HijackThis Log

B

buddylove2973

Please review this log and let me know what I can delete and what
should stay.

Logfile of HijackThis v1.97.7
Scan saved at 11:46:06 AM, on 5/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\HLS32SVC.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\technesis\enterprise\service\tnSvcNT.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\services\services.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Local Settings\Temp\Temporary Directory 1
for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= res://mshp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
res://mshp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://smbusiness.dellnet.com/
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no
file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no
file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\rundll32 .exe
internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Scanner File Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) -
http://download.overpro.com/WildApp.cab
 
D

Don Varnau

I see a few things that CWShredder should be able to remove. Go to The
Parasite Fight - Quick Fix Protocol:
http://www.aumha.org/a/quickfix.htm Work through the preliminary steps then
post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

They'll advise you as to what to remove.

Don
--
MVP IE/OE
Please reply to the newsgroup so that others may participate.

buddylove2973 said:
Please review this log and let me know what I can delete and what
should stay.

Logfile of HijackThis v1.97.7
Scan saved at 11:46:06 AM, on 5/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
Click to expand...
[snip]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE6 slow and hangs when launched 4
IE searches re directed to Morwill 1
hijacked browser - help!!! 2
unable to load yahoo.com with ie6 7
Search Engine Hijack (qhosts?), HijackThis.log. 3
IE NOT RESPONDING 1
Windows 7 "Windows cannot find svchost.exe?" 1
Browser has been hijacked 5

Top