Jump to content


Photo

Another newbie with the HijackThis program


  • Please log in to reply
4 replies to this topic

#1 bowl300z

bowl300z

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 12 July 2004 - 12:20 PM

Help please. I know I just got version 1.98 and will post later.

Logfile of HijackThis v1.97.7
Scan saved at 2:15:35 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\CREATI~1\DrawBoob.exe
C:\documents and settings\kris\local settings\temp\8K1RRp6nS.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\rkqhrg.exe
C:\WINDOWS\dhbrwsr.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\WINDOWS\System32\dpnisapi.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\SCFGWMIT.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\dhsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Documents and Settings\Kris\Local Settings\Temporary Internet Files\Content.IE5\CHEZW1MZ\hjtlog[1].exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50093
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O1 - Hosts: 127.217.159.102 www.symantec.com
O1 - Hosts: 127.64.57.39 securityresponse.symantec.com
O1 - Hosts: 127.103.105.232 symantec.com
O1 - Hosts: 127.50.92.28 www.mcafee.com
O1 - Hosts: 127.57.121.223 mcafee.com
O1 - Hosts: 127.1.109.4 us.mcafee.com
O1 - Hosts: 127.222.11.75 www.sophos.com
O1 - Hosts: 127.81.106.93 sophos.com
O1 - Hosts: 127.253.6.100 www.viruslist.com
O1 - Hosts: 127.88.60.49 viruslist.com
O1 - Hosts: 127.141.14.189 f-secure.com
O1 - Hosts: 127.69.188.233 www.f-secure.com
O1 - Hosts: 127.165.24.148 kaspersky.com
O1 - Hosts: 127.233.254.95 www.avp.com
O1 - Hosts: 127.149.140.69 www.kaspersky.com
O1 - Hosts: 127.77.74.16 avp.com
O1 - Hosts: 127.75.75.31 www.networkassociates.com
O1 - Hosts: 127.245.131.112 networkassociates.com
O1 - Hosts: 127.46.65.9 www.ca.com
O1 - Hosts: 127.255.245.217 ca.com
O1 - Hosts: 127.242.68.181 my-etrust.com
O1 - Hosts: 127.94.188.141 www.my-etrust.com
O1 - Hosts: 127.22.106.91 secure.nai.com
O1 - Hosts: 127.227.72.185 nai.com
O1 - Hosts: 127.13.43.46 www.nai.com
O1 - Hosts: 127.217.165.135 trendmicro.com
O1 - Hosts: 127.60.220.4 www.trendmicro.com
O1 - Hosts: 127.80.141.149 housecall.trendmicro.com
O1 - Hosts: 127.82.106.245 www.pandasoftware.com
O1 - Hosts: 127.116.117.114 www.bitdefender.com
O1 - Hosts: 127.173.98.208 www.ravantivirus.com
O1 - Hosts: 127.134.19.245 www3.ca.com
O1 - Hosts: 127.192.166.185 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.75.8.127 windowsupdate.microsoft.com
O1 - Hosts: 127.190.92.89 www.windowsupdate.com
O1 - Hosts: 127.13.189.138 windowsupdate.com
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {678C3904-BC3C-2BC2-D250-64550DA62F10} - C:\WINDOWS\System32\gemzrf.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {A1625AE1-A2D2-D977-02CB-1301D2C1408F} - C:\PROGRA~1\DEBUGF~1\Online file.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Atomcool - {A420BE34-1C0F-8679-E568-7050B3B795E8} - C:\PROGRA~1\DEBUGF~1\Online file.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Vcinter] C:\PROGRA~1\CREATI~1\DrawBoob.exe
O4 - HKLM\..\Run: [8K1RRp6nS] C:\documents and settings\kris\local settings\temp\8K1RRp6nS.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cio9f.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Kyle\LOCALS~1\Temp\app1B4.tmp
O4 - HKLM\..\Run: [pxdvmek] C:\WINDOWS\System32\rkqhrg.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [DriveStat16] vxdconf32.exe -services
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [inqbcxkl] C:\WINDOWS\inqbcxkl.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [s7sT3qT] dpnisapi.exe
O4 - HKLM\..\Run: [SCFGWMIT] C:\WINDOWS\System32\SCFGWMIT.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [DriveStat16] vxdconf32.exe -services
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [dw33RkfES] eudptext.exe
O4 - HKCU\..\Run: [DriveStat16] vxdconf32.exe -drivers
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Kris\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.miniclip....ll/joystick.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.c.../chedownzip.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C3C724D-F289-4250-B1C9-EE586FEFDE04}: NameServer = 205.188.146.146

#2 bowl300z

bowl300z

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 12 July 2004 - 01:58 PM

Need help please!

#3 bowl300z

bowl300z

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 13 July 2004 - 07:37 AM

Buried again!
Please help me on this. I am unsure if I can take out the Internet Explorer\Main, Search bar keys.

#4 bowl300z

bowl300z

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 13 July 2004 - 03:41 PM

anyone - please help!

#5 bowl300z

bowl300z

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 July 2004 - 04:57 PM

Yeehaw.
Please help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button