hijackthis log

Discussion in 'adware, spyware & hijack cleaning' started by lost14u2find, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. lost14u2find

    lost14u2find Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    2
    Logfile of HijackThis v1.97.7
    Scan saved at 10:54:03 AM, on 7/15/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\slserv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Gateway Utilities\GWInkMonitor.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    C:\PROGRA~1\ISP50\bin\ppshared.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\PROGRA~1\ISP50\dialer\DIALER.EXE
    C:\WINNT\slrundll.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.peoplepc.com/homepage
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINNT\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083548449515
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006_download.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{217ECE6A-81BC-48E4-BCC0-6C16E6FCFBBB}: NameServer = 206.134.133.10 206.134.224.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{217ECE6A-81BC-48E4-BCC0-6C16E6FCFBBB}: NameServer = 206.134.133.10 206.134.224.5
     
    lost14u2find, Jul 15, 2004
    #1
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI lost14u2find

    Download cwshredder here Close all browser windows and click on the fix/next button.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.peoplepc.com/homepage
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [PPCRunonce] C:\WINNT\System32\PPCRunOnce.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <-------optional

    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab

    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binari...thv32_EN_XP.cab

    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} - http://www.xxxtoolbar.com/ist/softw...06_download.cab

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following file IF still present:

    C:\WINNT\System32\PPCRunOnce.exe

    Then reboot and use AdAware as described :
    HERE

    Spybot S&D
    The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

    Install by double-clicking on the downloaded file.
    Run Spybot S&D from desktop icon or Start menu.
    Press "Search for updates" button to get list of updates available.
    Press "Download updates" button.
    Close all IE windows and close & restart Spybot S&D.
    Press "Check for problems" button.
    Have SpyBot remove all it marks in red by pressing "Fix selected problems".

    Close Spybot S&D, reboot your system .

    Then browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.
    Then browse to the C:\Windows\Temp folder and delete all files in it.
    Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Problems gone?
     
    Marianna, Jul 15, 2004
    #2
  3. lost14u2find

    lost14u2find Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    2
    the cwshredder link isn't working
     
    lost14u2find, Jul 17, 2004
    #3
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Marianna, Jul 17, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...