Logfile of HijackThis v1.97.7

Discussion in 'adware, spyware & hijack cleaning' started by dork on computer, Apr 1, 2004.

Thread Status:
Not open for further replies.
  1. dork on computer

    dork on computer Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    Can somebody please help me with this one. Don't take the chance on crashing the puter on my own! :rolleyes: I've let out some numbers and letters in some lines, but all lines are there almost complete.

    Thanx! :D

    Logfile of HijackThis v1.97.7
    Scan saved at 03:06:32, on 02.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Programfiler\Norton \navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\soundman.exe
    C:\Programfiler\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    G:\Winamp3\winampa.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    C:\WINNT\reg33.exe
    C:\WINNT\dl.exe
    C:\WINNT\dlm.exe
    C:\WINNT\consol32.exe
    C:\InstallSpy\InstallSpy.exe
    C:\Spybot - Search & Destroy\SpybotSD.exe
    C:\Programfiler\ .exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Documents and or hijackthis1977.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://go.microsoft.com/fwlink/?LinkId=374
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\ \NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [WinampAgent] "G:\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [ ] C:\Programfiler\ \sad.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Reg32] C:\WINNT\reg33.exe
    O4 - HKLM\..\Run: [Dial32] C:\WINNT\dl.exe
    O4 - HKLM\..\Run: [Dial33] C:\WINNT\dlm.exe
    O4 - HKLM\..\Run: [Cons] C:\WINNT\consol32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www. /
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.5751388889
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F79860E6-A719-445D-A58B-3CCF75F1F42F}: NameServer = 130 4
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi dork on computer,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder. The program will make backups in the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/

    O4 - HKLM\..\Run: [windows auto update] msblast.exe

    O4 - HKLM\..\Run: [Reg32] C:\WINNT\reg33.exe
    O4 - HKLM\..\Run: [Dial32] C:\WINNT\dl.exe
    O4 - HKLM\..\Run: [Dial33] C:\WINNT\dlm.exe
    O4 - HKLM\..\Run: [Cons] C:\WINNT\consol32.exe

    Download CWShredder and run. Be sure ALL other windows are closed and use the Fix button and follow the instructions you will receive.

    Download McAfee AVERT Stinger and run. If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned. Click the Scan Now button to begin scanning the specified drives/directories.

    Then reboot in Safe Mode and delete the following:

    msblast.exe
    C:\WINNT\reg33.exe
    C:\WINNT\dl.exe
    C:\WINNT\dlm.exe
    C:\WINNT\consol32.exe

    Reboot and then post a fresh HijackThis log.

    The items you erased some info from, I will have to assume you know what all of these are and you know them to be safe.

    Regards,
    Kent
     
  3. dork on computer

    dork on computer Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    Thanx, Kent. :)

    I'll try this now. I'll get back with the new log soon hopefully!

    I just erased the parts where my identity was a bit too obvious. Hopefully they are safe.

    the dork (learning new things every day)
     
Thread Status:
Not open for further replies.