Your help is urgently needed.

  1. 12-05-2005  #1
    bazza
    bazza is offline Newbie

    Your help is urgently needed.

    Hi,
    i seem to have search extender,shopping wizard & search assistant on my Pc.Can you pls help me fix this problem.I attack a log from Hijack this.
    Regards
    Bas

    Logfile of HijackThis v1.99.1
    Scan saved at 13:25:57, on 12/05/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\My Downloads\Tmntsrv.exe
    C:\My Downloads\tmproxy.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\My Downloads\PccPfw.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\sdkso.exe
    C:\My Downloads\PCCGUIDE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Baz\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uetvi.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {4041EABD-86A3-16CA-7FDF-786770B938ED} - C:\WINDOWS\system32\mfcdc.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [sdkso.exe] C:\WINDOWS\system32\sdkso.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\RunOnce: [msrs.exe] C:\WINDOWS\msrs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\My Downloads\PccPfw.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\My Downloads\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\My Downloads\tmproxy.exe

  3. 12-05-2005  #2
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,bazza & Welcome

    First thing

    Please change the location of HijackThis.exe.
    Create a new folder in your C: Drive
    Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
    It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
    This way you can undo any changes if something goes wrong

    Then please run a new scan for us that is one odd looking logfile
    try it again please & post all of the logfile.

    HGD
+ Reply to Thread
« HJT Log - Major Win XP (SP2) Problems | Does Windows Firewall Have Enough security??? »