TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to email scope
Re: Hijackthis log. I found one nasty. What is it ?
R1 is for Internet Explorers Search functions and other characteristics. I don't think wmplayer.exe belongs there. There are also several nasites with the same file name.
Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe
Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.
»virusscan.jotti.org/
In the meantime:
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
The two items you fixed were malicious entries that had replaced your default Windows Related links buttons. If you want to restore the Microsoft "Related Links" here is a tool to fix it. »www.mvps.org/winhelp2002/alexa.zip
Unzip, place "related.htm" into your "\WINDOWS\Web" folder Right-click on "RestoreAlexa.reg", select: Merge, and reboot.
Please restart your system and post a new HijackThis log
--
Proud ASAP member since 2005 |
|
email scope
join:2005-03-06
Canada
| Re: Hijackthis log. I found one nasty. What is it
Logfile of HijackThis v1.99.1
Scan saved at 7:28:47 PM, on 7/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Dell PC\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/windowsupda···42952226
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
-------------
wmplayer.exe //ICWLaunch
Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine. 
There's no use in me submitting anything now. It's gone !  |
|
ronob
I'M Fixin It
join:1999-10-18
Fort Lauderdale, FL
| said by email scope  :wmplayer.exe //ICWLaunch Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine. There's no use in me submitting anything now. It's gone ! "Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe
Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.
»virusscan.jotti.org/ "
--
I've been to the end of the internet! |
|
