look at my log please

Discussion in 'other security issues & news' started by randy70, Jul 30, 2004.

Thread Status:
Not open for further replies.
  1. randy70

    randy70 Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    1
    having many problems with my computer. if someone could, please check this out and tell me what you think.


    Logfile of HijackThis v1.97.7
    Scan saved at 8:57:43 AM, on 7/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\zqoznym.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Documents and Settings\Supervisor\Application Data\ttuh.exe
    C:\WINDOWS\System32\oseidu.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    h:\WINTAM\Homebase.exe
    C:\WINDOWS\system32\ntvdm.exe
    h:\WINTAM\clntfile.exe
    C:\WINDOWS\System32\Vxy5Dv7.exe
    C:\WINDOWS\System32\Vsn3.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Supervisor\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {69F81E26-E141-2FC4-8B24-665504D52C1E} - C:\WINDOWS\System32\usseh.dll
    O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1423.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\defscangui.exe -k
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Avczm.exe
    O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [fkzvvwjbyfi] C:\WINDOWS\System32\zqoznym.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Supervisor\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Toaswmit] C:\WINDOWS\System32\oseidu.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: LOGON.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: SideFind (HKLM)
    O9 - Extra button: Erotic (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Unknown file in Winsock LSP: c:\windows\system32\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\asiclayer.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Unknown file in Winsock LSP: c:\windows\system32\asiclayer.dll
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - http://testweb1.cnasurety.com/secure/Codebase/FormCtl.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {24398DF1-FC43-419A-B2FC-5AADE1AA9FD7} - http://testweb1.cnasurety.com/secure/codebase/imagebmp.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exe
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - https://www1.foragentsonly.com/internaluse/installfromtheweb2/IFTW_client/iftwclix.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31c8c228f30dc50c0e18/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs1b.instantservice.com/jars/customerxsigned35.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
    O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccessXP1040.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=2003339
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitthepros03/foxsports/wtinst.cab
    O16 - DPF: {B642F667-0977-495A-AA5B-A32FFBC3FE62} - http://testweb1.cnasurety.com/secure/codebase/imagejpg.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (FormFlowScriptObject Class) - http://testweb1.cnasurety.com/secure/codebase/scriptobject.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_463/webolr/OCX/FlashAX.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} (FormFlow ListBox Control) - http://testweb1.cnasurety.com/secure/codebase/listbox.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Randy,

    Unfortunately....Wilders Security Forum....no longer provides one-on-one HijackThis log analysis and system cleaning services.

    Please visit the below link for further info.

    This link---> Stopping HijackThis Log Cleaning Services!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
Loading...
Thread Status:
Not open for further replies.