need help with hijackthis log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

segmented

Thread Starter
Joined
Apr 5, 2003
Messages
24
Hi,
Lately, I find stuff installing themselves into my Program Files directory and Desktop. So, I ran cwshredder, then ad-aware, and finally hijack-this. Below is the log... do you see any problems?
I also found some directories in the Program Files directory which I did not install: InstantAccess, ClearSearch, Lycos Sidesearch and STC (Second Thought). What shall I do with these?
Thanks in advance.

***
Logfile of HijackThis v1.97.2
Scan saved at 12:00:33 PM, on 9/21/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\MSMGT.exe
C:\Program Files\ClearSearch\Loader.exe
C:\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\5xl3fnuq.slt\prefs.js)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/dmb/dm1.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TUR28102/payload2.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpplugin_5094_bundle7v1d1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Mar 9, 2003
Messages
4,699
That's a pretty clean log to start with. You run a tight ship. (y)

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/dmb/dm1.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...02/payload2.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/b...TML_pack_XP.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/...bundle7v1d1.cab


IF you are running ME or XP Disable SYSTEM RESTORE : How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP


Next reboot into Safe Mode and remove the following files and folders that are bolded

C:\WINDOWS\bi.dll

C:\Program Files\ClearSearch\IE_ClrSch.DLL

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode

RE-ENABLE SYSTEM RESTORE and create a new restore point

Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 
Joined
Mar 9, 2003
Messages
4,699
Originally posted by segmented:
Hi,
Lately, I find stuff installing themselves into my Program Files directory and Desktop. So, I ran cwshredder, then ad-aware, and finally hijack-this. Below is the log... do you see any problems?
I also found some directories in the Program Files directory which I did not install: InstantAccess, ClearSearch, Lycos Sidesearch and STC (Second Thought). What shall I do with these?
Thanks in advance.
In most cases, go to add/remove programs and remove the programs and then delete the directory if it's left behind.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top