hijack this log file

Discussion in 'Computer Support' started by Lisa Goodman, Aug 11, 2004.

  1. Lisa Goodman

    Lisa Goodman Guest

    We have been having terrible problems, I would greatly appreciate
    anyone's help on which file to delete. Here is the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 9:04:52 PM, on 8/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\windows\System32\Ftei.exe
    C:\windows\System32\PskA2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Lisa\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) -
    _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {60873C5E-9742-2CC3-8755-615579D37A48} -
    C:\windows\System32\xacgr.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [EM_EXEC]
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [2HZA8XS597ZPDN] C:\windows\System32\Szg9524W.exe
    O4 - Startup: SBC Yahoo! DSL.lnk = C:\WINDOWS\system32\rasphone.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -
    res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office
    Template and Media Control) -
    http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    http://public.windupdates.com/get_f...05f72cb55925:0db69b72ff39cfe5e585d7b34e81015d
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) -
    http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37805.692662037
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
    - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
    http://download.yahoo.com/dl/installs/yab_af.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{371A1B21-F0B8-4923-8095-D97F460DD6D6}:
    NameServer = 66.73.20.40 206.141.193.55
    O17 - HKLM\System\CS1\Services\Tcpip\..\{371A1B21-F0B8-4923-8095-D97F460DD6D6}:
    NameServer = 66.73.20.40 206.141.193.55
    O17 - HKLM\System\CS2\Services\Tcpip\..\{371A1B21-F0B8-4923-8095-D97F460DD6D6}:
    NameServer = 66.73.20.40 206.141.193.55
     
    Lisa Goodman, Aug 11, 2004
    #1
    1. Advertisements

  2. Lisa Goodman

    °Mike° Guest

    End Task the above process (CTRL+ALT+DEL), delete
    the Ftei.exe file, and empty the recycle bin.

    End Task the above process (CTRL+ALT+DEL), delete
    the PskA2.exe file, and empty the recycle bin.

    Have HijackThis fix the above.

    Have HijackThis fix the above. Delete wsaupdater.exe and
    empty the recycle bin.

    Have HijackThis fix the above. Delete xacgr.dll and
    empty the recycle bin.

    Have HijackThis fix the above. Delete Szg9524W.exe and
    empty the recycle bin.

    Have HijackThis fix the above.

    Unless the above IPs are from your network or ISP, have
    HijackThis fix the above. It is IMPORTANT that you then
    run LSPFix if the above are bogus IPs:
    http://cexx.org/lspfix.htm
     
    °Mike°, Aug 11, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.