|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-27-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Any help appreciatedGo to the Tech-Forums Discussion Home PagePosted by: shoenberg3 Well, I know nothing about computers. But I got a virus called NJSINSTALL and Jocker. Here is my log: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\TurboPlayer\TurboAgent.exe E:\WINDOWS\System32\RUNDLL32.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\QuickTime\qttask.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\WINDOWS\System32\W32RfSA.exe E:\WINDOWS\System32\ctfmon.exe E:\PROGRA~1\AWS\WEATHE~1\Weather.exe E:\Program Files\iPod\bin\iPodService.exe E:\PROGRA~1\AIM\aim.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\UltimateZip 2.7\uzqkst.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe E:\PROGRA~1\MOZILL~1\FIREFOX.EXE E:\fgr.exe E:\fgr.exe E:\fgr.exe E:\fgr.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = [url]http://www.sharempeg.com/find/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = [url]http://www.sharempeg.com/find/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://image.dll/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://image.dll/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://runonce.msn.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://image.dll/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = [url]http://solongas.com/hp.htm?id=80[/url] R3 - Default URLSearchHook is missing O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - E:\WINDOWS\EliteSideBar\EliteSideBar 08.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O4 - HKLM\..\Run: [TurboAgent] E:\Program Files\TurboPlayer\TurboAgent.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "E:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe O4 - HKLM\..\Run: [etbrun] E:\windows\system32\elitegje32.exe O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll O4 - HKCU\..\Run: [romahere] E:\WINDOWS\System32\matrixhere.exe O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] E:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [AIM] E:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Windoxs Update Center] W32RfSA.exe O4 - Startup: UltimateZip Quick Start.lnk = E:\Program Files\UltimateZip 2.7\uzqkst.exe O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AIM Search - res://E:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O15 - Trusted Zone: *.greg-search.com O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - [url]http://dizzo.contents.mylinker.co.kr/module/MyLinker.cab[/url] O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - [url]http://www.seevideo.co.kr/pub/seelive/SLViewer.CAB[/url] O18 - Protocol: start - {53B95211-7D77-11D2-9F82-00104B107C96} - E:\WINDOWS\System32\msxmlpp.dll O20 - AppInit_DLLs: 0o4t60tp81vb.tlb apmeoidvxwze.tlb aps02008ry.tlb tr0sbjltsj8hho.tlb zp2gpugga0n9.tlb fx06upj9h9ptk5.tlb van26uxrvv1zl.tlb c8ihkbn1puk.tlb u180rvsr89lmo.tlb 32jit6zsjzc.tlb sheusjyove.tlb em2oee2e089.tlb s3msoj33utzer.tlb l41g0m4yb9.tlb 2o4wm3xfae8w6j.tlb 4cb8af524v3ze.tlb l1ruky0fzb0.tlb mve1nh4m18w88v.tlb r78msonyfadsac.tlb 9zv73n2ukjk6.tlb wpbo0jpmvd0b.tlb 5rk2uh2eue0e8u.tlb sussopv0jbzhf6.tlb 93rc1pho39p.tlb al5kwfd19hbt.tlb z942o8fl9ic.tlb yxynbc9pv07x.tlb xrsrtwlm5si.tlb aihj5xmuw65v1.tlb O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe Well, I am very much sorry for the bother. PS, During the process of getting the virus, I lost all of the bookmarks I had amassed over the years. Any ideas on getting them back? Posted by: Warez Monster Remove entries at your own risk E:\fgr.exe This is a unknown process. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = [url]http://www.sharempeg.com/find/[/url] This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = [url]http://www.sharempeg.com/find/[/url] This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://image.dll/index.html This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://image.dll/index.html This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url] This entry should be fixed by HijackThis! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://image.dll/index.html This entry should be fixed by HijackThis! R3 - Default URLSearchHook is missing This entry should be fixed by HijackThis! O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll This entry should be fixed by HijackThis! O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - E:\WINDOWS\EliteSideBar\EliteSideBar 08.dll Entries found in this registry zone are potentially nasty. This application ([ED103D9F-3070-4580-AB1E-E5C179C1AE41] - Result: ED103D9F-3070-4580-AB1E-E5C179C1AE41) has been checked. O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - E:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll Entries found in this registry zone are potentially nasty. This application ([825CF5BD-8862-4430-B771-0C15C5CA8DEF] - Result: 825CF5BD-8862-4430-B771-0C15C5CA8DEF) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed O4 - HKCU\..\Run: [romahere] E:\WINDOWS\System32\matrixhere.exe CoolWebSearch parasite related O15 - Trusted Zone: *.greg-search.com If you did not add these pages to your trusted pages, they should be fixed. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |