1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HiJack This thread

Discussion in 'Windows XP' started by cltoles, Sep 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cltoles

    cltoles Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    3
    Hello all, thanks for the help already. I have read several of the HiJack threads and have already fixed a couple of items, however would like to post my HiJack Log and see if anyone has any additional comments. Thanks

    Logfile of HijackThis v1.97.0
    Scan saved at 3:14:12 PM, on 9/12/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\wins\DLLHOST.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINNT\system32\msmsgri32.exe
    C:\WINNT\SYSTEM32\svrmsg.exe
    C:\WINNT\Fonts\rundll32.exe
    C:\WINNT\Fonts\explorer.exe
    E:\Program Files\EarthLink Accelerator\propelac.exe
    C:\WINNT\System32\windowsntdebug\task.exe
    E:\Program Files\Norton CleanSweep\csinsmnt.exe
    E:\QUICKENW\QWDLLS.EXE
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\System32\wins\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmsgri32.exe
    O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
    O4 - HKLM\..\Run: [helpmanager] spoler.exe
    O4 - HKLM\..\Run: [TaskMan] C:\WINNT\Fonts\rundll32.exe
    O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
    O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
    O4 - Startup: Billminder.lnk = E:\QUICKENW\BILLMIND.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = E:\Program Files\Norton CleanSweep\csinsmnt.exe
    O4 - Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - e:\Program Files\EarthLink Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - e:\Program Files\EarthLink Accelerator\pac-image.html
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB1243A-F0B6-4C97-B616-E8AFF53726FF}: NameServer = 207.69.188.187 207.69.188.186
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    firstly you have many viruses on the computer, but you have only posted part of the hijack loog

    open hjt, press config, press ignore list and press delete all, then scan & post a complete log so we can see what we are dealing with
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
  4. cltoles

    cltoles Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    3
    Ok, I ran Panda scan and cleaned the system. There was nothing in the ignore list. Here is my latest HiJack Log.

    Logfile of HijackThis v1.97.0
    Scan saved at 2:49:43 PM, on 9/13/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINNT\SYSTEM32\svrmsg.exe
    C:\WINNT\system32\spoler.exe
    C:\WINNT\Fonts\explorer.exe
    E:\Program Files\EarthLink Accelerator\propelac.exe
    C:\WINNT\System32\windowsntdebug\task.exe
    E:\Program Files\Norton CleanSweep\csinsmnt.exe
    E:\QUICKENW\QWDLLS.EXE
    C:\WINNT\system32\ntvdm.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\wins\svchost.exe
    E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    e:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
    O4 - HKLM\..\Run: [helpmanager] spoler.exe
    O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
    O4 - HKLM\..\Run: [Propel Accelerator] e:\Program Files\EarthLink Accelerator\propelac.exe
    O4 - HKLM\..\Run: [WindowsNTdebug] C:\WINNT\System32\windowsntdebug\task.exe
    O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
    O4 - Startup: Billminder.lnk = E:\QUICKENW\BILLMIND.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = E:\Program Files\Norton CleanSweep\csinsmnt.exe
    O4 - Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - e:\Program Files\EarthLink Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - e:\Program Files\EarthLink Accelerator\pac-image.html
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB1243A-F0B6-4C97-B616-E8AFF53726FF}: NameServer = 207.69.188.187 207.69.188.186
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
    O4 - HKLM\..\Run: [helpmanager] spoler.exe
    O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
    O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
    O4 - HKLM\..\Run: [WindowsNTdebug] C:\WINNT\System32\windowsntdebug\task.exe

    reboot & delete

    C:\WINNT\Fonts\explorer.exe
    C:\WINNT\SYSTEM32\svrmsg.exe
    C:\WINNT\system32\spoler.exe
     
  6. cltoles

    cltoles Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    3
    Thank you for your help. Hopefully my system will stay a lot cleaner now. I have also downloaded ZoneAlarm firewall and installed on my system.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164326

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice