Just the normal checkup

Discussion in 'adware, spyware & hijack cleaning' started by mohara, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. mohara

    mohara Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1
    Hey guys. First I'd like to thank you guys for the help you give to so many people.

    Reason I am posting is because I just would like for you to look over my HJT log and tell me if there's anything wrong. I ran AdAware6 a couple of times and after a couple runs, the scan was clean. I just want to make sure I'm fully clean and I know you guys help in that area. Here's my log:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:13:27 PM, on 6/1/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\LDClient\LOCALSCH.EXE
    C:\WINNT\system32\cba\pds.exe
    C:\LDClient\QIPCLNT.EXE
    C:\LDClient\tmcsvc.exe
    C:\WINNT\INV32CLI.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\System32\QCONSVC.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\suss.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\LDClient\wuser32.exe
    C:\WINNT\system32\cba\xfr.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\LDCLIENT\SDISTHK.EXE
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\tp4serv.exe
    C:\WINNT\LTSMMSG.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\WINNT\System32\RunDll32.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    C:\WINNT\System32\PRPCUI.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\docume~1\mohara\locals~1\temp\nIP.exe
    C:\WINNT\System32\IEHost.exe
    C:\WINNT\System32\hzemdl.exe
    C:\WINNT\System32\qedgsnap.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Sierra\Planner\PLNRnote.exe
    C:\LDClient\SoftMon.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\WINNT\System32\KwhNcUS.exe
    C:\WINNT\System32\BlvC239.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DRIVERS\Cannon\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ghv.com:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ghv.com;<local>
    R3 - Default URLSearchHook is missing
    F1 - win.ini: load=smsrun32.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\LDCLIENT\SDISTHK.EXE
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
    O4 - HKLM\..\Run: [nIP] C:\docume~1\mohara\locals~1\temp\nIP.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
    O4 - HKLM\..\Run: [38Z3MSR3DDD##A] C:\WINNT\System32\Evdl14U6.exe
    O4 - HKLM\..\Run: [akvbbyycr] C:\WINNT\System32\hzemdl.exe
    O4 - HKLM\..\Run: [qp9f36S] qedgsnap.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" "+b1"
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
    O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
    O4 - Global Startup: Software Monitoring.LNK = C:\LDClient\SoftMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab


    I appreciate all your help.

    -Melissa
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi mohara,

    Download and run: http://www.memorywatcher.com/uninst.exe
    The program needs internet access to finish.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
    O4 - HKLM\..\Run: [nIP] C:\docume~1\mohara\locals~1\temp\nIP.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
    O4 - HKLM\..\Run: [38Z3MSR3DDD##A] C:\WINNT\System32\Evdl14U6.exe
    O4 - HKLM\..\Run: [akvbbyycr] C:\WINNT\System32\hzemdl.exe
    O4 - HKLM\..\Run: [qp9f36S] qedgsnap.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab

    Then reboot into safe mode and delete:
    C:\WINNT\System32\IEHost.exe
    C:\PROGRAM FILES\COMET SYSTEMS <= entire folder

    Then (still in safe mode) use the Disk Cleanup Utility to empty all your Temp folder.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.