Hijack Log

Discussion in 'adware, spyware & hijack cleaning' started by Tara, Apr 17, 2004.

Thread Status:
Not open for further replies.
  1. Tara

    Tara Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    1
    Hi
    Could somebody please check my log for errors. I thank you in advance

    Tara

    Logfile of HijackThis v1.97.7
    Scan saved at 9:45:20 PM, on 4/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: emIEEngine Utility - {45C768F0-9B73-4AA7-8817-D3B063F4335F} - C:\Program Files\Ensuredmail\emIEEngine.dll
    O3 - Toolbar: (no name) - {8F401179-BA11-4206-9136-37C3BE3EDE16} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
    O3 - Toolbar: AstaLaVista - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Astabar\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
    O8 - Extra context menu item: &Astalavista Toolbar search - res://C:\Program Files\Astabar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&nsuredmail(tm) - C:\PROGRA~1\Ensuredmail\ensuredmail.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Protect Your Email (HKLM)
    O9 - Extra 'Tools' menuitem: Protect Your Email with Ensuredmail (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Messenger Addon (HKLM)
    O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {0BE35204-8F91-11CE-9DE3-00AA004BB851} (CLSID_StdPict) - http://wwwau.kodak.com/AU/en/consumer/printOnline/OPW_25900.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Tara,

    Nothing serious. :)

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O1 - Hosts: 203.161.127.141 www.dcsresearch.com

    O3 - Toolbar: (no name) - {8F401179-BA11-4206-9136-37C3BE3EDE16} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)

    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab

    Then reboot.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.