Jump to content


Photo

HiJack This Log and some questions


  • Please log in to reply
2 replies to this topic

#1 msiler

msiler

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 05 July 2004 - 08:14 PM

Logfile of HijackThis v1.97.7
Scan saved at 8:46:02 PM, on 7/5/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\cisvc.exe
D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\gearsec.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
D:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\TSIRCSRV.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Iomega\AutoDisk\ADService.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\MSGTAG\MSGTAG.exe
D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\Program Files\Sony Handheld\HOTSYNC.EXE
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\WINNT\system32\hpoipm07.exe
D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
D:\WINNT\system32\wuauclt.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\MICROS~2\Office\backappl.exe
D:\Download\Spy and Malware\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.ask.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSGTAG] "D:\Program Files\MSGTAG\MSGTAG.exe" /startup
O4 - Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: AboutTime.lnk = D:\Program Files\AboutTime\AboutTime.exe
O4 - User Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - User Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - User Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - User Startup: AboutTime.lnk = D:\Program Files\AboutTime\AboutTime.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywa...r2501031120.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Here are my three recurring problems: (A,B & C)

(A)
These three files show up in HJT but no where else:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

HJT fixes them but they always seem to show up again within a day or so and ALWAYS after I re-boot. If I cannot remove them permanently then is at least possible to change their HOSTS Addresses so they at least do not bring up a website or run anything malicious on my ‘puter?

How do I change a Hosts address?

(B)
These files show up in Adaware but no where else and never get full y cleaned out.
1) VX2 File Data Miner d:\winnt\system32\apaamon.dll
2) VX2 File Data Miner d:\winnt\system32\azsetupc.dll
3) VX2 File Data Miner d:\winnt\system32\axaamon.dll
4) VX2 File Data Miner d:\winnt\system32\dtmv2clt.dll
5) Virtual Bouncer
6) Also, a bunch of different .dll files of various names come and go…I know they are creating problems but can never seem to totally remove them. They refuse to be removed and always come back upon re-boot even after removing them in Safe Mode.

How do I delete .dll files that Spybot S&D or Adaware find?

©
These files show up in Spybot S&D but no where else and never get fully cleaned out.
1) IGETNET

#2 msiler

msiler

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 07 July 2004 - 05:44 AM

Any help would be greatly appreciated...

#3 cghost

cghost

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 131 posts

Posted 07 July 2004 - 10:22 AM

Re hosts file
Check this location for a hosts file-no extension:
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Edit the file to remove the entries in question.
Additional info on hosts file:
http://www.pestpatro...o_Block_Ads.asp

Here are some manual removal comments from doxdesk and pestpatrol for igetnet:
http://www.doxdesk.c...avoriteMan.html
http://www.doxdesk.c...te/IGetNet.html
http://www.pestpatro...clearsearch.asp

Maybe something there will be of some help to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button