1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New Hijack this user need advise

Discussion in 'Virus & Other Malware Removal' started by Flags, Sep 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Hi. I just downloaded HJT and scanned my Comp, saved the results and would like an expert opinion on them. thanks
    Hal
     
  2. RSM123

    RSM123

    Joined:
    Aug 1, 2002
    Messages:
    5,531
    Flags,

    Hit report at the top of your post then ask this thread be moved to the security forum. Then copy / paste your log in another post in the same thread so someone else can take a look.
     
  3. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Done. Thanks RSM123, don't know much about this stuff
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Thread moved. Post your hijack log by opening it up and copying it and coming back to paste it.
     
  5. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Thank you Acacandy. Here's the log:Logfile of HijackThis v1.97.2
    Scan saved at 9:19:46 PM, on 9/22/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\OO Software\DriveLED\OODLed.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Norton CleanSweep\csinsmNT.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\PROGRA~1\NORTON~1\QDCSFS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\l\My Documents\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.usefulware.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.usefulware.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.usefulware.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.usefulware.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton CleanSweep\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [DriveLED] C:\Program Files\OO Software\DriveLED\OODLed.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton CleanSweep\csinsmNT.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37884.3709837963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B4582BC9-E8B1-45B8-B8A7-491E40A8E566}: NameServer = 208.0.125.3 63.173.217.2
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    hmmmm.....do you have a specific problem?????

    Off hand, I don't see anything there........although someone else might come along and prove me wrong :eek:

    Maybe, this one can be fixed.........but........

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B4582BC9-E8B1-45B8-B8A7-491E40A8E566}: NameServer = 208.0.125.3 63.173.217.2
     
  7. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    I have no specific problems, Aca, but I was curious about the log. Thank you very much (you too Wonder Woman)
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You have a bunch of startup programs that can be pared down......

    EZ CD doesn't need to start, the messenging program either, do you actually use Works calendar?
     
  9. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Yes, mam, I do use Calendar often (I'm a forgetful old coot).
    I'll check Black Viper to see about the others.
    Thank you.
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    From PA no less ;) where about?
     
  11. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Morning from the UK.. :)

    Just off to work so can't stay long, but with regard to that 017 entry, if your ISP is either usachoice.net or usainternet.net, then that's fine.. if not it can be fixed.

    I've only glanced at the rest of the log, but nothing much stands out as nasty. The only curiosity is all thereferences to http://search.usefulware.com Is this your desired search/home page? If not you can remove all those.

    Sorry about the rush, but got to go and earn a crust. :)

    Cheers

    Liam
     
  12. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    i would have h/t "FIX" these:
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
     
  13. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Thank you all for your comments. I will make changes as you recommended.
    Aca-a little town in north central Pa., Elk county, home of the only Elk herd in the eastern USA. St. Marys, to be exact.
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hey! There's a brewery there :D

    Used to live next door in Clarion County :D (well, kinda next door)
     
  15. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Aca--The Brewery is still here. They have what they call an 'Eternal Tap'.
    Free beer to all who visit. C'mon up, I'll buy.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166685

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice