[solved]Please check my hijack this log.

Discussion in 'adware, spyware & hijack cleaning' started by rdcahoon, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. rdcahoon

    rdcahoon Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    17
    Computer is having some annoying problems, slow Internet connections, constant freeze ups, etc.. Have and ran Adaware and Spybot but still have some issues. I have posted my log below, any help would be greatly appreciated.
    Logfile of HijackThis v1.97.7
    Scan saved at 4:38:33 PM, on 7/9/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\PTSNOOP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.worldsex.com
    O1 - Hosts: 64.135.204.60 www.al4a.com
    O1 - Hosts: 64.135.204.60 www.thumbnail-post.com
    O1 - Hosts: 64.135.204.60 www.madthumbs.com
    O1 - Hosts: 64.135.204.60 www.thumbzilla.com
    O1 - Hosts: 64.135.204.60 www.sexocean
    O1 - Hosts: 64.135.204.60 www.sublimedirectory
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 top.darkcollection.com
    O1 - Hosts: 64.135.204.60 top.wild-nymphets.com
    O1 - Hosts: 64.135.204.60 lol.to
    O1 - Hosts: 64.135.204.60 www.cybernymphets.com
    O1 - Hosts: 64.135.204.60 www21.smutserver.com
    O1 - Hosts: 64.135.204.60 www13.smutserver.com
    O1 - Hosts: 64.135.204.60 www.x-x-x-hosting.com
    O1 - Hosts: 64.135.204.60 www22.smutserver.com
    O1 - Hosts: 64.135.204.60 www2.smutserver.com
    O1 - Hosts: 64.135.204.60 www9.kinghost.com
    O1 - Hosts: 64.135.204.60 www.amateursgonebad.com
    O1 - Hosts: 64.135.204.60 www6.kinghost.com
    O1 - Hosts: 64.135.204.60 www8.kinghost.com
    O1 - Hosts: 64.135.204.60 www7.kinghost.com
    O1 - Hosts: 64.135.204.60 www.xfreehosting.com
    O1 - Hosts: 64.135.204.60 www.kinghost.com
    O1 - Hosts: 64.135.204.60 www.smuthosts.com
    O1 - Hosts: 64.135.204.60 www.smutserver.com
    O1 - Hosts: 64.135.204.60 www.xxxvideohost.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] systray.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
    O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37990.2819328704
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Please check my hijack this log.

    HI rdcahoon

    First update or download CWShredder to version 1.59.1
    CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
    Use the Fix button and follow the instructions you will receive.

    Other download sites: http://www.net-integration.net/tools/hijackthis.htmlrdcahoon

    Check the following items in HIjackthis - close ALL windows\browsers except Hijackthis and click "Fix checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.worldsex.com
    O1 - Hosts: 64.135.204.60 www.al4a.com
    O1 - Hosts: 64.135.204.60 www.thumbnail-post.com
    O1 - Hosts: 64.135.204.60 www.madthumbs.com
    O1 - Hosts: 64.135.204.60 www.thumbzilla.com
    O1 - Hosts: 64.135.204.60 www.sexocean
    O1 - Hosts: 64.135.204.60 www.sublimedirectory
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 top.darkcollection.com
    O1 - Hosts: 64.135.204.60 top.wild-nymphets.com
    O1 - Hosts: 64.135.204.60 lol.to
    O1 - Hosts: 64.135.204.60 www.cybernymphets.com
    O1 - Hosts: 64.135.204.60 www21.smutserver.com
    O1 - Hosts: 64.135.204.60 www13.smutserver.com
    O1 - Hosts: 64.135.204.60 www.x-x-x-hosting.com
    O1 - Hosts: 64.135.204.60 www22.smutserver.com
    O1 - Hosts: 64.135.204.60 www2.smutserver.com
    O1 - Hosts: 64.135.204.60 www9.kinghost.com
    O1 - Hosts: 64.135.204.60 www.amateursgonebad.com
    O1 - Hosts: 64.135.204.60 www6.kinghost.com
    O1 - Hosts: 64.135.204.60 www8.kinghost.com
    O1 - Hosts: 64.135.204.60 www7.kinghost.com
    O1 - Hosts: 64.135.204.60 www.xfreehosting.com
    O1 - Hosts: 64.135.204.60 www.kinghost.com
    O1 - Hosts: 64.135.204.60 www.smuthosts.com
    O1 - Hosts: 64.135.204.60 www.smutserver.com
    O1 - Hosts: 64.135.204.60 www.xxxvideohost.com

    Then Boot to safe mode: Instructions here

    Delete:
    C:\WINDOWS\search.htm


    Then reboot and use {updated] AdAware as described :
    HERE

    Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

    Problem gone?
     
  3. rdcahoon

    rdcahoon Registered Member

    Joined:
    Apr 19, 2004
    Posts:
    17
    Re: Please check my hijack this log.

    Sorry for long response, Thank you very much all seems well for right now...

    Thank you again,
    rdcahoon
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Please check my hijack this log.

    No problem :)

    Thanks for your feedback !

    Happy Safe Computing !
     
Thread Status:
Not open for further replies.