Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

HijackThis log evaluation request


(!)

Zoontha's Avatar
Zoontha Zoontha is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Aug 2003
14-Aug-2003, 07:30 AM #1
HijackThis log evaluation request
L.S.,

my computer is showing some of the symptoms discribed in earlier messages in this forum; some pop ups, delays when using forms.
I would really appreciate it if one of you techies would take a look at it and tell what and how to fix it.

I have had the www.coolwwwsearch.com thingy earlier but that was fixed by spybot earlier. Or AdAware, I don't remember. Anyway it was 'obfuscated' as the log shows. I hope this means Spybot has immunized it?

I thought running spybot, adaware and scanning my computer for virusses regularly would keep my computer clean but obviously that's not the case.
Must be the sites i visit. But that's caused by the testosterone level I have. I don't think Tech Support can help me there

here's the log:

Last edited by Zoontha; 17-Aug-2003 at 05:09 AM..
Top Banana's Avatar
Senior Member with 1,344 posts.
 
Join Date: Nov 2002
14-Aug-2003, 08:10 AM #2
Fix with HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.coolwwwsearch.com/z/a/x1.cgi?100 (obfuscated)
O15 - Trusted Zone: *.msn.com
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp

Internet Explorer > Tools > Internet Options > Programs > Reset Web Settings.
Zoontha's Avatar
Zoontha Zoontha is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Aug 2003
14-Aug-2003, 09:02 AM #3
Talking wow
...that was quick! Thanks a million!
No wonder you are the highest ranking banana around.

I'll check later if it fixed the problems... gotta run now.
sogoronin's Avatar
sogoronin sogoronin is offline
Junior Member with 3 posts.
 
Join Date: Jun 2001
Location: South Carolina
03-Mar-2004, 11:06 PM #4
I am also having a stressfull time. Everytime I start up Internet Explorer my browers redirects me to res://mshp.dll/index.html#37049 (Search Engine). I have gone into my files and deleted the mshp.dll file and it returned and kept up with the problem. If I change my homepage from that it just redirects after I open IE a few times. Any idea how to get that to stop happening?

Here's my hijack this log:



Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Palm\HOTSYNC.EXE
D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows NT\Accessories\wordpad.exe
C:\PROGRA~1\WinZip\winzip32.exe
D:\DOCUME~1\Bill\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - D:\Documents and Settings\Bill\Application Data\msrw\msrw32.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - D:\Documents and Settings\Bill\Application Data\msrw\mssearch.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - D:\Documents and Settings\Bill\Application Data\msrw\msiesh.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserSystem] C:\Windows\iexplorer.exe
O4 - HKLM\..\Run: [D066UUtility] D:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Image] rundll32 D:\WINDOWS\image.dll,Install
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [UserSystem] C:\Windows\iexplorer.exe
O4 - HKCU\..\RunServices: [Image] rundll32 D:\WINDOWS\image.dll,Install
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AroundWeb Search - res://D:\Program Files\AroundWeb\awtoolb.dll/MENUSEARCH.HTM
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...049.5331018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
mobo's Avatar
Computer Specs
Member with 16,270 posts.
 
Join Date: Feb 2003
Location: Cape Breton
Experience: Advanced
04-Mar-2004, 12:19 AM #5
You are hijacked by a cool web search Variant: Follow the following instructions and we can get you starightened out..

Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems

CWShredder takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.


Then repost a fresh Hijack this log .

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ or http://www.majorgeeks.com/downloadge...8baee6434cfc13 and save it to a folder on your desktop.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
sogoronin's Avatar
sogoronin sogoronin is offline
Junior Member with 3 posts.
 
Join Date: Jun 2001
Location: South Carolina
04-Mar-2004, 08:15 AM #6
Here's my new log:


Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Palm\HOTSYNC.EXE
D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Windows NT\Accessories\wordpad.exe
C:\PROGRA~1\WinZip\winzip32.exe
D:\DOCUME~1\Bill\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D066UUtility] D:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AroundWeb Search - res://D:\Program Files\AroundWeb\awtoolb.dll/MENUSEARCH.HTM
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...049.5331018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
mobo's Avatar
Computer Specs
Member with 16,270 posts.
 
Join Date: Feb 2003
Location: Cape Breton
Experience: Advanced
04-Mar-2004, 08:18 AM #7
Have hjt fix these as well :


O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe


Then you should be good to go
mjw5j's Avatar
mjw5j mjw5j is offline
Junior Member with 5 posts.
 
Join Date: Mar 2004
04-Mar-2004, 10:07 AM #8
me too unfortunately
I have the missing image.dll problem described elsewhere. I ran cwshredder and then jht. Here's the log. Can you help?

Logfile of HijackThis v1.97.7
Scan saved at 10:01:09 AM, on 3/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EAS\easclient.exe
C:\Program Files\Hummingbird\DM Extensions\papihost.exe
C:\Program Files\Hummingbird\DM Extensions\Interceptor.exe
C:\Program Files\Hummingbird\DM Extensions\POWERDOCS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://foleynet/intranet/default.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.9.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.20.*;172.21.*;extranet.fhe.com;remote.fhe.com;bost-ex.fhe.com;bost-ex2.fhe.com;192.187.51.228;192.187.51.228;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - C:\PROGRA~1\GMMCOM~1\WINDOW~1\WINDOW~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Hummingbird DM - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\Hummingbird\DM Extensions\DOCSShlToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EAS_CLIENT] C:\Program Files\EAS\easclient.exe
O4 - HKLM\..\Run: [PowerDOCSAPIHost] "C:\Program Files\Hummingbird\DM Extensions\papihost.exe"
O4 - HKCU\..\Run: [USMT2RUN] M:\Restore\LOADSTATE.EXE /d
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: Interceptor.lnk = C:\Program Files\Hummingbird\DM Extensions\Interceptor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {44C7F862-906C-11D3-A8ED-0008C75B3588} (IEPAPI Class) - http://bosdmsvr1/CyberDOCS/Plugins/papibrdg.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://bosdmsvr1/CyberDOCS/Plugins/isetupml.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = law.firm
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\Software\..\Telephony: DomainName = law.firm
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = law.firm
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = law.firm
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
mobo's Avatar
Computer Specs
Member with 16,270 posts.
 
Join Date: Feb 2003
Location: Cape Breton
Experience: Advanced
04-Mar-2004, 02:47 PM #9
Re: me too unfortunately
Rescan and put a check next to each of these then close all browser windows and click"fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)


O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - C:\PROGRA~1\GMMCOM~1\WINDOW~1\WINDOW~1.DLL (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
mjw5j's Avatar
mjw5j mjw5j is offline
Junior Member with 5 posts.
 
Join Date: Mar 2004
04-Mar-2004, 03:14 PM #10
thanks
Thanks. I did that, but still get the missing "image.dll" message on startup. Do you have any other advice? Here's a new log, in case it's relevant:

Logfile of HijackThis v1.97.7
Scan saved at 3:13:50 PM, on 3/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\EAS\easclient.exe
C:\Program Files\Hummingbird\DM Extensions\papihost.exe
C:\Program Files\Hummingbird\DM Extensions\Interceptor.exe
C:\Program Files\Hummingbird\DM Extensions\POWERDOCS.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://foleynet/intranet/default.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.9.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.20.*;172.21.*;extranet.fhe.com;remote.fhe.com;bost-ex.fhe.com;bost-ex2.fhe.com;192.187.51.228;192.187.51.228;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Hummingbird DM - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\Hummingbird\DM Extensions\DOCSShlToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [EAS_CLIENT] C:\Program Files\EAS\easclient.exe
O4 - HKLM\..\Run: [PowerDOCSAPIHost] "C:\Program Files\Hummingbird\DM Extensions\papihost.exe"
O4 - HKCU\..\Run: [USMT2RUN] M:\Restore\LOADSTATE.EXE /d
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Interceptor.lnk = C:\Program Files\Hummingbird\DM Extensions\Interceptor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {44C7F862-906C-11D3-A8ED-0008C75B3588} (IEPAPI Class) - http://bosdmsvr1/CyberDOCS/Plugins/papibrdg.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://bosdmsvr1/CyberDOCS/Plugins/isetupml.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = law.firm
O17 - HKLM\Software\..\Telephony: DomainName = law.firm
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = law.firm
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = law.firm
mobo's Avatar
Computer Specs
Member with 16,270 posts.
 
Join Date: Feb 2003
Location: Cape Breton
Experience: Advanced
04-Mar-2004, 03:22 PM #11
Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems
mjw5j's Avatar
mjw5j mjw5j is offline
Junior Member with 5 posts.
 
Join Date: Mar 2004
04-Mar-2004, 03:31 PM #12
thanks again
That seems to have done the trick. I had run cwshredder two other times, but I guess I needed to make those fixes using hijackthis before running it.

Thanks again!
mobo's Avatar
Computer Specs
Member with 16,270 posts.
 
Join Date: Feb 2003
Location: Cape Breton
Experience: Advanced
04-Mar-2004, 03:33 PM #13
Your welcome
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2