hijack this log

Discussion in 'adware, spyware & hijack cleaning' started by phatkid77, Jun 21, 2004.

Thread Status:
Not open for further replies.
  1. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    downloaded lots of software due to recommendations here....anywho..

    ogfile of HijackThis v1.97.7
    Scan saved at 1:56:50 AM, on 21/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\StreamCast\Morpheus\morphexe.exe
    C:\WINDOWS\System32\wjview.exe
    C:\Program Files\StreamCast\Morpheus\mldonkey\mlnet.exe
    C:\Documents and Settings\MDG Customer\Desktop\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
    O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC8364F-F2D9-4F52-984D-FEEEECDB1750}: Domain = sympatico.ca
    O17 - HKLM\System\CS1\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105


    jjust trying the PC booster out,, says my speed has increased 189%, 400% and 5%......

    enjoy
     
  2. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello phatkid77,

    My first suggestion is to uninstall MyWebSearch (MyWay). Go to Add/Remove programs and stay online and click on Uninstall.

    Reboot and post a new log.
     
  3. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    will do when i get home from work........

    whats with this damn my websearcho_Oo_O deleted this once b4?

    phats
     
  4. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    Logfile of HijackThis v1.97.7
    Scan saved at 2:16:41 AM, on 22/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\MDG Customer\Desktop\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC8364F-F2D9-4F52-984D-FEEEECDB1750}: Domain = sympatico.ca
    O17 - HKLM\System\CS1\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105

    thanks
     
  5. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Glad to see Myway gone. Log looks good. Are you having any problems now?
     
  6. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    nop probs. thanks

    didn't have problems anyway, just a check up...

    i guess..........sometimes i have to restart my computer a couple times 'cause it won't connecto_Oo_O??highspeed sympatico

    phats
     
  7. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Can't say I know much about the connection issue. I would talk to your provider about that. Log looks good though.

    Here is a link for you to go to that will give you suggestions on how to keep your computer safe:
    https://www.wilderssecurity.com/showthread.php?t=27971

    Happy Surfing!
     
Thread Status:
Not open for further replies.