Eddy
10
This is the result of my HijackThis Log Analyzer:
THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
\program files\theweathernetwork\weathereye\weathereye.exe
r1 - hkcu\software\microsoft\internet explorer,search = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\internet explorer,searchurl = http://weba.directwebsearch.net/search.html
r1 - hklm\software\microsoft\internet explorer,search = http://weba.directwebsearch.net/search.html
r1 - hklm\software\microsoft\internet explorer,searchurl = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\internet explorer\main,default_search_url = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\internet explorer\main,search bar = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://weba.directwebsearch.net/search.html
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://weba.directwebsearch.net/search.html
r1 - hklm\software\microsoft\internet explorer\main,search bar = http://weba.directwebsearch.net/search.html
r1 - hklm\software\microsoft\internet explorer\main,search page = http://weba.directwebsearch.net/search.html
r0 - hklm\software\microsoft\internet explorer\main,start page = http://weba.directwebsearch.net/index.html
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\internet explorer\search,customizesearch = http://weba.directwebsearch.net/search.html
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = http://weba.directwebsearch.net/search.html
r0 - hklm\software\microsoft\internet explorer\search,customizesearch = http://weba.directwebsearch.net/search.html
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = localhost
o1 - hosts: 69.31.79.101 auto.search.msn.com
o1 - hosts: 69.31.79.101 auto.search.msn.com
o2 - bho: (no name) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - (no file)
o4 - hklm..\run: [fcnmjyf] c:\windows\fcnmjyf.exe
o4 - hklm..\run: [hwxcfsj] c:\windows\hwxcfsj.exe
o4 - hklm..\run: [windows sa] c:\program files\windowssa\omniscient.exe
o4 - hkcu..\run: [weathereye] c:\program files\theweathernetwork\weathereye\weathereye.exe
o16 - dpf: {00b71cfb-6864-4346-a978-c0a14556272c} (checkers class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
o16 - dpf: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe
o16 - dpf: {2917297f-f02b-4b9d-81df-494b6333150b} (minesweeper flags class) - http://messenger.zone.msn.com/binary/minesweeper.cab31267.cab
o16 - dpf: {41f17733-b041-4099-a042-b518bb6a408c} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/quicktimeinstaller.exe
o16 - dpf: {665585fd-2068-4c5e-a6d3-53ac3270ecd4} (filesharingctrl class) - http://appdirectory.messenger.msn.com/appdirectory/p4apps/filesharing/en/filesharingctrl.cab
o16 - dpf: {8e0d4de5-3180-4024-a327-4dfad1796a8d} (messengerstatsclient class) - http://messenger.zone.msn.com/binary/messengerstatsclient.cab
o16 - dpf: {9aa73f41-ec64-489e-9a73-9cd52e528bc4} (zoneaxrcmgr class) - http://messenger.zone.msn.com/binary/zaxrcmgr.cab
o16 - dpf: {a3009861-330c-4e10-822b-39d16ec8829d} (cravonline object) - http://www.ravantivirus.com/scan/ravonline.cab
o16 - dpf: {ab86ce53-ac9f-449f-9399-d8abca09ec09} (get_activex control) - https://h17000.www1.hp.com/ewfrf-java/secure/hpgetdownloadmanager.ocx
o16 - dpf: {b9191f79-5613-4c76-aa2a-398534bb8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
o16 - dpf: {fe1a240f-b247-4e06-a600-30e28f5af3a0} - file://c:\install.cab
HARMFULL ITEMS IN THE DOCUMENTS AND SETTINGS FOLDER(S) :
Nothing found.
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
o4 - hklm..\run: [cammonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
o4 - hklm..\run: [hphupd05] c:\program files\hewlett-packard{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
o4 - hklm..\run: [roxioengineutility] “c:\program files\common files\roxio shared\system\engutil.exe”
o4 - hklm..\run: [roxiodragtodisc] “c:\program files\roxio\easy cd creator 6\dragtodisc\drgtodsc.exe”
o4 - hklm..\run: [hp software update] “c:\program files\hewlett-packard\hp software update\hpwuschd2.exe”
o4 - hklm..\run: [tkbellexe] “c:\program files\common files\real\update_ob\realsched.exe” -osboot
o4 - hkcu..\run: [ldm] c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe
o4 - hkcu..\run: [msnmsgr] “c:\program files\msn messenger\msnmsgr.exe” /background
o4 - startup: wkcalrem.lnk = c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe