Can someone have a look at this logfile? (Hijackthis)

Discussion in 'Computer Security' started by Ranger, Apr 27, 2004.

  1. Ranger

    Ranger Guest

    A friend of mine have experienced problems with his computer and i think
    he's got a lot of spyware loaded. He did a scan and send me his logfile. I
    would appreciate it if someone will have a look at it and tell me what can
    be deleted (fixed) by Hijackthis. Here it comes ...

    Logfile of HijackThis v1.97.7
    Scan saved at 12:33:46, on 25-4-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\BLSTAPP.EXE
    C:\PROGRAM FILES\ICQ\ICQLITE\ICQLITE.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\NETDDE.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www/ie/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://searchbar.linksummary.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer aangeboden door @Home Versie 1.7
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,AutoConfigURL = http://proxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = <local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    http://searchbar.linksummary.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
    FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM
    FILES\HTTPER\HTTPER.DLL
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} -
    C:\WINDOWS\SYSTEM\AHIEHELP.DLL
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program
    Files\ICQ\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
    O4 - HKLM\..\RunServices: [MiniLog]
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
    deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAM
    FILES\ICQ\ICQLITE\ICQLITE.EXE -trayboot
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Add to filterlist (WebWasher) -
    http://-Web.Washer-/ie_add
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
    C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: Translator (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: @Home (HKCU)
    O12 - Plugin for .mts: C:\Program
    Files\MetaCreations\MetaStream\npmetastream.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37871.383912037
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab


    Thanx for your help ...
     
    Ranger, Apr 27, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cynthia K.

    Help analyze HijackThis logfile, Please

    Cynthia K., Jul 12, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    535
    °Mike°
    Jul 15, 2004
  2. Lord Retsudo

    608180.net problem - hijackthis logfile help req!

    Lord Retsudo, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,207
    °Mike°
    Aug 9, 2004
  3. Bob D

    Hijackthis logfile help

    Bob D, Aug 12, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    439
    °Mike°
    Aug 12, 2004
  4. CHUNTY

    Hijackthis logfile.

    CHUNTY, Oct 14, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    483
    The Tech Guy
    Oct 15, 2004
  5. shnooganshnoogans
    Replies:
    0
    Views:
    735
    shnooganshnoogans
    Mar 22, 2007
Loading...

Share This Page