Hijacker

G

Guest

The following hijackthis log was run from my wife's home computer. I have
cleaned all spyware/adware I can find except netspry and winsniffer. Can
someone help me desipher the following:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\ACSD.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\url.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SMC\SMC2802W 54 Mbps WLAN Utility\SMCUTIL.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\default\Local Settings\Temporary Internet
Files\Content.IE5\O1EX0F2L\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} -
C:\PROGRA~1\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -
C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} -
C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} -
C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} -
C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
Support\cpqeadm.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [igfxediag.exe] C:\WINDOWS\System32\igfxediag.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe"
/autorun
O4 - HKLM\..\Run: [XUL] C:\windows\temp\XUL.exe
O4 - HKLM\..\Run: [isveqk] C:\windows\temp\isveqk.exe
O4 - HKLM\..\Run: [5S3742J3JZG5ZN] C:\WINDOWS\System32\Cvj3h1J.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee
AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [vjhwxjblcliz] C:\WINDOWS\System32\ccszcr.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [otolurkr] C:\WINDOWS\otolurkr.exe
O4 - HKLM\..\Run: [jilwzsb] C:\WINDOWS\jilwzsb.exe
O4 - HKLM\..\Run: [lgzqhil] C:\WINDOWS\lgzqhil.exe
O4 - HKLM\..\Run: [hix] C:\WINDOWS\hix.exe
O4 - HKLM\..\Run: [opir] C:\WINDOWS\opir.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] C:\Program
Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [vgj] C:\WINDOWS\vgj.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [igfxediag.exe] C:\WINDOWS\System32\igfxediag.exe
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD
Tools\blengine.exe
O4 - HKCU\..\Run: [Hsee] C:\DOCUME~1\default\Application Data\paie.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintcc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [asycfilt] C:\WINDOWS\System32\asycfilt.exe
O4 - HKCU\..\Run: [vga256] C:\WINDOWS\System32\vga256.exe
O4 - HKCU\..\Run: [lfcmp11n] C:\WINDOWS\System32\lfcmp11n.exe
O4 - HKCU\..\Run: [cpqijsak] C:\WINDOWS\System32\cpqijsak.exe
O4 - HKCU\..\Run: [qtim32] C:\WINDOWS\System32\qtim32.exe
O4 - HKCU\..\Run: [hlink] C:\WINDOWS\System32\hlink.exe
O4 - HKCU\..\Run: [kbdsw] C:\WINDOWS\System32\kbdsw.exe
O4 - HKCU\..\Run: [wshnetbs] C:\WINDOWS\System32\wshnetbs.exe
O4 - HKCU\..\Run: [cdm] C:\WINDOWS\System32\cdm.exe
O4 - HKCU\..\Run: C:\WINDOWS\System32\url.exe O4 - G...edia.com/pub/shockwave/cabs/flash/swflash.cab
 
J

Jason

* Gary said:
The following hijackthis log was run from my wife's home computer. I have
cleaned all spyware/adware I can find except netspry and winsniffer. Can
someone help me desipher the following:
Click to expand...

www.google.com will help.
 
K

kendallitis

i have never heard of either of those spyware/adware
programs before. and i dont think they work because of
whats left in you hijackthis log. let hijackthis remove
all but this :
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
Click to expand...
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-
00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
Click to expand...
Files\Compaq\Easy Access Button
Support\cpqeadm.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla! \Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1 \mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee
AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1 \mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1 \mcafee.com\vso\mcvsshld.exe"
O12 - Plugin for .SWF: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
Click to expand...
flash.cab

i also see some files that look like a virus. i dont
recommend mcafee to anyone. and stopzilla is not friendly
as it allows spyware to be put on your machine with out
your permission.( i would remove it as well with AOL.)
after you have removed these; reboot the computer; then go
to http://www.safer-networking.org/en/download/index.html
to download the latest version of spybot and go to
http://www.lavasoftusa.com/support/download/ to download
th latest version of adaware personal. run them both (one
after the other with updates, you might have to learn how
to use the programs).
then run hijackthis again and see what is left. is there
is, then its probably a virus. use Norton or AVG or ETrust
to remove them.
Good luck.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

computer sending emails 17
Can't reboot-Plz analyze HJT Log 1
netsh.exe popup on startup and task manager is disabled even though im the administrator 2
xlime offeroptimizer and webrebates 1
Windows 7 "Windows cannot find svchost.exe?" 1
Windows XP Windows XP Malware, Please Help. 2
Hijack This Log File, Can Anyone help? 1
I need Serious Help! 4

Top