1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] check my hijackthis log plz.

Discussion in 'Earlier Versions of Windows' started by gndm, Oct 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    Logfile of HijackThis v1.94.0
    Scan saved at 2:11:57 PM, on 10/19/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O1 - Hosts: 127.127.127.127 elite
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [REALVIEW] C:\XIRCOM\REALVIEW\REALVIEW.EXE STARTUP
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.8474421296
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: Arcsoft Web Uploader (Shockwave ActiveX Control) - http://www.hpphoto.com/downloads/ReadFileApplet.cab
    thanx 4 any help!
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    gndm

    Pretty clean....you can have HJT fix the following. Close your browser, check the items in HJT, click Fix. Reboot.


    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)


    If you recognize the following as your ISP leave it, otherwise you can fix it too:

    O1 - Hosts: 127.127.127.127 elite

    :)
     
  3. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    buckaroo, many thanx 4 the help.
    the reason i ran hj is because i keep getting " returned mail" from the postmaster in outlook express, problem is it's mail i never sent in the first place?
    it started after spybot s&d found and destroyed (i think) a klez worm yesterday.
    do you have any info on this?
    thanx again,gndm


    ripple in still water...
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    (y) (y)

    Probably nothing to do with you, you're e-mail addy probably got spoofed somewhere along the way.

    I don't see an AV listing in your log. Hope you have a resident scanner.

    If you want. go here for a free online scan just to make sure you're clean:

    http://housecall.trendmicro.com/housecall/start_corp.asp

    :cool:
     
  5. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    buckaroo, you're right about the addy, i was usin' spf but klez got in anyway. thanx for the housecall, found 22 infected files, uncleanable, had to delete, now i've got alot of cleanup & reinstallin' 2 do.
    many thanx again...........keep on truckin'
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    May I recommend that you put scanregistry in your startup items.....start, run, msconfig, startup tab.
     
  7. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    AcaCandy, i don't have scanregistry in startup list.
    could it be under another name?:rolleyes:
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Interesting....try this to see if it exsits...start, run, scanreg and hit ok.

    What happens?
     
  9. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    no errors found - ok - registry has not been backed up today, would you like to back up now? - yes - backup complete
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Well, it's there on your system. Look again at the msconfig startup tab, sounds like you just overlooked it.....at least you have one good registry now :D
     
  11. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    thanx 4 the info, the only thing in startup with the word system is System Tray (SysTray.exe) there's also a MSDTC ??
    anyway, how often should i run the system checker backup?
    thanx again
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    No, you are looking for scanregistry........

    Are you at start, run, then msconfig, startup tab?
     
  13. doors11

    doors11

    Joined:
    Sep 29, 2003
    Messages:
    146
    Not to But in or anthing..

    This is the same problem i had a 3 weeks ago. I ran nortons and it found a infected file and deleted it..Than nortons wouldn't run..

    I did the hijack and syblot and posted messages..Got a lot of help here..Finally the computer would have have different start up problems and each boot-up.Then it would load windows and finally i ran a disk scan and it made the files all one huge file..

    Took the computer to the tech guy who always works on my computer..He saved the files , but they were all in seperate folders with numbers instead of names..He checked my HD and it was ok..So it reformated and re-installed windows.

    What i'm saying is watch the computer very closely..Sounds like the same i had. I used to get about 50-100 returned e-mails a day.
     
  14. gndm

    gndm Thread Starter

    Joined:
    May 18, 2003
    Messages:
    203
    AcaCandy, i remember you're the one who told me how to go into safe mode to defrag, i defrag once a week and it only takes about 15 - 20mins. many thanx. yes, start>run>msconfig>startup tab= no scan, no registry, no scanregistry?
    doors11, thanx 4 the info, no startup probs (yet)when housecall found the infected files they where deleted, then i had to uninstall/reinstall all effected programs cuz they wouldn't open. didn't lose anything (but time)don't like norton(except the motorcycle) thanx again.
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    gndm

    It sounds like you have been infected by one of the mass mailer worms possibly AFlooder. The problem here is that you have a very old version of Hijack This which may not show this worm.

    You need to update Hijack This and post the log from it. It should reveal more.

    I believe the old versions updated the same as the current versions. I really don't recall. Anyway try this.

    Open Hijack This and click on the "Config" button in the lower right corner then click on the "Misc tools" button then click on "Check for update online" and dowload the update and post the log from that.

    If that doesn't work go here and download the new version;

    http://www.tomcoyote.org/hjt/
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173129

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice