Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Hijackthis log. I found one nasty. What is it ?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Why stupid F-Prot has two icons in the system tray »
« Best firewall for dialup on older computers  
AuthorAll Replies


ronob
I'M Fixin It

join:1999-10-18
Fort Lauderdale, FL

reply to email scope
Re: Hijackthis log. I found one nasty. What is it

said by email scope See Profile:

wmplayer.exe //ICWLaunch
Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine.

There's no use in me submitting anything now. It's gone !
"Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe

Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.

»virusscan.jotti.org/ "
--
I've been to the end of the internet!
to forum · permalink · · 2005-07-03 22:45:43 · Reply to this


email scope

join:2005-03-06
Canada

reply to TheJoker
Logfile of HijackThis v1.99.1
Scan saved at 7:28:47 PM, on 7/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Dell PC\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/windowsupda···42952226
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
-------------

wmplayer.exe //ICWLaunch
Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine.

There's no use in me submitting anything now. It's gone !
to forum · permalink · · 2005-07-03 22:33:32 · Reply to this


TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA

reply to email scope
Re: Hijackthis log. I found one nasty. What is it ?

R1 is for Internet Explorers Search functions and other characteristics. I don't think wmplayer.exe belongs there. There are also several nasites with the same file name.

Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe

Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.

»virusscan.jotti.org/

In the meantime:

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

The two items you fixed were malicious entries that had replaced your default Windows Related links buttons. If you want to restore the Microsoft "Related Links" here is a tool to fix it. »www.mvps.org/winhelp2002/alexa.zip
Unzip, place "related.htm" into your "\WINDOWS\Web" folder Right-click on "RestoreAlexa.reg", select: Merge, and reboot.

Please restart your system and post a new HijackThis log
--
Proud ASAP member since 2005
to forum · permalink · · 2005-07-03 22:22:42 · Reply to this
Forums » Up and Running » Security » SecurityWhy stupid F-Prot has two icons in the system tray »
« Best firewall for dialup on older computers  

Wednesday, 09-Dec 18:46:20 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [198] Sprint Sued For Distracted Driving Death
· [99] AT&T Launching New 24 Mbps U-Verse Tier
· [81] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [63] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [55] AT&T Hints At Usage-Based iPhone Data Pricing
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· MicroSoft Discontinues Sale of Windows 7 Family Pack in US [Microsoft Help]
· Cross Server Dungeon Experience [World of Warcraft]
· TSN2 : Un rêve devenu réalité! [Videotron]
· Windows 7 boot manager editing questions [Microsoft Help]
· Is sleeping similar to being dead? [General Questions]
· Man Downloads Child Porn "Accidentally," Faces 20 Years [Security]
· Adobe Flash Player version 10.0.42.34 [Security]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]
· [Signals] Sb6120 50/10 Signal and firmware Question [Comcast HSI]