[Any help appreciated] -
Any help appreciated
Discuss Any help appreciated
Posted by: shoenberg3
Well, I know nothing about computers. But I got a virus called NJSINSTALL and Jocker. Here is my log:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\TurboPlayer\TurboAgent.exe
E:\WINDOWS\System32\RUNDLL32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\System32\W32RfSA.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\AWS\WEATHE~1\Weather.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\AIM\aim.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\UltimateZip 2.7\uzqkst.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\fgr.exe
E:\fgr.exe
E:\fgr.exe
E:\fgr.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = [url]http://www.sharempeg.com/find/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = [url]http://www.sharempeg.com/find/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://image.dll/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://image.dll/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://runonce.msn.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://image.dll/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = [url]http://solongas.com/hp.htm?id=80[/url]
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - E:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [TurboAgent] E:\Program Files\TurboPlayer\TurboAgent.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "E:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [etbrun] E:\windows\system32\elitegje32.exe
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [romahere] E:\WINDOWS\System32\matrixhere.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] E:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [AIM] E:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - Startup: UltimateZip Quick Start.lnk = E:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://E:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - [url]http://dizzo.contents.mylinker.co.kr/module/MyLinker.cab[/url]
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - [url]http://www.seevideo.co.kr/pub/seelive/SLViewer.CAB[/url]
O18 - Protocol: start - {53B95211-7D77-11D2-9F82-00104B107C96} - E:\WINDOWS\System32\msxmlpp.dll
O20 - AppInit_DLLs: 0o4t60tp81vb.tlb apmeoidvxwze.tlb aps02008ry.tlb tr0sbjltsj8hho.tlb zp2gpugga0n9.tlb fx06upj9h9ptk5.tlb van26uxrvv1zl.tlb c8ihkbn1puk.tlb u180rvsr89lmo.tlb 32jit6zsjzc.tlb sheusjyove.tlb em2oee2e089.tlb s3msoj33utzer.tlb l41g0m4yb9.tlb 2o4wm3xfae8w6j.tlb 4cb8af524v3ze.tlb l1ruky0fzb0.tlb mve1nh4m18w88v.tlb r78msonyfadsac.tlb 9zv73n2ukjk6.tlb wpbo0jpmvd0b.tlb 5rk2uh2eue0e8u.tlb sussopv0jbzhf6.tlb 93rc1pho39p.tlb al5kwfd19hbt.tlb z942o8fl9ic.tlb yxynbc9pv07x.tlb xrsrtwlm5si.tlb aihj5xmuw65v1.tlb
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
Well, I am very much sorry for the bother.
PS, During the process of getting the virus, I lost all of the bookmarks I had amassed over the years. Any ideas on getting them back?
Posted by: Warez Monster
Remove entries at your own risk
E:\fgr.exe This is a unknown process.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = [url]http://www.sharempeg.com/find/[/url] This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = [url]http://www.sharempeg.com/find/[/url] This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://image.dll/index.html This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://image.dll/index.html This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://image.dll/index.html This entry should be fixed by HijackThis!
R3 - Default URLSearchHook is missing This entry should be fixed by HijackThis!
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll This entry should be fixed by HijackThis!
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - E:\WINDOWS\EliteSideBar\EliteSideBar 08.dll Entries found in this registry zone are potentially nasty. This application ([ED103D9F-3070-4580-AB1E-E5C179C1AE41] - Result: ED103D9F-3070-4580-AB1E-E5C179C1AE41) has been checked.
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll Entries found in this registry zone are potentially nasty. This application ([825CF5BD-8862-4430-B771-0C15C5CA8DEF] - Result: 825CF5BD-8862-4430-B771-0C15C5CA8DEF) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed
O4 - HKCU\..\Run: [romahere] E:\WINDOWS\System32\matrixhere.exe CoolWebSearch parasite related
O15 - Trusted Zone: *.greg-search.com If you did not add these pages to your trusted pages, they should be fixed.