Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with HJT Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 sma4059

sma4059

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 02 May 2004 - 02:59 AM

I need some help please with this log..
Thank you,
SMA


Logfile of HijackThis v1.97.7
Scan saved at 7:20:07 PM, on 5/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\MFCDCDROM\OPTIONACE.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthroug...w.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~2\BHO\BHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_1_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: vc this else - {AEC5BCB3-FF91-50A6-2328-D01D177893F9} - C:\PROGRAM FILES\OKAYSHOWWINDOW\USER DEBUG.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [storemeta] C:\PROGRA~1\MFCDCD~1\optionace.exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: DLHelperEXE.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://jackpotcity.microgaming.com/jac...lashAX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh...wflash.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper...helper.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.c..._1_1_0.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...2702546296
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://poppit24.pogo.com/applet/poppit/...assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/ch...assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw11fd.law11.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu....0.0.8.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://temp40.pogo.com/applet/slots/showbiz2-ob-assets.cab
O16 - DPF: {F1A51F21-59DF-4486-BA31-5B816DA481EB} (FastSeekerToolbar Control) - http://www.fastseeker.com/toolbar/downl...rSetup.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/soli...assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecel...assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenb...assets.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke02.pogo.com/applet/videopo...assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/ch...assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweetto...assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squel...assets.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se...loader.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.1.2...assets.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/s...assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem01.pogo.com/applet/holdem/...assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet/mahjong...assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whack...assets.cab
O16 - DPF: Animal Ark by pogo - http://play06.pogo.com/applet/animal/animal-ob-assets.cab

BC AdBot (Login to Remove)

 


#2 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 02 May 2004 - 09:28 AM

You have Incredimail installed. They have an extremely loose privacy policy. If you care, then you should uninstall the program in Add/Remove programs otherwise you can leave it installed.


I want you to fix some of those entries. Please do the following:

First Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Just fix these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthroug...w.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: vc this else - {AEC5BCB3-FF91-50A6-2328-D01D177893F9} - C:\PROGRAM FILES\OKAYSHOWWINDOW\USER DEBUG.DLL
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - Startup: DLHelperEXE.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://jackpotcity.microgaming.com/jac...lashAX.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper...helper.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu....0.0.8.cab
O16 - DPF: {F1A51F21-59DF-4486-BA31-5B816DA481EB} (FastSeekerToolbar Control) - http://www.fastseeker.com/toolbar/downl...rSetup.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se...loader.cab


Reboot your computer into Safe Mode and delete the following files:

Then delete these
c:\Program Files\AutoUpdate\
c:\windows\DLHelperEXE.exe or c:\windows\system\dlhelperxe.exe

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)

Posted 26 March 2006 - 10:20 AM

Due to inactivity this topic will now be closed.
If you happen to experience any more problems, please start a new topic.

~ Scarlett




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users