can someone please help me with a log check

Discussion in 'adware, spyware & hijack cleaning' started by tallaght spur, May 11, 2004.

Thread Status:
Not open for further replies.
  1. tallaght spur

    tallaght spur Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    2
    Location:
    ireland
    Could someone please check this log for me, as im having a few probs.
    I have recently updated my IE (as recomended) but am still having probs.
    my system is win ME

    Logfile of HijackThis v1.97.7
    Scan saved at 21:42:13, on 10/05/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\IOMEGA HOTBURN\AUTOLAUNCH.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\PLANUSER\COOL LOGO.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPWEBCAP.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\WINDOWS\APPLICATION DATA\MY-DISGO\MYKEY DISGO.EXE
    C:\WINDOWS\MSLAGENT\MSLAGENT.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmc.dit.ie/maim2003/glenn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmc.dit.ie/maim2003/glenn
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ntlworld.ie/
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildFlics] C:\WINDOWS\WildFlics.exe -n
    O4 - HKLM\..\Run: [KnobTons] C:\PROGRA~1\PLANUSER\cool logo.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPWebCap.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [My-disgo] C:\WINDOWS\Application Data\My-disgo\MyKey disgo.exe
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37937.5670949074
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://ax.180solutions.com/Installer/180SAInstaller.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN.cab

    Thanks in advance
    sincerly
     
  2. tallaght spur

    tallaght spur Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    2
    Location:
    ireland
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi tallaght spur,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL

    O4 - HKLM\..\Run: [WildFlics] C:\WINDOWS\WildFlics.exe -n
    O4 - HKLM\..\Run: [KnobTons] C:\PROGRA~1\PLANUSER\cool logo.exe

    O4 - HKCU\..\Run: [My-disgo] C:\WINDOWS\Application Data\My-disgo\MyKey disgo.exe
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE

    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://ax.180solutions.com/Installer/180SAInstaller.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN.cab

    Then reboot and delete:
    C:\PROGRAM FILES\PLANUSER <= entire folder
    C:\WINDOWS\mslagent <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.