Jump to content


Photo

My friends hijackthis log


  • Please log in to reply
2 replies to this topic

#1 Andredaar

Andredaar

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 07 July 2004 - 07:26 PM

Logfile of HijackThis v1.97.7
Scan saved at 5:12:19 PM, on 7/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
C:\LogiTray.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\WINDOWS\mwsvm.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\AIM95\aim.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Program Files\CallWave\IAM.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\mshta.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\SYSTEM32\CS4P028.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\mshta.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\SYSTEM32\CS4P028.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\mshta.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\SYSTEM32\CS4P028.EXE
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXINOLEN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - D:\WINDOWS\System32\cdsm32.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} - D:\WINDOWS\VoiceIP.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - D:\WINDOWS\system32\SWin32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\ISStart.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adstartup] D:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [okpzreplrqjc] D:\WINDOWS\System32\wdxzjj.exe
O4 - HKLM\..\Run: [aqadcup] D:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ClrSchLoader] D:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Internet Answering Machine.lnk = D:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...ml?p=ZNxdm22736
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D23EBC0-3AAA-4931-8DD4-119610EDB4C5}: NameServer = 69.27.136.5 69.27.136.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D23EBC0-3AAA-4931-8DD4-119610EDB4C5}: NameServer = 69.27.136.5 69.27.136.10

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 07 July 2004 - 07:29 PM

First download Ad-Aware 6.0. Install it. Run it and update by hitting the globe in the top right hand corner and then connect. When it sais found new reference file hit ok. Then hit finished.

Secondly hit next and right after than scan. The program should scan for files. Once it is done hit next. Check the boxes fir removal next to all the items in Ad-Aware. Then hit next to start removal. Restart your computer.


Post a new Hijack This log.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 Andredaar

Andredaar

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 07 July 2004 - 08:17 PM

Here is the new log for you. thanks

Logfile of HijackThis v1.97.7
Scan saved at 6:14:07 PM, on 7/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
C:\LogiTray.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\windows\temp\9RP8zwyv.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\AIM95\aim.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\CallWave\IAM.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXINOLEN\HijackThis[1].exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} - D:\WINDOWS\VoiceIP.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\ISStart.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [okpzreplrqjc] D:\WINDOWS\System32\wdxzjj.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [9RP8zwyv] D:\windows\temp\9RP8zwyv.exe
O4 - HKLM\..\Run: [stcloader] D:\WINDOWS\System32\stcloader.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Internet Answering Machine.lnk = D:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...ml?p=ZNxdm22736
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D23EBC0-3AAA-4931-8DD4-119610EDB4C5}: NameServer = 69.27.136.5 69.27.136.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D23EBC0-3AAA-4931-8DD4-119610EDB4C5}: NameServer = 69.27.136.5 69.27.136.10

Edited by Andredaar, 08 July 2004 - 07:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button