Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt azizhousecallz


  • Please log in to reply
3 replies to this topic

#1 azizhousecallz

azizhousecallz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 December 2004 - 09:02 PM

this is a copy of my log i have not deleted anything yet please take a look guys and let me know what to dump!

Logfile of HijackThis v1.99.0
Scan saved at 8:36:25 PM, on 12/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [securer] C:\WINDOWS\SYSTEM\SECURER\SYSHOST.EXE
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVDXP32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\HHNT.EXE
O4 - Startup: SMC2802W 54 Mbps WLAN Utility.lnk = C:\Program Files\SMC\SMC2802W 54 Mbps WLAN Utility\SMCUTIL.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38...h-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jum...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.5.30/word...p-ob-assets.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.5.37...o-ob-assets.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pino...e-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:44 AM

Posted 28 December 2004 - 02:32 PM

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.

For a tutorial on how to use HijackThis please see the following link:

Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVDXP32.EXE
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\HHNT.EXE
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\EliteToolBar\
C:\WINDOWS\SYSTEM\KALVDXP32.EXE
C:\WINDOWS\HHNT.EXE


Reboot your computer to go back to normal mode and post a new log.

#3 azizhousecallz

azizhousecallz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 28 December 2004 - 09:13 PM

thanks will get right on it! :thumbsup:

#4 azizhousecallz

azizhousecallz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 28 December 2004 - 10:21 PM

Grinler it looks like it worked. See updated HJT list below:

Logfile of HijackThis v1.99.0
Scan saved at 10:21:27 PM, on 12/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SECURER\SYSHOST.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38...h-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jum...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.5.30/word...p-ob-assets.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.5.37...o-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pino...e-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users