Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Accidently Deleted...

Started by igispacer , Nov 02 2003 05:42 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 igispacer

igispacer

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 02 November 2003 - 05:42 AM

Hi everyone! I deleted some file (in the folowing post you'll see what) and i;am afraid that i shouldn't do that but it seemed to me that it wasn't there before. It' something like ../3573244.exe in the HKLM-not anymore there. Have i done something wrong and besiedes, can i somehow delete some R3 UrlHokk...
thanks in front!
Logfile of HijackThis v1.94.0
Scan saved at 12:14:59 PM, on 11/2/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)<<<<<<<<<<<<<<<<<<-----------this is what i can't delete!!!!!!!!!!!
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
here was some ..../3573244.exe <<<<<-----------------------------i deleted preety easy so i got afraid that i deleted something important!!!!
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


igispacer

    Advertisements

Register to Remove

#2 ChrisRLG

ChrisRLG

    Emeritus-Spyware Fighter

  • Authentic Member
  • PipPipPipPipPip
  • 3,855 posts

Posted 02 November 2003 - 05:54 AM

Don't know as I am not an expert yet (At SWI I am a 'advanced member'), but did you save the hijackthis file that was produced, you should be able to get hijackthis to restore it. BUT most files with just numbers are very xxxxxx. Do you know what these two are as they are not in pacmans startup list. Does not mean that they are bad, just means I don't know. O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
Posted Image

Posted Image

Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."

#3 ChrisRLG

ChrisRLG

    Emeritus-Spyware Fighter

  • Authentic Member
  • PipPipPipPipPip
  • 3,855 posts

Posted 02 November 2003 - 05:56 AM

Replied to your other post.
Posted Image

Posted Image

Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."

#4 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 02 November 2003 - 06:42 AM

@Chris! thanks for reply, but u didn't saved log of that file so i can't restore it. Do you have any idea on how to delete that R3? About those files you asked, G-vga has to something with my graphic card 'cause i have Gygabite radeon, and that asus-probe is related with something on my motherboard cause it's ASUS-as understandable! It's all OK! thanks again jiggy

#5 TonyKlein

TonyKlein

    Forum God

  • Malware Expert
  • 188 posts

Posted 02 November 2003 - 06:49 AM

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)<<<<<<<<<<<<<<<<<<-----------this is what i can't delete!!!!!!!!!!!

It's because you're running an old version of Hijack This. It can't handle these cunningly hacked registry keys (notethe backslash preceding "_{CFBFAE00-17A6....."

Download the latest version from http://tomcoyote.org/hjt/ , and run it.

It will delete that one without a prob.
Tony Posted Image CLSID List - A Collection of Autostart Locations

#6 TonyKlein

TonyKlein

    Forum God

  • Malware Expert
  • 188 posts

Posted 02 November 2003 - 06:50 AM

Sorry... :blink:

Edited by TonyKlein, 02 November 2003 - 07:51 AM.

Tony Posted Image CLSID List - A Collection of Autostart Locations

#7 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 02 November 2003 - 09:57 AM

The thing you accidentally fixed: O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe is SoftModem Messaging Applet All you did was disable it as a startup - the file is still there and can be run manually when needed. Or you can run HijackThis, click Config->Backups, and restore anything you like.
Microsoft MVP Windows-Security 2005 Posted Image
The Boot camp at Spywareinfo.com

#8 igispacer

igispacer

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 03 November 2003 - 01:59 AM

Just to say thanks to all of you, we fixed the problems! Great forum! Jiggy

#9 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 03 November 2003 - 09:53 AM

Glad we could help, igispacer. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows-Security 2005 Posted Image
The Boot camp at Spywareinfo.com

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·