Jump to content


Photo

SERIOUS PROBLEM


  • This topic is locked This topic is locked
9 replies to this topic

#1 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 02:38 PM

PLEASE TELL ME WHERE HIJACKTHIS LOG IS SAVED. I NEED AT LEAST THE EXTENSION

I am trying to help a friend here and they apparently downloaded something. I went to my house and burnt ad-aware, mcafee and spybot to a cd. I was able to install mcafee and adaware. adaware found about 120 items I think and mcafee didnt find anything with latest dats. I tried to install spybot and it said something about not able to openthread and rolled back the changes.

Now when I try to open internet exploerer the pages continually reloads nonstop and does not open the website or let you do anything. If you try to open my computer it says this
"Your current security settings prohibit running activex on this page. As a result, the page may not be displayed correctly"

I thian click ok and it is just a blank page. I tried saving a hijack this log but it does not save. I managed to install Opera to get this going and I ran both cwshredder and kill2me. Both came up empty. I am completely stumped at what to do. I cannot even click Open in opera to open the log.

If you tell me where the log is saved to I can pop it open from run by hitting windows key + r

Also, they cant even open the start menu.

PLEASE HELP!

Edited by redx113, 14 July 2004 - 03:16 PM.


#2 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 02:53 PM

Found ad-aware log. Am trying to find hijack this log. Will post asap


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Wednesday, July 14, 2004 2:07:45 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


7-14-2004 2:07:45 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279182221
Threads : 4
Priority : High
FileSize : 524 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1991-2000
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294960493
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:3 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294962453
Threads : 5
Priority : Normal
FileSize : 44 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:4 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952437
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:5 [lexbces.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294844965
Threads : 8
Priority : Normal
FileSize : 296 KB
FileVersion : 8.29
ProductVersion : 8.29
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 11/1/2003 6:39:11 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 8/18/2003 2:37:08 PM

#:6 [rpcss.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294842565
Threads : 5
Priority : Normal
FileSize : 20 KB
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
Copyright : Copyright © Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
OriginalFilename : rpcss.exe
ProductName : Microsoft® Windows NT™ Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:7 [lexpps.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294795865
Threads : 10
Priority : Normal
FileSize : 170 KB
FileVersion : 8.29
ProductVersion : 8.29
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 11/1/2003 6:39:56 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 8/18/2003 2:32:54 PM

#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294817301
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294808789
Threads : 15
Priority : Normal
FileSize : 220 KB
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:10 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294762117
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:11 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294642713
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 1/1/1601
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:12 [avsynmgr.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4294562661
Threads : 4
Priority : Normal
FileSize : 152 KB
Copyright : sof
Created on : 11/20/2001 11:25:22 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 11/20/2001 11:25:22 PM

#:13 [vsstat.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4294475189
Threads : 2
Priority : Normal
FileSize : 96 KB
Copyright :
Created on : 11/20/2001 11:25:24 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 11/20/2001 11:25:24 PM

#:14 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4294456749
Threads : 6
Priority : Normal
FileSize : 116 KB
Copyright : AS
Created on : 11/20/2001 11:25:24 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 11/20/2001 11:25:24 PM

#:15 [avconsol.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4294456661
Threads : 2
Priority : Normal
FileSize : 160 KB
Copyright : AS
Created on : 11/20/2001 11:25:22 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 11/20/2001 11:25:22 PM

#:16 [scan32.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\NETWORK ASSOCIATES\ON DEMAND SCANNER\SCAN32\
ProcessID : 4294608593
Threads : 7
Priority : Normal
FileSize : 324 KB
Copyright : ILE
Created on : 11/20/2001 11:25:24 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 11/20/2001 11:25:24 PM

#:17 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294591069
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 7/14/2004 6:03:36 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : DIALXLITE.DialXLiteCtrl.1


ePlugin Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f57d17ae-ce37-4bc8-b232-ea57747be5e7}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.eunivbho


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.eunivbho.1


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{269b6797-664e-48aa-b283-b012bdf6e525}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : pwrs0108.PWRS0108


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{269B6797-664E-48AA-B283-B012BDF6E525}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerSearch


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{B701A704-F828-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{A80347D3-F757-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{94beb7a2-36b7-46dc-8ad1-81a8332409c0}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarc


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarb


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbara


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Hotbar


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Hotbar


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{DA603411-0593-11D5-A46B-10101DDD1111}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{DA603411-0593-11D5-A46B-10101B1B1111}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{31321312-E1BB-49AB-80EB-13212CA78746}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hotbar.hbtravelcomparebar.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hotbar.hbtravelcomparebar


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbMain.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbMain


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbCommBand.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbCommBand


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbBho


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbToolbar.HbToolbarCtl.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbToolbar.HbToolbarCtl


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hbtoolbar.hbhtmlmenuui.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hbtoolbar.hbhtmlmenuui


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbSrv.HbCoreServices.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbSrv.HbCoreServices


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hbinstie.hbinstobj.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hbinstie.hbinstobj


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbWebmailSend.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbWebmailSend


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbMailAnim.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbMailAnim


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbElementFocus.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbElementFocus


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostIE.HbBho.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreSrv.HbCoreServices.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreSrv.HbCoreServices


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreServices.LfgAx.1


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreServices.LfgAx


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{69fd62b1-0216-4c31-8d55-840ed86b7c8f}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{3ceb882d-6b2b-4d81-a544-9d9b1d6fa945}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{354382db-df55-4da9-85a3-41696a0f510f}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{013A482E-1893-4f49-8D41-AC89156A6955}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\{B701A705-F828-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_USERS
Object : .default\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}


WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSN.1


eUniverse Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value : {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D}


eUniverse Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D}


eUniverse Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\URLSearchHooks
Value : {269B6797-664E-48AA-B283-B012BDF6E525}


HotBar Object recognized!
Type : RegValue
Data : Hotbar 4.4.6.0
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Value : Hotbar 4.4.6.0


HotBar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {B195B3B3-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value : {B195B3B3-8A05-11D3-97A4-0004ACA6948E}


Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data :


Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value : Shell
Data :


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 102
Objects found so far: 102


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar.smartbotpro.net

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://server224.sma.../7search/?hkcu"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://server224.sma.../7search/?hkcu"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar.smartbotpro.net

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://server224.sma.../7search/?hklm"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://server224.sma.../7search/?hklm"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bar.smartbotpro.net

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://server224.sma.../7search/?hkcu"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://server224.sma.../7search/?hkcu"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanthotbar.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://www.hotbar.co...chPageHome.htm"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.hotbar.co...chPageHome.htm"


ePlugin Object recognized!
Type : RegKey
Data : c:\windows\eplugin.ocx
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{A75163E8-2C2C-48D4-BDB6-5B59D9231BEB}


ePlugin Object recognized!
Type : File
Data : eplugin.ocx
Object : c:\windows\
FileSize : 40 KB
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
Copyright : Copyright © 2003
FileDescription : Loader ActiveX Control Module
InternalName : DialXLite
OriginalFilename : EPlugin.OCX
ProductName : Loader ActiveX Control Module
Created on : 5/5/2003 10:26:14 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 5/5/2003 10:26:14 PM



ePlugin Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/EPlugin.ocx

Possible browser hijack attempt : {1167BEEB-1CB0-47C0-A491-1E40B8EF1285} (http://media.euniver...setup_td035.cab)

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1167BEEB-1CB0-47C0-A491-1E40B8EF1285}

Possible browser hijack attempt : {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (http://free.aol.com/...5/aolcdt175.cab)

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D}


ePlugin Object recognized!
Type : RegValue
Data : c:\windows\eplugin.ocx
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\EPlugin.ocx


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 9
Objects found so far: 112


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : sharon@realmedia[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:00 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@findwhat[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/11/2004 11:07:55 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/11/2004 11:07:56 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@z1.adserver[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/11/2004 11:02:07 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/11/2004 11:02:08 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@atdmt[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 2:53:28 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 2:53:30 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@2o7[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:18:55 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:18:56 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@edge.ru4[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:18:53 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:18:54 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@advertising[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:00 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@linksynergy[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:00 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@servedby.advertising[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:00 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@zedo[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:01 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@tmpad[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:01 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@trafficmp[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 3:33:01 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 3:33:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@landing.domainsponsor[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 5:40:59 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 5:41:00 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@gator[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 5:41:01 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 5:41:02 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@revenue[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 5:48:15 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 5:48:16 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@domainsponsor[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 5:48:15 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 5:48:16 PM



Tracking Cookie Object recognized!
Type : File
Data : sharon@doubleclick[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 7/9/2004 5:51:22 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/9/2004 5:51:24 PM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

ePlugin Object recognized!
Type : File
Data : eplugin.inf
Object : c:\windows\downloaded program files\

Created on : 5/4/2003 1:16:40 AM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 5/4/2003 1:16:40 AM



eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_USERS
Object : .default\Software\Visicom Media


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\eUniverse


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Visicom Media


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-000000000000}


eUniverse Object recognized!
Type : Folder
Object : c:\program files\Dynamic Toolbar


eUniverse Object recognized!
Type : File
Data : pwrs0108
Object : c:\program files\dynamic toolbar\

Created on : 2/21/2004 4:50:54 PM
Last accessed : 2/21/2004 4:00:00 AM
Last modified : 2/21/2004 4:50:56 PM



HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{927420A3-7259-4A74-B402-9329177EC3FC}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\HbSrv.EXE


HotBar Object recognized!
Type : Folder
Object : c:\program files\Hotbar


HotBar Object recognized!
Type : Folder
Object : c:\program files\hbinst


HotBar Object recognized!
Type : File
Data : hotbar.log
Object : c:\program files\hotbar\
FileSize : 336 KB
Created on : 6/28/2004 6:55:18 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 7/14/2004 5:58:50 PM



HotBar Object recognized!
Type : File
Data : bin
Object : c:\program files\hotbar\

Created on : 3/6/2004 12:37:57 PM
Last accessed : 3/6/2004 4:00:00 AM
Last modified : 3/6/2004 12:37:58 PM



HotBar Object recognized!
Type : File
Data : hotbar_1088448918.log
Object : c:\program files\hotbar\
FileSize : 495 KB
Created on : 6/14/2004 6:36:11 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/28/2004 6:55:06 PM



HotBar Object recognized!
Type : File
Data : hbinst.exe
Object : c:\program files\hbinst\
FileSize : 364 KB
FileVersion : 4, 4, 5, 1388
ProductVersion : 4, 4, 5, 1388
Copyright : Copyright
CompanyName : Hotbar.com Inc.
FileDescription : HbInst Module
InternalName : HbInst
OriginalFilename : HbInst.EXE
ProductName : Hotbar
Created on : 7/14/2004 4:01:04 PM
Last accessed : 7/14/2004 4:00:00 AM
Last modified : 6/1/2004 2:17:00 PM



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 17
Objects found so far: 146


2:29:28 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:21:40:580
Objects scanned :37780
Objects identified :146
Objects ignored :0
New objects :146

#3 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 02:57 PM

Please tell me where the hijack this log saves and with what filename and extension

#4 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 03:01 PM

This is what it says when i try to install spybot

"Internal Error: failed to expand shell folder constant "userappdata"

Anyone know whats going on here??

#5 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 03:14 PM

PLEASE TELL ME THE FILENAME OF HIJACKTHIS LOG WITH ITS EXTENSION I CANNOT FIND WHERE IT SAVED THE LOG

Here is start up list from the generator in hijack this

StartupList report, 7/14/2004, 4:08:04 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\OPERA75\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OPERA75\OPERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAM FILES\OPERA75\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

McAfeeVirusScanService = C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/7/2004, 14:30:56)

[Rename]
NUL=c:\program files\hbinst\hbinst.exe
NUL=c:\program files\hotbar\hotbar_1088448918.log
NUL=c:\program files\hotbar\bin
NUL=c:\program files\hotbar\hotbar.log
NUL=c:\program files\dynamic toolbar\pwrs0108
NUL=c:\windows\downloaded program files\eplugin.inf
NUL=c:\windows\cookies\sharon@doubleclick[1].txt
NUL=c:\windows\cookies\sharon@domainsponsor[2].txt
NUL=c:\windows\cookies\sharon@revenue[2].txt
NUL=c:\windows\cookies\sharon@gator[1].txt
NUL=c:\windows\cookies\sharon@landing.domainsponsor[1].txt
NUL=c:\windows\cookies\sharon@trafficmp[1].txt
NUL=c:\windows\cookies\sharon@tmpad[1].txt
NUL=c:\windows\cookies\sharon@zedo[1].txt
NUL=c:\windows\cookies\sharon@servedby.advertising[1].txt
NUL=c:\windows\cookies\sharon@linksynergy[1].txt
NUL=c:\windows\cookies\sharon@advertising[2].txt
NUL=c:\windows\cookies\sharon@edge.ru4[2].txt
NUL=c:\windows\cookies\sharon@2o7[2].txt
NUL=c:\windows\cookies\sharon@atdmt[2].txt
NUL=c:\windows\cookies\sharon@z1.adserver[1].txt
NUL=c:\windows\cookies\sharon@findwhat[1].txt
NUL=c:\windows\cookies\sharon@realmedia[1].txt
NUL=c:\windows\eplugin.ocx

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------


Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

[Create & Print ActiveX Plug-in]
InProcServer32 = C:\WINDOWS\SYSTEM\AXCTP.DLL
CODEBASE = http://di.imgag.com/...stall/AxCtp.cab

[{F57D17AE-CE37-4BC8-B232-EA57747BE5E7}]
CODEBASE = http://66.230.146.53/EPlugin.cab

[{DCB709B4-4142-411A-8E9F-F265AE2B7BDE}]
CODEBASE = http://www.myfreecur...ors/default.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGCC.OCX
CODEBASE = http://aolcc.aol.com...kup/qdiagcc.cab

[Creative Toolbox Plug-in]
InProcServer32 = C:\WINDOWS\SYSTEM\CRUSHER.DLL
CODEBASE = http://www.imgag.com...all/Crusher.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://fpdownload.ma...ector/swdir.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...8166.5018171296

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 6,622 bytes
Report generated in 0.559 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#6 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 03:59 PM

BUMP

Please for the love of god help me. I went under internet options than security and the settings are actually blank. what on earth is going on?

#7 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 July 2004 - 04:40 PM

Here i am on my computer. Wow no wonder i couldnt find the hijackthis log. It never popped up asking me where to save the file. What exactly am I suppose to do for my friend? She has very important documents on there that she cannot lose and there is no way to access them from within windows not even in safe mode. In safe mode even it says that activex deal.

Does anything from that startup list look odd to you guys? I don't know how I can show you whats going on with her computer. I tried everything imaginable to try to fix this.

#8 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 15 July 2004 - 03:46 AM

If I were to put Windows XP on her computer and choose Upgrade would that keep all her documents? This is really the only thing I can think of to do at this point.

#9 redx113

redx113

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 July 2004 - 03:32 AM

In any case. I figured it out. I typed in regedit figuring I'd take a look around and it said problem accessing registry than I googled real fast repair registry and I seen scanreg. BINGO.. I typed scanreg into run it popped up saying problem accessing registry and restoring a backup. After restarting all was back to normal. I rescanned with ad-aware, spybot, and norton. ad-aware foudn around 120 things(which was returned when the backup of the registry was restored), spybot found about 5 things, one that most stood out was DSO Exploit. I than set norton to autoscan and autoupdate and told them to scan with spybot and ad-aware at LEAST once a week. I also put the sdhelper on in spybot. Either that or the teatimer. The one that blocks bad downloads in IE. The other constantly popups up asking about registry changes I know they would get sick of that.

After doing that, I got the latest patches and such via windows update and than installed goback for them. Hopefully all this will be enough to keep their problems to a minimum and I won't have to go over there again trying to fix the computer.

#10 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 16 July 2004 - 03:20 PM

Glad you got it fixed.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button