} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4BA8BE59-2F5C-4CF3-B0C9-DB1DF7CD8112} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9BB9DC26-18E9-47BE-A01C-E4B002678902} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9BB9DC26-18E9-47BE-A01C-E4B002678902} - (no file) (HKCU)
O16 - DPF: {0BE70D5C-CF03-2CDC-34B5-34B734DBCA28} - http://69.50.182.94/1/rdgUS1862.exe
O16 - DPF: {0D4C7CF2-E654-5406-C3A9-036A6C52CC25} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c7.cab
O16 - DPF: {17524FCB-EC46-47E9-EB21-6056048C666B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {36910CF7-D87F-6BF6-3C66-171745DB10AC} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {528897B2-ABDA-4785-1AFF-613C0F72C853} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {6A604E52-EF3F-1C7B-219E-59C16F49AC6B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {72FC5EFB-566F-7335-C7DF-68ED2FE69780} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\ipwh.exe (file missing)
here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 3:46:26 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\sebzgn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\shlbth.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Basic\PSBasic.exe
C:\WINDOWS\system32\shahelp.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\98 WINDOWS USER\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://about:blank[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [sebzgn] c:\windows\system32\sebzgn.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [r99S36W] shlbth.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\Program Files\Panicware\Pop-Up Stopper Basic\PSBasic.exe"
O4 - HKCU\..\Run: [ayq2RWapj] shahelp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4BA8BE59-2F5C-4CF3-B0C9-DB1DF7CD8112} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4BA8BE59-2F5C-4CF3-B0C9-DB1DF7CD8112} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9BB9DC26-18E9-47BE-A01C-E4B002678902} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9BB9DC26-18E9-47BE-A01C-E4B002678902} - (no file) (HKCU)
O16 - DPF: {0BE70D5C-CF03-2CDC-34B5-34B734DBCA28} - http://69.50.182.94/1/rdgUS1862.exe
O16 - DPF: {0D4C7CF2-E654-5406-C3A9-036A6C52CC25} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c7.cab
O16 - DPF: {17524FCB-EC46-47E9-EB21-6056048C666B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {36910CF7-D87F-6BF6-3C66-171745DB10AC} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {528897B2-ABDA-4785-1AFF-613C0F72C853} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {6A604E52-EF3F-1C7B-219E-59C16F49AC6B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {72FC5EFB-566F-7335-C7DF-68ED2FE69780} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\ipwh.exe (file missing)
0
Comments
Please go here and have this file scanned.
C:\windows\system32\packager.exe
Post back the results.
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Go to www.trendmicro.com, and then:
1. Click "Free Online Scan".
2. Click "Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
===============
We need to see if there are any program segments (prefetches) that may be present and are connected with the problems you are having. To do that, please do the following:
1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:
shlbth.exe*
shahelp.exe*
MediaAccess.exe*
CxtPls.exe*
2) Then if any are found in the 'prefetch' folder, delete them.
Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.
===============
Run HiJackThis then:
1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\Program Files\Media Access\MediaAccK.exe
C:\windows\system32\sebzgn.exe
C:\WINDOWS\system32\shlbth.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\shahelp.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\CxtPls\CxtPls.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Now, let's open a command prompt by going to the start menu and then select 'Run'.
In the box that pops up type in 'cmd'. The command prompt will open.
OR
You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u cxtpls.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://about:blank[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [sebzgn] c:\windows\system32\sebzgn.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [r99S36W] shlbth.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [ayq2RWapj] shahelp.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c7.cab
O23 - Service: Remote Procedure Call (RPC) Helper (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\ipwh.exe (file missing)
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"
folders...
C:\Program Files\Media Access
C:\Program Files\AutoUpdate
C:\Program Files\CxtPls
files...
C:\windows\system32\sebzgn.exe
C:\WINDOWS\system32\shlbth.exe
C:\WINDOWS\system32\shahelp.exe
C:\WINDOWS\farmmext.exe
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting your PC, post back a new log and let me know how everything goes.
-
crunchie.