Computer Forums - View Single Post

southernlady · 12-01-2004, 08:19 PM

mkuljanin, you are running hijackthis out of a temporary directory on your desktop. That creates problems if you do.

Create a folder on your hard drive somewhere like in "My Documents" or in My Programs but NOT on the desktop or in a temporary folder. Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder.

When you have done this, then make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m

R3 - Default URLSearchHook is missing

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [wmwbvkmygka] C:\WINDOWS\system32\prxyqkwu.exe

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...X19105/thin.cab

Restart to safe mode.
http://service1.symantec.com/SUPPORT...01052409420406

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete this file:
C:\WINDOWS\system32\prxyqkwu.exe

12-01-2004, 08:19 PM	#7 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	mkuljanin, you are running hijackthis out of a temporary directory on your desktop. That creates problems if you do. Create a folder on your hard drive somewhere like in "My Documents" or in My Programs but NOT on the desktop or in a temporary folder. Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder. When you have done this, then make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked' R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m R3 - Default URLSearchHook is missing O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [wmwbvkmygka] C:\WINDOWS\system32\prxyqkwu.exe O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...X19105/thin.cab Restart to safe mode. http://service1.symantec.com/SUPPORT...01052409420406 Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" Now find and delete this file: C:\WINDOWS\system32\prxyqkwu.exe __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!