1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HijackThis Log

Discussion in 'Virus & Other Malware Removal' started by Siskm, Sep 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Siskm

    Siskm Thread Starter

    Joined:
    Nov 7, 2002
    Messages:
    8
    Was told that some great people will look this attachment over and reply on what to delet. I'd greatly appreciate!

    Sisk, M.
     

    Attached Files:

  2. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    ************* SisKm's Hijack This log ****************


    Logfile of HijackThis v1.96.1
    Scan saved at 10:16:30 PM, on 9/27/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Gilat\QMS\QMS.exe
    C:\Program Files\Gilat\GSU\GSU.exe
    C:\Program Files\Gilat\IBQoS\ibqossvc.exe
    C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
    C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
    C:\Program Files\Gilat\NetAgent.exe
    C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HiJack This\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Steganos Password Manager 6\spm.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://www.spidersearch.com/frame_results.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.starband.net/home.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.spidersearch.com/frame_results.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/sear
    ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://register.starband.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mar's 'Mission Control'
    - CyberSpace Rider
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    http=127.0.0.1:9877;https=127.0.0.1:9877
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program
    Files\Srng\SNHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {753AA023-02D1-447D-8B55-53A91A5ABF18} - (no file)
    O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} -
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m-wtoolbar.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
    C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} -
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m-wtoolbar.dll
    O4 - HKLM\..\Run: [TaskBarClient] C:\Program Files\StarBand\\Mission
    Control\TaskBarClient.exe
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin
    2003\PCCClient.exe"
    O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Program Files\Flash
    Networks\NettGain2000\Bst\NettGain2000 Verifier.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HsuGuiControl] C:\Program Files\StarBand\\Mission
    Control\HsuGui\HsuGuiControl.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    /auto
    O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash
    Networks\NettGain2000\Bst\WgwMngr.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster
    Toolbar\dictionary.htm
    O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster
    Toolbar\thesaurus.htm
    O8 - Extra context menu item: Spellin&g - C:\WINDOWS\web\Spell_It.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Merriam-Webster (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
    https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.c
    om/cgi-bin/vet_install_popup.pl?
    O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) -
    http://instantsupport.hp.com/update/030227/MPChWrapper.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
    http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=200356
    13
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {3185BD6A-176F-42C0-B932-9C037F8F32A4} (WebDeployer5.ctlLoader) -
    http://voicecafe.optecs.net/installables/WebDeployer5.CAB
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in)
    - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) -
    http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTi
    meInstaller.exe
    O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc/opuc.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
    https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} -
    http://www.pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/0251f502ac7d00/housecall.antivirus.com/housecall/xscan53.
    cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
    http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) -
    http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {79BB2CA8-6079-462B-B68A-C7AAA588FD8A} (WebDeployerUtil.ctlUtil) -
    http://voicecafe.optecs.net/installables/WebDeployerUtil.CAB
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -
    http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) -
    http://voicecafe.optecs.net/confighelp/NPEVPCFG.CAB
    O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} -
    http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {9C4A08D4-0F64-4D51-9422-B01EA9E217F0} (WebDeployer2.ctlLoader) -
    http://voicecafe.optecs.net/installables/WebDeployer2.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37732.7940162037
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the
    Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) -
    http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
    Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
    http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} -
    http://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4278/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
    http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
    http://download.paltalk.com/webregtest/RegDload.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} -
    http://www.m-w.com/tools/toolbar/cabs/m-w.cab
     
  3. Siskm

    Siskm Thread Starter

    Joined:
    Nov 7, 2002
    Messages:
    8
    Blue Spruce, I'm sorry, did you just copy/paste the report? I don't know what to do. I don't think you mean for me to delete all these files?
     
  4. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    SisKm ,

    I posted your log for easier viewing , Don't make any changes
     
  5. Siskm

    Siskm Thread Starter

    Joined:
    Nov 7, 2002
    Messages:
    8
    OK, thank you!
     
  6. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Close all browser windows , Scan Hijack This , put a check in the following entries and hit ''Fix Checked'' ,

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://srch-us6.hpwis.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.spidersearch.com/frame_results.php

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/cus...://my.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus...oo.com/ext/sear
    ch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://search.shopnav.com/apps/epa/...shnv9884&s=

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.2020search.com/search/9884/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://rd.companion.yahoo.com/slv/y...com/search?p=%s

    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\ProgramFiles\Srng\SNHelper.dll

    O2 - BHO: (no name) - {753AA023-02D1-447D-8B55-53A91A5ABF18} - (no file)

    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)

    O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
    http://download.weatherbug.com/mini...cab?rand=200356

    Shutdown & Reboot in Safe Mode
    The following link can assist you in starting your computer in Safe Mode
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    Navigate to and Delete the following
    C:\ProgramFiles\Srng > Folder

    Download , configure , and run Ad-aware 6.0 Personal , Build 6.181 following winchester73's Reference Guide http://forums.techguy.org/t164245/s0bd00da6e0f7008495f1c26aa8c2e08c.html


    Good luck
     
  7. Siskm

    Siskm Thread Starter

    Joined:
    Nov 7, 2002
    Messages:
    8
    Wanted to show below in case it has any effect on the above log file? It appears every time I start HijackThis. The program load OK and appears to run smoothly. Will wait to follow suggestions above until I hear back. Have sent this by email to the xxxxxx'd address twice in the last two weeks and have received no reply.

    -----------------------------------------------
    HijackThis
    An unexpected error has occurred at procedure: modRegistry_GetFirstSubFolder(sFolder=C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default)

    Error #52 - Bad file name or number

    Please email me at xxxxxxxxxxxxx. com, reporting the following:

    * What you were doing when the error occurred

    * How you can reproduce the error

    Windows version: Windows NT 5.01.2600

    MSIE version: 6.0.2800.1106

    HijackThis version: 1.96.1

    This message has been copied to your clipboard.

    ---------------------------------------------------------

    Thanks so much,
    Sisk M.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167978

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice