1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] HijackThis Log!! anyone look at it for me??

Discussion in 'Virus & Other Malware Removal' started by onestepshort, Sep 18, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. onestepshort

    onestepshort Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    10
    hey! if anyone wants to look this over and help me figure out what needs to be done to it, if anything, to help my computer out that would be great!!! Thanx a lot!
    -megs

    aight, here goes.... (btw I'm running Windows 98 if that helps any... any questions or info you need jst say so...)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\INCD BURNING\INCD.EXE
    C:\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\BELL\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
    C:\KAZAA LITE\KAZAALITE.KPP
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
    C:\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\BELL\NETASSISTANT\BIN\MPBTN.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\HIJACKTHIS\HIJACKTHIS.EXE
    C:\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trentu.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: (no name) - {5E146240-18F4-11D7-B51D-000795CB0E57} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ICServer] C:\PROGRAM FILES\INTERCAST\COMPONENTS\ICSERVER.EXE
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [InCD] C:\InCD burning\InCD.exe
    O4 - HKLM\..\Run: [NAV DefAlert] C:\NORTON~1\NORTON~2\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [KAZAA] "C:\KAZAA LITE\KPP.EXE" "C:\KAZAA LITE\KAZAALITE.KPP" /SYSTRAY
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\BELL\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Norton System Doctor.lnk = C:\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NetAssistant.lnk = C:\Bell\NetAssistant\bin\matcli.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.6134143519
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/116842f97924b0966606/netzip/RdxIE6.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} - http://a320.g.akamai.net/7/320/1456...players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802

    thank you again!!!
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    As far as active "infections" go, the only things I see are the following search hijacks. To remove these check the entries in the HijackThis Scan, close all browser Windows and click Fix Checked:

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O3 - Toolbar: (no name) - {5E146240-18F4-11D7-B51D-000795CB0E57} - (no file)

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    ===================

    As a comment on performance optimizing, I personally would not run Crashguard, which is just extra overhead, and does not yeild properly researchable error messages when you do crash.

    I would also not keep Cleansweep running as a startup, it makes more sense just to run it manually before installs.

    ====================

    And finally, it's your choice, but we see Kazaa and P2P Networking as a common denominator in many nasty trojan and worm infections. Despite your antivirus program, you are probably going to catch a few of them if you are not very careful in your use of it.
     
  3. onestepshort

    onestepshort Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    10
    thats great! thank you so much!!!
    =)
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You're most welcome!
     
  5. onestepshort

    onestepshort Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    10
    so if suddenly my computer decides that it doesnt want to finish its booting-up sequence as it gets the screen up and main programs loaded and just stop for no reason would that have anything to do with this or not??
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well that would be a configuration issue. Probably too many things loading at startup, one or more of which is in conflict.

    Really calls for "clean-boot" troubleshooting. Use msconfig to selectively disable startups and try to isolate the problem.

    The System Configuration Utility (msconfig.exe) can be used to selectively UN check startup items under the startup tab for troubleshooting and performance optimizing.



    You can review what you have using resouces like this:

    http://www2.whidbey.com/djdenham/index.htm

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
     
  7. onestepshort

    onestepshort Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    10
    hey! it works... great!! thanks again dude!
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Good to hear, you're welcome!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Resolved] HijackThis anyone
  1. hfrei
    Replies:
    1
    Views:
    369
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165726

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice