HijackThis Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Siskm

Thread Starter
Joined
Nov 7, 2002
Messages
8
Was told that some great people will look this attachment over and reply on what to delet. I'd greatly appreciate!

Sisk, M.
 

Attachments

Joined
Jul 24, 2003
Messages
420
************* SisKm's Hijack This log ****************


Logfile of HijackThis v1.96.1
Scan saved at 10:16:30 PM, on 9/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\Program Files\Gilat\NetAgent.exe
C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steganos Password Manager 6\spm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.spidersearch.com/frame_results.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.starband.net/home.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.spidersearch.com/frame_results.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/sear
ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://register.starband.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mar's 'Mission Control'
- CyberSpace Rider
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
http=127.0.0.1:9877;https=127.0.0.1:9877
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program
Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {753AA023-02D1-447D-8B55-53A91A5ABF18} - (no file)
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} -
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m-wtoolbar.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} -
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m-wtoolbar.dll
O4 - HKLM\..\Run: [TaskBarClient] C:\Program Files\StarBand\\Mission
Control\TaskBarClient.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin
2003\PCCClient.exe"
O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Program Files\Flash
Networks\NettGain2000\Bst\NettGain2000 Verifier.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HsuGuiControl] C:\Program Files\StarBand\\Mission
Control\HsuGui\HsuGuiControl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
/auto
O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash
Networks\NettGain2000\Bst\WgwMngr.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster
Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster
Toolbar\thesaurus.htm
O8 - Extra context menu item: Spellin&g - C:\WINDOWS\web\Spell_It.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Merriam-Webster (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.c
om/cgi-bin/vet_install_popup.pl?
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) -
http://instantsupport.hp.com/update/030227/MPChWrapper.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=200356
13
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3185BD6A-176F-42C0-B932-9C037F8F32A4} (WebDeployer5.ctlLoader) -
http://voicecafe.optecs.net/installables/WebDeployer5.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in)
- http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) -
http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTi
meInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} -
http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/0251f502ac7d00/housecall.antivirus.com/housecall/xscan53.
cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) -
http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {79BB2CA8-6079-462B-B68A-C7AAA588FD8A} (WebDeployerUtil.ctlUtil) -
http://voicecafe.optecs.net/installables/WebDeployerUtil.CAB
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -
http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) -
http://voicecafe.optecs.net/confighelp/NPEVPCFG.CAB
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} -
http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {9C4A08D4-0F64-4D51-9422-B01EA9E217F0} (WebDeployer2.ctlLoader) -
http://voicecafe.optecs.net/installables/WebDeployer2.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37732.7940162037
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the
Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) -
http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} -
http://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4278/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} -
http://www.m-w.com/tools/toolbar/cabs/m-w.cab
 

Siskm

Thread Starter
Joined
Nov 7, 2002
Messages
8
Blue Spruce, I'm sorry, did you just copy/paste the report? I don't know what to do. I don't think you mean for me to delete all these files?
 
Joined
Jul 24, 2003
Messages
420
Close all browser windows , Scan Hijack This , put a check in the following entries and hit ''Fix Checked'' ,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us6.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.spidersearch.com/frame_results.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cus...oo.com/ext/sear
ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.shopnav.com/apps/epa/...shnv9884&s=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://rd.companion.yahoo.com/slv/y...com/search?p=%s

O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\ProgramFiles\Srng\SNHelper.dll

O2 - BHO: (no name) - {753AA023-02D1-447D-8B55-53A91A5ABF18} - (no file)

O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)

O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
http://download.weatherbug.com/mini...cab?rand=200356

Shutdown & Reboot in Safe Mode
The following link can assist you in starting your computer in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Navigate to and Delete the following
C:\ProgramFiles\Srng > Folder

Download , configure , and run Ad-aware 6.0 Personal , Build 6.181 following winchester73's Reference Guide http://forums.techguy.org/t164245/s0bd00da6e0f7008495f1c26aa8c2e08c.html


Good luck
 

Siskm

Thread Starter
Joined
Nov 7, 2002
Messages
8
Wanted to show below in case it has any effect on the above log file? It appears every time I start HijackThis. The program load OK and appears to run smoothly. Will wait to follow suggestions above until I hear back. Have sent this by email to the xxxxxx'd address twice in the last two weeks and have received no reply.

-----------------------------------------------
HijackThis
An unexpected error has occurred at procedure: modRegistry_GetFirstSubFolder(sFolder=C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default)

Error #52 - Bad file name or number

Please email me at xxxxxxxxxxxxx. com, reporting the following:

* What you were doing when the error occurred

* How you can reproduce the error

Windows version: Windows NT 5.01.2600

MSIE version: 6.0.2800.1106

HijackThis version: 1.96.1

This message has been copied to your clipboard.

---------------------------------------------------------

Thanks so much,
Sisk M.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top