[solved]Please check my hijack this log.

Discussion in 'adware, spyware & hijack cleaning' started by rdcahoon, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. rdcahoon

    rdcahoon Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    17
    Computer is having some annoying problems, slow Internet connections, constant freeze ups, etc.. Have and ran Adaware and Spybot but still have some issues. I have posted my log below, any help would be greatly appreciated.
    Logfile of HijackThis v1.97.7
    Scan saved at 4:38:33 PM, on 7/9/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\PTSNOOP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.worldsex.com
    O1 - Hosts: 64.135.204.60 www.al4a.com
    O1 - Hosts: 64.135.204.60 www.thumbnail-post.com
    O1 - Hosts: 64.135.204.60 www.madthumbs.com
    O1 - Hosts: 64.135.204.60 www.thumbzilla.com
    O1 - Hosts: 64.135.204.60 www.sexocean
    O1 - Hosts: 64.135.204.60 www.sublimedirectory
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 top.darkcollection.com
    O1 - Hosts: 64.135.204.60 top.wild-nymphets.com
    O1 - Hosts: 64.135.204.60 lol.to
    O1 - Hosts: 64.135.204.60 www.cybernymphets.com
    O1 - Hosts: 64.135.204.60 www21.smutserver.com
    O1 - Hosts: 64.135.204.60 www13.smutserver.com
    O1 - Hosts: 64.135.204.60 www.x-x-x-hosting.com
    O1 - Hosts: 64.135.204.60 www22.smutserver.com
    O1 - Hosts: 64.135.204.60 www2.smutserver.com
    O1 - Hosts: 64.135.204.60 www9.kinghost.com
    O1 - Hosts: 64.135.204.60 www.amateursgonebad.com
    O1 - Hosts: 64.135.204.60 www6.kinghost.com
    O1 - Hosts: 64.135.204.60 www8.kinghost.com
    O1 - Hosts: 64.135.204.60 www7.kinghost.com
    O1 - Hosts: 64.135.204.60 www.xfreehosting.com
    O1 - Hosts: 64.135.204.60 www.kinghost.com
    O1 - Hosts: 64.135.204.60 www.smuthosts.com
    O1 - Hosts: 64.135.204.60 www.smutserver.com
    O1 - Hosts: 64.135.204.60 www.xxxvideohost.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] systray.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
    O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37990.2819328704
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    rdcahoon, Jul 9, 2004
    #1
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Please check my hijack this log.

    HI rdcahoon

    First update or download CWShredder to version 1.59.1
    CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
    Use the Fix button and follow the instructions you will receive.

    Other download sites: http://www.net-integration.net/tools/hijackthis.htmlrdcahoon

    Check the following items in HIjackthis - close ALL windows\browsers except Hijackthis and click "Fix checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.worldsex.com
    O1 - Hosts: 64.135.204.60 www.al4a.com
    O1 - Hosts: 64.135.204.60 www.thumbnail-post.com
    O1 - Hosts: 64.135.204.60 www.madthumbs.com
    O1 - Hosts: 64.135.204.60 www.thumbzilla.com
    O1 - Hosts: 64.135.204.60 www.sexocean
    O1 - Hosts: 64.135.204.60 www.sublimedirectory
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 top.darkcollection.com
    O1 - Hosts: 64.135.204.60 top.wild-nymphets.com
    O1 - Hosts: 64.135.204.60 lol.to
    O1 - Hosts: 64.135.204.60 www.cybernymphets.com
    O1 - Hosts: 64.135.204.60 www21.smutserver.com
    O1 - Hosts: 64.135.204.60 www13.smutserver.com
    O1 - Hosts: 64.135.204.60 www.x-x-x-hosting.com
    O1 - Hosts: 64.135.204.60 www22.smutserver.com
    O1 - Hosts: 64.135.204.60 www2.smutserver.com
    O1 - Hosts: 64.135.204.60 www9.kinghost.com
    O1 - Hosts: 64.135.204.60 www.amateursgonebad.com
    O1 - Hosts: 64.135.204.60 www6.kinghost.com
    O1 - Hosts: 64.135.204.60 www8.kinghost.com
    O1 - Hosts: 64.135.204.60 www7.kinghost.com
    O1 - Hosts: 64.135.204.60 www.xfreehosting.com
    O1 - Hosts: 64.135.204.60 www.kinghost.com
    O1 - Hosts: 64.135.204.60 www.smuthosts.com
    O1 - Hosts: 64.135.204.60 www.smutserver.com
    O1 - Hosts: 64.135.204.60 www.xxxvideohost.com

    Then Boot to safe mode: Instructions here

    Delete:
    C:\WINDOWS\search.htm


    Then reboot and use {updated] AdAware as described :
    HERE

    Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

    Problem gone?
     
    Marianna, Jul 9, 2004
    #2
  3. rdcahoon

    rdcahoon Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    17
    Re: Please check my hijack this log.

    Sorry for long response, Thank you very much all seems well for right now...

    Thank you again,
    rdcahoon
     
    rdcahoon, Jul 11, 2004
    #3
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Please check my hijack this log.

    No problem :)

    Thanks for your feedback !

    Happy Safe Computing !
     
    Marianna, Jul 11, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...