hey my homepage has been hijacked by razorspyware, and i been loking at the other posts but i cnt work ot which stuff i need to delete on hijack this cz my stuff is differant.
hijack this says
Logfile of HijackThis v1.99.1 Scan saved at 03:26:53, on 10/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\\WINDOWS\\System32\\smss.exe C:\\WINDOWS\\system32\\winlogon.exe C:\\WINDOWS\\system32\\services.exe C:\\WINDOWS\\system32\\lsass.exe C:\\WINDOWS\\system32\\Ati2evxx.exe C:\\WINDOWS\\system32\\svchost.exe C:\\WINDOWS\\System32\\svchost.exe C:\\WINDOWS\\system32\\LEXBCES.EXE C:\\WINDOWS\\system32\\LEXPPS.EXE C:\\WINDOWS\\system32\\spoolsv.exe C:\\WINDOWS\\system32\\cisvc.exe C:\\Program Files\\Network Associates\\McAfee Desktop Firewall for Windows XP\\FireSvc.exe C:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe C:\\Program Files\\Network Associates\\VirusScan\\Mcshield.exe C:\\Program Files\\Network Associates\\VirusScan\\VsTskMgr.exe C:\\WINDOWS\\System32\\snmp.exe C:\\WINDOWS\\system32\\mqsvc.exe C:\\WINDOWS\\system32\\mqtgsvc.exe C:\\WINDOWS\\Explorer.EXE C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe C:\\WINDOWS\\stsystra.exe C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe C:\\WINDOWS\\system32\\dla\\tfswctrl.exe C:\\Program Files\\iTunes\\iTunesHelper.exe C:\\Program Files\\QuickTime\\qttask.exe C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe C:\\Program Files\\iPod\\bin\\iPodService.exe C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe C:\\Program Files\\Dell Support\\DSAgnt.exe C:\\Program Files\\Digital Line Detect\\DLG.exe C:\\Program Files\\Dell Photo Printer 720\\dlbcserv.exe C:\\Program Files\\Network Associates\\McAfee Desktop Firewall for Windows XP\\FireTray.exe C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe C:\\WINDOWS\\system32\\cidaemon.exe C:\\Program Files\\LimeWire\\LimeWire.exe C:\\Program Files\\MSN Messenger\\msnmsgr.exe C:\\DOCUME~1\\AndyN\\LOCALS~1\\Temp\\Temporary Directory 1 for hijackthis.zip\\HijackThis.exe C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE C:\\DOCUME~1\\AndyN\\LOCALS~1\\Temp\\Temporary Directory 3 for hijackthis.zip\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL =
- (no file) R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75}
- C:\\Program Files\\MyWaySA\\SrchAsDe\\deSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\ActiveX\\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\\Program Files\\MyWaySA\\SrchAsDe\\deSrcAs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\\WINDOWS\\system32\\dla\\tfswshx.dll O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} - C:\\WINDOWS\\system32\\sxpdr32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe O4 - HKLM\\..\\Run: [DVDLauncher] "C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe" O4 - HKLM\\..\\Run: [RealTray] C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup O4 - HKLM\\..\\Run: [ISUSScheduler] "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe" -start O4 - HKLM\\..\\Run: [McAfeeUpdaterUI] "C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\\..\\Run: [ShStatEXE] "C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE" /STANDALONE O4 - HKLM\\..\\Run: [Network Associates Error Reporting Service] "C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe" O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\WINDOWS\\system32\\NeroCheck.exe O4 - HKLM\\..\\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\\..\\Run: [dla] C:\\WINDOWS\\system32\\dla\\tfswctrl.exe O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe" O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe"
-atboottime O4 - HKLM\\..\\Run: [-2147483646] C:\\WINDOWS\\system32\\winuc386.exe O4 - HKLM\\..\\Run: [MessengerPlus3] "C:\\Program Files\\MessengerPlus!
3\\MsgPlus.exe" O4 - HKLM\\..\\Run: [WinPatrol] C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe O4 - HKCU\\..\\Run: [DellSupport] "C:\\Program Files\\Dell Support\\DSAgnt.exe" /startup O4 - HKCU\\..\\Run: [Yahoo! Pager] C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe-quiet O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\\Program Files\\Dell Photo Printer
720\\dlbcserv.exe O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\\program files\\google\\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\\program files\\google\\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\\program files\\google\\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\\program files\\google\\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\\program files\\google\\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\\program files\\google\\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_05\\bin\\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_05\\bin\\npjpi150_05.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\WINDOWS\\system32\\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -- C:\\Program Files\\Yahoo!\\Common\\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
-
-
- C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\\WINDOWS\\system32\\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc.
- C:\\Program Files\\Network Associates\\VirusScan\\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\\Program Files\\Network Associates\\VirusScan\\VsTskMgr.exe
so if anyone can help me nail this thing wuld be very grateful!
andy