Hijack This Log - Help>>>please!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

hod

Thread Starter
Joined
Aug 19, 2003
Messages
31
They got me! Help and thanks a ton!

Logfile of HijackThis v1.97.1
Scan saved at 10:53:20 PM, on 9/13/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbSrv.exe
C:\Documents and Settings\Marilyn Detering\Local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://files.cc.cometsystems.com/assist/cc/1.0/assist_ct.html
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Hotbar -
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CSBHO -
{D14D6793-9B65-11D3-80B6-00500487BDBA} -
C:\PROGRA~1\Comet\Bin\csbho.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comet Toolbar -
{FE6BC4EF-5676-484B-88AE-883323913256} -
C:\PROGRA~1\Comet\Bin\csietb.dll
O3 - Toolbar: &Hotbar -
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program
Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 7.0 Tray Icon.lnk
= C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program
Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links
(HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0}
(iNotes Class) -
http://noteslcc.lansing.cc.mi.us/iNotes.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
(RdxIE Class) -
http://207.188.7.150/04503889054cdc8fd905/netzip/RdxIE601.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7}
(DmiReader Class) -
http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Mar 9, 2003
Messages
4,699
In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

O2 - BHO: Hotbar -
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O2 - BHO: CSBHO -
{D14D6793-9B65-11D3-80B6-00500487BDBA} -
C:\PROGRA~1\Comet\Bin\csbho.dll

O3 - Toolbar: Comet Toolbar -
{FE6BC4EF-5676-484B-88AE-883323913256} -
C:\PROGRA~1\Comet\Bin\csietb.dll
O3 - Toolbar: &Hotbar -
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.3.5.0\HbHostIE.dll

O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program
Files\Microsoft Office\Office\OSA.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
(RdxIE Class) -
http://207.188.7.150/04503889054cdc...ip/RdxIE601.cab



IF you are running ME or XP Disable SYSTEM RESTORE : Here's How

Next reboot into Safe Mode and remove the following files and folders that are bolded

C:\ProgramFiles\Hotbar\bin\4.3.5.0\HbHostIE.dll
C:\PROGRAM FILES\Comet\Bin\csietb.dll

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode

If you disabled SYSTEM RESTORE above, re-enable it and create a new restore point.


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top