New Hijack this user need advise

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Hi. I just downloaded HJT and scanned my Comp, saved the results and would like an expert opinion on them. thanks
Hal
 
Joined
Aug 1, 2002
Messages
5,531
Flags,

Hit report at the top of your post then ask this thread be moved to the security forum. Then copy / paste your log in another post in the same thread so someone else can take a look.
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Done. Thanks RSM123, don't know much about this stuff
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Thread moved. Post your hijack log by opening it up and copying it and coming back to paste it.
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Thank you Acacandy. Here's the log:Logfile of HijackThis v1.97.2
Scan saved at 9:19:46 PM, on 9/22/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OO Software\DriveLED\OODLed.exe
C:\WINDOWS\System32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Norton CleanSweep\csinsmNT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\NORTON~1\QDCSFS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\l\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.usefulware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DriveLED] C:\Program Files\OO Software\DriveLED\OODLed.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton CleanSweep\csinsmNT.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37884.3709837963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4582BC9-E8B1-45B8-B8A7-491E40A8E566}: NameServer = 208.0.125.3 63.173.217.2
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
hmmmm.....do you have a specific problem?????

Off hand, I don't see anything there........although someone else might come along and prove me wrong :eek:

Maybe, this one can be fixed.........but........

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4582BC9-E8B1-45B8-B8A7-491E40A8E566}: NameServer = 208.0.125.3 63.173.217.2
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
I have no specific problems, Aca, but I was curious about the log. Thank you very much (you too Wonder Woman)
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
You have a bunch of startup programs that can be pared down......

EZ CD doesn't need to start, the messenging program either, do you actually use Works calendar?
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Yes, mam, I do use Calendar often (I'm a forgetful old coot).
I'll check Black Viper to see about the others.
Thank you.
 
Joined
Jun 19, 2003
Messages
1,241
Morning from the UK.. :)

Just off to work so can't stay long, but with regard to that 017 entry, if your ISP is either usachoice.net or usainternet.net, then that's fine.. if not it can be fixed.

I've only glanced at the rest of the log, but nothing much stands out as nasty. The only curiosity is all thereferences to http://search.usefulware.com Is this your desired search/home page? If not you can remove all those.

Sorry about the rush, but got to go and earn a crust. :)

Cheers

Liam
 
Joined
Oct 9, 2001
Messages
9,396
i would have h/t "FIX" these:
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Thank you all for your comments. I will make changes as you recommended.
Aca-a little town in north central Pa., Elk county, home of the only Elk herd in the eastern USA. St. Marys, to be exact.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Hey! There's a brewery there :D

Used to live next door in Clarion County :D (well, kinda next door)
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Aca--The Brewery is still here. They have what they call an 'Eternal Tap'.
Free beer to all who visit. C'mon up, I'll buy.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top