Hijackthis logfile help

Discussion in 'Computer Support' started by Bob D, Aug 12, 2004.

  1. Bob D

    Bob D Guest

    Could someone take a look at the hijack this logfile and tell me what
    to fix? I hope this wasn't a double post but I couldn't find the first
    post. Thanks, Bob


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.dzymcwcewgvydry.net/za0O1zHD2tao0dsyKQ_aTF4gjSZoCpq0ZEtcGxKd8KY.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    = http://www.icpkwwphlmcyybisehyalxz....90obuG66dU5ip148ftke_LqfB8lVDUURAJRgUBspL.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.emachines.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
    - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N2 - Netscape 6: user_pref("browser.startup.homepage",
    "http://www.oovxdijqrfbfc.net/za0O1zHD2tao0dsyKQ_aTOLvsaIt8pZuZEtcGxKd8KY.php");\nuser_pref("browser.startup.page",
    1); (C:\Documents and Settings\Kevin\Application
    Data\Mozilla\Profiles\default\rcqc9ax8.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO -
    {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} -
    C:\DOCUME~1\Kevin\LOCALS~1\Temp\drahniw.dat
    O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} -
    C:\DOCUME~1\Kevin\LOCALS~1\Temp\drahniw.dat
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
    C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} -
    C:\PROGRA~1\POWERS~1\Toolbar\pwrswmda.dll (file missing)
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no
    file)
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Uqxt.exe
    O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
    Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check]
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\version.exe
    O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\System32\ezbndlwr.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    O4 - HKLM\..\Run: [LoadGolfCourses] C:\Program
    Files\Mini-Golf\LoadGolfCourses.exe
    O4 - HKLM\..\Run: [64 mode] C:\PROGRA~1\FLAWLO~1\SupportEq.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open
    Site\opensite.exe"
    O4 - HKLM\..\Run: [winhard] C:\WINDOWS\security\Database\winhard.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
    Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [MPEG SITE PROC BYTE] C:\Documents and Settings\All
    Users\Application Data\Meetsoftwarempegsite\Ref Grey.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
    Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common
    Files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Startup: Virtual Bouncer.lnk = C:\Program
    Files\VBouncer\VirtualBouncer.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: updater.lnk = C:\Program Files\Common
    Files\updater\wupdater.exe
    O8 - Extra context menu item: Ask Jeeves Search -
    javascript:external.menuArguments.location.href="javascript:AskBarcommand='cmd-search-selection'"
    O8 - Extra context menu item: Coupons - file://C:\Program
    Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Dictionary Search -
    javascript:external.menuArguments.location.href="javascript:AskBarcommand='cmd-search-selection-word'"
    O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} -
    C:\Program Files\WhistleSoftware\WselServices\webband.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
    C:\Program Files\ICQ\ICQ.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ -
    {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
    - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O10 - Broken Internet access because of LSP provider
    'c:\windows\system32\inetadpt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: Yahoo! Literati -
    http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
    http://chat.yahoo.com/cab/yacsui.cab
     
    Bob D, Aug 12, 2004
    #1
    1. Advertising

  2. Bob D

    madmax Guest

    Bob D wrote:

    > Could someone take a look at the hijack this logfile and tell me what
    > to fix? I hope this wasn't a double post but I couldn't find the first
    > post. Thanks, Bob

    <snip log>

    Try posting in computer cops forum.
    Here is a link to a HijackThis Log analyzer.
    http://members.home.nl/edeijl/acred/cleaning.htm
    (the program is at the bottom of page)
    -max
    --
    To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
    This message is virus free as far as I can tell.
    Change nomail.afraid.org to neo.rr.com so you can reply
    (nomail.afraid.org has been set up specifically for
    use in Usenet. Feel free to use it yourself.)
     
    madmax, Aug 12, 2004
    #2
    1. Advertising

  3. Bob D

    mark mandel Guest

    "Bob D" <> wrote in message
    news:...
    > Could someone take a look at the hijack this logfile and tell me what
    > to fix? I hope this wasn't a double post but I couldn't find the first
    > post. Thanks, Bob
    >
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >

    http://www.dzymcwcewgvydry.net/za0O1zHD2tao0dsyKQ_aTF4gjSZoCpq0ZEtcGxKd8KY.html
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.emachines.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    > =

    http://www.icpkwwphlmcyybisehyalxz....90obuG66dU5ip148ftke_LqfB8lVDUURAJRgUBspL.htm
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    > =
    > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > http://www.emachines.com/
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    > =
    > R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
    > - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    > F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    > N2 - Netscape 6: user_pref("browser.startup.homepage",
    >

    "http://www.oovxdijqrfbfc.net/za0O1zHD2tao0dsyKQ_aTOLvsaIt8pZuZEtcGxKd8KY.ph
    p");\nuser_pref("browser.startup.page",
    > 1); (C:\Documents and Settings\Kevin\Application
    > Data\Mozilla\Profiles\default\rcqc9ax8.slt\prefs.js)
    > O2 - BHO: Yahoo! Companion BHO -
    > {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    > Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    > O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} -
    > C:\DOCUME~1\Kevin\LOCALS~1\Temp\drahniw.dat
    > O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} -
    > C:\DOCUME~1\Kevin\LOCALS~1\Temp\drahniw.dat
    > O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
    > C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} -
    > C:\PROGRA~1\POWERS~1\Toolbar\pwrswmda.dll (file missing)
    > O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no
    > file)
    > O3 - Toolbar: Norton AntiVirus -
    > {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    > AntiVirus\NavShExt.dll
    > O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    > - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    > O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    > O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    > O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    > O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Uqxt.exe
    > O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
    > Files\webHancer\Programs\whSurvey.exe"
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [Advanced Tools Check]
    > C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    > O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\version.exe
    > O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\System32\ezbndlwr.exe
    > O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    > O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    > O4 - HKLM\..\Run: [LoadGolfCourses] C:\Program
    > Files\Mini-Golf\LoadGolfCourses.exe
    > O4 - HKLM\..\Run: [64 mode] C:\PROGRA~1\FLAWLO~1\SupportEq.exe
    > O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    > C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe
    > O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    > O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    > O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open
    > Site\opensite.exe"
    > O4 - HKLM\..\Run: [winhard] C:\WINDOWS\security\Database\winhard.exe
    > O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
    > Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    > O4 - HKLM\..\Run: [MPEG SITE PROC BYTE] C:\Documents and Settings\All
    > Users\Application Data\Meetsoftwarempegsite\Ref Grey.exe
    > O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    > files\WinTools\WToolsA.exe
    > O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
    > Files\Symantec Shared\Security Center\UsrPrmpt.exe
    > O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    > Money\System\Money Express.exe"
    > O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common
    > Files\WinTools\WToolsA.exe
    > O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
    > C:\PROGRA~1\SYMNET~1\SNDMon.exe
    > O4 - Startup: Virtual Bouncer.lnk = C:\Program
    > Files\VBouncer\VirtualBouncer.exe
    > O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    > O4 - Global Startup: updater.lnk = C:\Program Files\Common
    > Files\updater\wupdater.exe
    > O8 - Extra context menu item: Ask Jeeves Search -
    >

    javascript:external.menuArguments.location.href="javascript:AskBarcommand='c
    md-search-selection'"
    > O8 - Extra context menu item: Coupons - file://C:\Program
    > Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    > O8 - Extra context menu item: Dictionary Search -
    >

    javascript:external.menuArguments.location.href="javascript:AskBarcommand='c
    md-search-selection-word'"
    > O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} -
    > C:\Program Files\WhistleSoftware\WselServices\webband.dll
    > O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
    > C:\Program Files\ICQ\ICQ.exe (file missing)
    > O9 - Extra 'Tools' menuitem: ICQ -
    > {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    > (file missing)
    > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    > C:\WINDOWS\System32\Shdocvw.dll
    > O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
    > - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    > - C:\Program Files\Messenger\MSMSGS.EXE
    > O9 - Extra 'Tools' menuitem: Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\MSMSGS.EXE
    > O10 - Broken Internet access because of LSP provider
    > 'c:\windows\system32\inetadpt.dll' missing
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    > O16 - DPF: Yahoo! Literati -
    > http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    > O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    > Conferencing) -

    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    > - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    > O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
    > http://chat.yahoo.com/cab/yacsui.cab


    Yeah, you've got a lot of spyware so unless Mike comes along, post it over
    at www.pcguide.com
     
    mark mandel, Aug 12, 2004
    #3
  4. Bob D

    °Mike° Guest

    There is a lot in there that needs fixed, but you
    MUST post your COMPLETE log -- a partial log
    is of no use.


    On 11 Aug 2004 16:12:43 -0700, in
    <>
    Bob D scrawled:

    >Could someone take a look at the hijack this logfile and tell me what
    >to fix? I hope this wasn't a double post but I couldn't find the first
    >post. Thanks, Bob
    >
    >
    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://www.dzymcwcewgvydry.net/za0O1zHD2tao0dsyKQ_aTF4gjSZoCpq0ZEtcGxKd8KY.html


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 12, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cynthia K.

    Help analyze HijackThis logfile, Please

    Cynthia K., Jul 12, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    545
    °Mike°
    Jul 15, 2004
  2. Lord Retsudo

    608180.net problem - hijackthis logfile help req!

    Lord Retsudo, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,215
    °Mike°
    Aug 9, 2004
  3. CHUNTY

    Hijackthis logfile.

    CHUNTY, Oct 14, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    495
    The Tech Guy
    Oct 15, 2004
  4. Hachabarata

    Please Help - HijackThis Logfile!

    Hachabarata, Dec 11, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    581
    Spoonman
    Feb 22, 2005
  5. Rik Vosters VUB

    Help would be appreciated... (Logfile of HijackThis)

    Rik Vosters VUB, Dec 30, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    522
    Rik Vosters VUB
    Dec 30, 2003
Loading...

Share This Page