1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack log file

Discussion in 'Virus & Other Malware Removal' started by kirghis, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. kirghis

    kirghis Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    37
    Hi, Can someone please take a look at this Hijack file , and tell me if there are any problems...Thank you.


    Logfile of HijackThis v1.96.2
    Scan saved at 20:25:01, on 10/09/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\NotifyPhoneBook.exe
    C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\kyenghis\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by btclick.com
    O1 - Hosts: 65.120.116.174 www.aimster.com
    O1 - Hosts: 65.120.116.173 lite.aimster.com
    O1 - Hosts: 65.120.116.172 mini.aimster.com
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {91124CF5-0DFA-42CF-9768-D68366447C60} - C:\WINDOWS\system32\moz030715s.dll
    O2 - BHO: (no name) - {B27EB7A3-1CC8-4C9F-9C25-20D0AC9C5E80} - C:\WINDOWS\system32\wcsjopv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [WebCam Go Sti Service Application] wbcgosvc
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-a1.freeserve.com/Java/cfs31235.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticAccess/cabs/1768015.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.294525463
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://offers.contentwatch.com/audit/includes/ContentAuditControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0EAB2E78-6D10-4E9F-BD70-5C29E76B474D}: NameServer = 212.158.192.2 212.158.192.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0EAB2E78-6D10-4E9F-BD70-5C29E76B474D}: NameServer = 212.158.192.2 212.158.192.3
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    welcome to T.S.G:)

    run hijackthis again and put a checkmark against these entries....
    .....then,close all browser and outlook windows and "fix checked"

    O1 - Hosts: 65.120.116.174 www.aimster.com
    O1 - Hosts: 65.120.116.173 lite.aimster.com
    O1 - Hosts: 65.120.116.172 mini.aimster.com
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: (no name) - {91124CF5-0DFA-42CF-9768-D68366447C60} - C:\WINDOWS\system32\moz030715s.dll
    O2 - BHO: (no name) - {B27EB7A3-1CC8-4C9F-9C25-20D0AC9C5E80} - C:\WINDOWS\system32\wcsjopv.dll
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/erotic...abs/1768015.cab

    re-boot after..and have a good birthday.
    ;)

    1 more thing..........i dont see an antivirus program......you NEED one.
     
  3. kirghis

    kirghis Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    37
    Thanks Steve..i'll do it right away...by the way I have a virus program ..it's called Ontrack ...Thanks again.
     
  4. goldens23

    goldens23

    Joined:
    Dec 10, 2001
    Messages:
    15
    I was just looking at the ontrack site and saw no mention of them providing virus protection . I may have missed it but I dont think so .
    Cheers:)
     
  5. kirghis

    kirghis Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    37
    Hi, Actually it's called Fix-it utilites 4.0...and it has a virus protection .. is there a better virus protection? ...thanks
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    i must admit ive never heard of "fix-it" so i cant comment on how efficient it is............just keep it updated and you should be ok.

    ;)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163768

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice