my log

Discussion in 'adware, spyware & hijack cleaning' started by ababababa, Mar 27, 2004.

Thread Status:
Not open for further replies.
  1. ababababa

    ababababa Guest

    I just visited Ad-Aware and went through all the steps it identified and was told to post my log here from hijac this.com. If anyone knows the programs i should or should not delete, please let me know, otherwise, thanks for the help! Here is my log:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:54:20 PM, on 3/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Winamp\winampa.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\asgsnzep.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\docume~1\jenna\locals~1\temp\E2kln.exe
    C:\docume~1\jenna\locals~1\temp\RfRIBA.exe
    C:\docume~1\jenna\locals~1\temp\ujZ.exe
    C:\docume~1\jenna\locals~1\temp\7to.exe
    C:\docume~1\jenna\locals~1\temp\4qDk.exe
    C:\docume~1\jenna\locals~1\temp\l04.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\docume~1\jenna\locals~1\temp\5I3Nxc.exe
    C:\docume~1\jenna\locals~1\temp\DGk4.exe
    C:\docume~1\jenna\locals~1\temp\U6kSPX.exe
    C:\Program Files\aim\aim.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Documents and Settings\Jenna\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ucs.att.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    O4 - HKLM\..\Run: [hndkrbpl] C:\WINDOWS\System32\asgsnzep.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DKQXAHN] C:\WINDOWS\DKQXAHN.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [ZGRMWE] C:\WINDOWS\ZGRMWE.exe
    O4 - HKLM\..\Run: [E2kln] C:\docume~1\jenna\locals~1\temp\E2kln.exe
    O4 - HKLM\..\Run: [OVCIP] C:\WINDOWS\OVCIP.exe
    O4 - HKLM\..\Run: [RfRIBA] C:\docume~1\jenna\locals~1\temp\RfRIBA.exe
    O4 - HKLM\..\Run: [DNCGMTZ] C:\WINDOWS\DNCGMTZ.exe
    O4 - HKLM\..\Run: [AKV] C:\WINDOWS\AKV.exe
    O4 - HKLM\..\Run: [ujZ] C:\docume~1\jenna\locals~1\temp\ujZ.exe
    O4 - HKLM\..\Run: [vkdorar] C:\WINDOWS\vkdorar.exe
    O4 - HKLM\..\Run: [atwx] C:\WINDOWS\atwx.exe
    O4 - HKLM\..\Run: [7to] C:\docume~1\jenna\locals~1\temp\7to.exe
    O4 - HKLM\..\Run: [ngr] C:\WINDOWS\ngr.exe
    O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
    O4 - HKLM\..\Run: [tin] C:\WINDOWS\tin.exe
    O4 - HKLM\..\Run: [4qDk] C:\docume~1\jenna\locals~1\temp\4qDk.exe
    O4 - HKLM\..\Run: [l04] C:\docume~1\jenna\locals~1\temp\l04.exe
    O4 - HKLM\..\Run: [yrcpgdwt] C:\WINDOWS\yrcpgdwt.exe
    O4 - HKLM\..\Run: [afid] C:\WINDOWS\afid.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [5I3Nxc] C:\docume~1\jenna\locals~1\temp\5I3Nxc.exe
    O4 - HKLM\..\Run: [DGk4] C:\docume~1\jenna\locals~1\temp\DGk4.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe
    O4 - HKLM\..\Run: [U6kSPX] C:\docume~1\jenna\locals~1\temp\U6kSPX.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Jenna\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: HuntBar (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.ucs.att.net
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clients/y/vtk_x.cab
    O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - http://www.trafficsyndicate.com/TB/Cabs/T_37/toolbar_new.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_12_0.cab

    *if anyone responds, please send your response to my e-mail (joysticksoccer@yahoo.com) because i'm not sure i can get back here!* thanks!
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,448
    Location:
    North Carolina, USA
    Hi ababababa,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder. The program will make backups in the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: comments (such as these) may be inserted on individual

    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    O4 - HKLM\..\Run: [hndkrbpl] C:\WINDOWS\System32\asgsnzep.exe

    O4 - HKLM\..\Run: [DKQXAHN] C:\WINDOWS\DKQXAHN.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [ZGRMWE] C:\WINDOWS\ZGRMWE.exe
    O4 - HKLM\..\Run: [E2kln] C:\docume~1\jenna\locals~1\temp\E2kln.exe
    O4 - HKLM\..\Run: [OVCIP] C:\WINDOWS\OVCIP.exe
    O4 - HKLM\..\Run: [RfRIBA] C:\docume~1\jenna\locals~1\temp\RfRIBA.exe
    O4 - HKLM\..\Run: [DNCGMTZ] C:\WINDOWS\DNCGMTZ.exe
    O4 - HKLM\..\Run: [AKV] C:\WINDOWS\AKV.exe
    O4 - HKLM\..\Run: [ujZ] C:\docume~1\jenna\locals~1\temp\ujZ.exe
    O4 - HKLM\..\Run: [vkdorar] C:\WINDOWS\vkdorar.exe
    O4 - HKLM\..\Run: [atwx] C:\WINDOWS\atwx.exe
    O4 - HKLM\..\Run: [7to] C:\docume~1\jenna\locals~1\temp\7to.exe
    O4 - HKLM\..\Run: [ngr] C:\WINDOWS\ngr.exe
    O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
    O4 - HKLM\..\Run: [tin] C:\WINDOWS\tin.exe
    O4 - HKLM\..\Run: [4qDk] C:\docume~1\jenna\locals~1\temp\4qDk.exe
    O4 - HKLM\..\Run: [l04] C:\docume~1\jenna\locals~1\temp\l04.exe
    O4 - HKLM\..\Run: [yrcpgdwt] C:\WINDOWS\yrcpgdwt.exe
    O4 - HKLM\..\Run: [afid] C:\WINDOWS\afid.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [5I3Nxc] C:\docume~1\jenna\locals~1\temp\5I3Nxc.exe
    O4 - HKLM\..\Run: [DGk4] C:\docume~1\jenna\locals~1\temp\DGk4.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe
    O4 - HKLM\..\Run: [U6kSPX] C:\docume~1\jenna\locals~1\temp\U6kSPX.exe

    O9 - Extra button: HuntBar (HKLM)

    O16 - DPF: {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - http://www.trafficsyndicate.com/TB/Cabs/T_37/toolbar_new.cab

    Download CWShredder and run. Be sure ALL other windows are closed and use the Fix button and follow the instructions you will receive.

    Download McAfee AVERT Stinger and run. If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned. Click the Scan Now button to begin scanning the specified drives/directories.

    Then reboot in Safe Mode and delete the following:

    C:\WINDOWS\mwsvm.exe
    C:\WINDOWS\frsk.exe
    C:\WINDOWS\System32\asgsnzep.exe
    C:\WINDOWS\DKQXAHN.exe
    C:\WINDOWS\System32\bridge.dll
    C:\WINDOWS\ZGRMWE.exe
    C:\WINDOWS\OVCIP.exe
    C:\WINDOWS\DNCGMTZ.exe
    C:\WINDOWS\AKV.exe
    C:\WINDOWS\vkdorar.exe
    C:\WINDOWS\atwx.exe
    C:\WINDOWS\ngr.exe
    C:\WINDOWS\rcj.exe
    C:\WINDOWS\tin.exe
    C:\WINDOWS\yrcpgdwt.exe
    C:\WINDOWS\afid.exe
    C:\WINDOWS\system32\pcs\ <-- entire folder
    C:\WINDOWS\System32\dp-k13w13.exe

    Clean all your temp folders by clicking Start >> Settings >> Control Panel >> Internet Options >> Temporary Internet Files >> Delete Files.

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    You also need to do this please

    As some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    then using windows explorer
    C:\documents & settings\jenna\local settings\temp\

    select everything in the temp folder and delete it all

    as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this

    while in the temp folder, select view and select details.

    then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page.

    select all the files/folders except the today ones and delete them all.
     
Thread Status:
Not open for further replies.