HiJack This thread

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cltoles

Thread Starter
Joined
Sep 11, 2003
Messages
3
Hello all, thanks for the help already. I have read several of the HiJack threads and have already fixed a couple of items, however would like to post my HiJack Log and see if anyone has any additional comments. Thanks

Logfile of HijackThis v1.97.0
Scan saved at 3:14:12 PM, on 9/12/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\wins\DLLHOST.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\msmsgri32.exe
C:\WINNT\SYSTEM32\svrmsg.exe
C:\WINNT\Fonts\rundll32.exe
C:\WINNT\Fonts\explorer.exe
E:\Program Files\EarthLink Accelerator\propelac.exe
C:\WINNT\System32\windowsntdebug\task.exe
E:\Program Files\Norton CleanSweep\csinsmnt.exe
E:\QUICKENW\QWDLLS.EXE
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wins\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Yahoo!\Messenger\YPager.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmsgri32.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
O4 - HKLM\..\Run: [helpmanager] spoler.exe
O4 - HKLM\..\Run: [TaskMan] C:\WINNT\Fonts\rundll32.exe
O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
O4 - Startup: Billminder.lnk = E:\QUICKENW\BILLMIND.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = E:\Program Files\Norton CleanSweep\csinsmnt.exe
O4 - Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - e:\Program Files\EarthLink Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - e:\Program Files\EarthLink Accelerator\pac-image.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB1243A-F0B6-4C97-B616-E8AFF53726FF}: NameServer = 207.69.188.187 207.69.188.186
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
firstly you have many viruses on the computer, but you have only posted part of the hijack loog

open hjt, press config, press ignore list and press delete all, then scan & post a complete log so we can see what we are dealing with
 

cltoles

Thread Starter
Joined
Sep 11, 2003
Messages
3
Ok, I ran Panda scan and cleaned the system. There was nothing in the ignore list. Here is my latest HiJack Log.

Logfile of HijackThis v1.97.0
Scan saved at 2:49:43 PM, on 9/13/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\SYSTEM32\svrmsg.exe
C:\WINNT\system32\spoler.exe
C:\WINNT\Fonts\explorer.exe
E:\Program Files\EarthLink Accelerator\propelac.exe
C:\WINNT\System32\windowsntdebug\task.exe
E:\Program Files\Norton CleanSweep\csinsmnt.exe
E:\QUICKENW\QWDLLS.EXE
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wins\svchost.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
e:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
O4 - HKLM\..\Run: [helpmanager] spoler.exe
O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\Run: [Propel Accelerator] e:\Program Files\EarthLink Accelerator\propelac.exe
O4 - HKLM\..\Run: [WindowsNTdebug] C:\WINNT\System32\windowsntdebug\task.exe
O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
O4 - Startup: Billminder.lnk = E:\QUICKENW\BILLMIND.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = E:\Program Files\Norton CleanSweep\csinsmnt.exe
O4 - Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - e:\Program Files\EarthLink Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - e:\Program Files\EarthLink Accelerator\pac-image.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB1243A-F0B6-4C97-B616-E8AFF53726FF}: NameServer = 207.69.188.187 207.69.188.186
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
O4 - HKLM\..\Run: [helpmanager] spoler.exe
O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
O4 - HKLM\..\Run: [WindowsNTdebug] C:\WINNT\System32\windowsntdebug\task.exe

reboot & delete

C:\WINNT\Fonts\explorer.exe
C:\WINNT\SYSTEM32\svrmsg.exe
C:\WINNT\system32\spoler.exe
 

cltoles

Thread Starter
Joined
Sep 11, 2003
Messages
3
Thank you for your help. Hopefully my system will stay a lot cleaner now. I have also downloaded ZoneAlarm firewall and installed on my system.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top