Hijackthis Log (I know im infected) [Merged]

Discussion in 'adware, spyware & hijack cleaning' started by Chris_Raska, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Hijackthis Log (I know im infected, been waiting for help for days)

    Hello everyone,

    I just went to launch a new internet window and my home page url has been changed and if I try to set it then launch a new window it will go back to the one I just changed it from. res://lybsq.dll/index.html#12802 is what comes up. I ran a search for it on yahoo and google, but nothing was found. Im guessing its new. It is sending me popups so im guessing it a form of adware. I hope someone other there can help me. Thank you in advance.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:21:24 PM, on 7/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sdkzh.exe
    C:\WINDOWS\system32\winsp32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    O2 - BHO: (no name) - {1A4F489C-207C-A02F-2E5B-65769154252C} - C:\WINDOWS\system32\msej.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sdkzh.exe] C:\WINDOWS\system32\sdkzh.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D63BF9-2570-4DF1-80E6-3403C19AAAC5}: NameServer = 216.234.97.2 216.234.97.3
     
    Last edited: Jul 5, 2004
  2. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    Im heading off to bed for the night. I will check back tommarow and post a new log if needed. Thanks again everyone. Bye for now.
     
  3. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    Hello again. I just took a new log since I didnt know if anything would change since I turned the computer off. When I turned it on and it got to the man screen (the one with all the icons) a plain error message poped up and said cannot find SHELL.DLL. Im still getting pop ups. Heres the new logfile. Thank you for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 5:52:54 PM, on 7/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\winsp32.exe
    C:\WINDOWS\system32\sdkzh.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    O2 - BHO: (no name) - {1A4F489C-207C-A02F-2E5B-65769154252C} - C:\WINDOWS\system32\msej.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sdkzh.exe] C:\WINDOWS\system32\sdkzh.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D63BF9-2570-4DF1-80E6-3403C19AAAC5}: NameServer = 216.234.97.2 216.234.97.3
     
  4. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    I rebooted so heres my new log file.

    Logfile of HijackThis v1.97.7
    Scan saved at 10:47:31 PM, on 7/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\winsp32.exe
    C:\WINDOWS\system32\sdkzh.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    O2 - BHO: (no name) - {1A4F489C-207C-A02F-2E5B-65769154252C} - C:\WINDOWS\system32\msej.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sdkzh.exe] C:\WINDOWS\system32\sdkzh.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D63BF9-2570-4DF1-80E6-3403C19AAAC5}: NameServer = 216.234.97.2 216.234.97.3
     
  5. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    Bump.
     
  6. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    Three days and still no help. :'( I cant complain you guys do this in your free time and dont get payed for it. Plus its free to us. :) More people need to realize that. Thank you in advance again.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:57:28 PM, on 7/5/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\winsp32.exe
    C:\WINDOWS\system32\sdkzh.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lybsq.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lybsq.dll/sp.html#12802
    O2 - BHO: (no name) - {1A4F489C-207C-A02F-2E5B-65769154252C} - C:\WINDOWS\system32\msej.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sdkzh.exe] C:\WINDOWS\system32\sdkzh.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D63BF9-2570-4DF1-80E6-3403C19AAAC5}: NameServer = 216.234.97.2 216.234.97.3
     
  7. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: Hijackthis Log (I know im infected)

    Should I keep posting new logs when I reboot? Im not sure if anything is changing while I have been waiting.
     
  8. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    HijackThis Log Inside I need help please

    I need help please. I have been waiting for 4 days. I made this post because my old one wasnt getting any replys. I know you guys are really busy, but if you get a chance help would be greatly appreciated. Thank you for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:58:34 PM, on 7/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\winsp32.exe
    C:\WINDOWS\system32\sdkzh.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis1977[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tfrxs.dll/sp.html#12802
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tfrxs.dll/index.html#12802
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tfrxs.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tfrxs.dll/sp.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tfrxs.dll/index.html#12802
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tfrxs.dll/sp.html#12802
    O2 - BHO: (no name) - {E570DCA4-C521-2B7F-EB9D-E2F8DD25DF6B} - C:\WINDOWS\winoz32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sdkzh.exe] C:\WINDOWS\system32\sdkzh.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D63BF9-2570-4DF1-80E6-3403C19AAAC5}: NameServer = 216.234.97.2 216.234.97.3
     
  9. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: HijackThis Log Inside I need help please

    A little help please anyone? :( I know you guys are really busy but alot of people have been helped before me and I have been waiting since the 2nd. Click here if you dont belive me. I stared this topic because no one was responding to the other one. Dont get me wrong im not complaining, you guys offer this for free and you dont even get payed. Just when someone gets the chance I little help would be appreciated. Thank you again for your time.
     
  10. Chris_Raska

    Chris_Raska Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    27
    Re: HijackThis Log Inside I need help please

    I have been waiting 5 days... :'(
     
  11. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    Re: HijackThis Log Inside I need help please

    For that one - I think you could try http://www.pchell.com/support/onlythebest.shtml

    after that run Adaware:
    -----
    Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
    After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.
    Now do the following:
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."

    Press "Scan Now"
    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"

    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware, and reboot.
    ----
    if still no satisfaction - post back with a log
     
Thread Status:
Not open for further replies.