Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - dewlover80


  • This topic is locked This topic is locked
1 reply to this topic

#1 dewlover80

dewlover80

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 September 2004 - 07:56 PM

never works right



Logfile of HijackThis v1.97.7
Scan saved at 8:58:42 PM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\DMI\Win32\Bin\HPTrayIcon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\MSMGT.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MemoryMeter\MemoryMeter.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hxitunopovgxatmuagh.com/_r/SHqH...MHLIvKzR5eU.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\qi4buajt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Default\Application Data\Mozilla\Profiles\default\qi4buajt.slt\prefs.js)
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn1\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {49508E2E-A593-470D-8D15-34F7398E9B06} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: (no name) - {9CBB56DD-A788-1B09-0339-1011AE99A585} - C:\PROGRA~1\PLATFO~1\Type Debug.exe
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [bcray] C:\DOCUME~1\Default\LOCALS~1\Temp\SFX5.tmp\1007\bcray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [dvddebugwaitokay] C:\Documents and Settings\All Users\Application Data\Liteoncedvddebug\plan bird.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MEOW AMEN] C:\PROGRA~1\THEADM~1\Insidejoy.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Default\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:55 AM

Posted 02 September 2004 - 10:11 PM

You are running an outdated version of HJT:
http://www.downloads.subratam.org/hijackthis.zip

First, please put HijackThis in its own folder. It makes backups,
and it is best to keep them all in one place.
  • Click My Computer, then C:\
  • In the menu bar, File->New->Folder.

That will create a folder named New Folder.
  • Right click on the folder and select 'rename'
  • Rename to something like 'HJT' , and put Hijackthis in there.
***********************************************************************

Download and run both of these uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

***********************************************************************


Please downloadSpyBot and Adaware
.

Get the latest versions here:Install, and then verify that they are fully updated.


**********************************************************************


Boot into SAFE MODE by tapping the f8 key during boot up.

Run Spybot. Let it fix everything it finds.

Run Adaware with the following options selected:

  • Configure Ad-aware
    • Click on the Gear-shaped icon at the top to open the Settings window.
    • All of the following settings I mention should be enabled (green checkmark). Some settings cannot be enabled in certain versions of Windows. If a setting I mention is grey and can't be enabled, skip it.
    • General Settings - Automatically save log-file, Automatically quarantine objects prior to removal, and Safe Mode (always request confirmation)
    • Scanning Settings
      • Scan Within Archives
      • Click on 'Click here to select drives + folders' and check next to each hard drive then hit ok.
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
    • Advanced Settings - Enable all four options under 'Log-file Detail level'
    • Tweak Settings
      • Under 'Scanning Engine' - Enable 'Unload recognized processes during scanning', 'Include basic Ad-aware settings in logfile', and 'Include additional Ad-aware settings in logfile'
      • Under ‘Cleaning Engine’ - Enable 'Let Windows remove files in use at next reboot'
    • Click Proceed
  • Click on the 'Start' button in the lower right.

  • Select 'Use custom scanning options', enable 'Activate in-depth scanning', and click Next. The scan will take several minutes to complete. When the scan is complete click Next.

  • Right click on the list of items and click 'Select all items' then click Next. Press Yes to confirm. The detected items are now quarantined.

  • Close Ad-aware

==========================

Reboot, and post a new log. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users