HiJack this log

  1. 17-11-2004  #1
    littlebrownie
    littlebrownie is offline Newbie

    HiJack this log

    I would be very greatful if you could help me decipher this log, as my browser is being redirected to some very hardcore porn , and I'd really prefer it not to do this!!!

    Many thanks!
    D

    Logfile of HijackThis v1.98.2
    Scan saved at 15:13:38, on 17/11/2004
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Altiris\AClient\AClient.exe
    C:\WINNT\System32\ati2plab.exe
    C:\WINNT\CPQDIAG\CPQDFWAG.EXE
    C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\Promon.exe
    C:\WINNT\System32\ltmsg.exe
    C:\WINNT\System32\Atiptaxx.exe
    C:\Program Files\Compaq\HotKey Software\hkss.exe
    C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe
    C:\PROGRA~1\Compaq\Security\Secure32.exe
    C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
    C:\WINNT\System32\PRPCUI.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINNT\System32\teekids.exe
    C:\WINNT\System32\mslaugh.exe
    C:\WINNT\System32\Wmplayer.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.totalise.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe
    O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe
    O4 - HKLM\..\Run: [Compaq Computer Security] C:\PROGRA~1\Compaq\Security\Secure32.exe
    O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    O4 - HKLM\..\Run: [Windows Media Player] Wmplayer.exe
    O4 - HKLM\..\RunServices: [Windows Media Player] Wmplayer.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DELDIR0.EX E" "C:\Program Files\McAfee\McAfee Shared Components\Central"
    O4 - HKCU\..\Run: [Windows Media Player] Wmplayer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/...2/ComCtl32.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/consumer/p...baxuiph530.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...4/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...21/mcgdmgr.cab

  3. 20-11-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    O4 - HKLM\..\Run: [Windows Media Player] Wmplayer.exe
    O4 - HKLM\..\RunServices: [Windows Media Player] Wmplayer.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\WINNT\System32\teekids.exe
    C:\WINNT\System32\mslaugh.exe
    C:\WINNT\System32\Wmplayer.exe

    Reboot into normal mode

    Get to Windows Update (http://windowsupdate.microsoft.com) ASAP. You are three Windows 2000 Service Packs behind and you are running an outdated and unstable version of IE (Internet Explorer v5.00). You need Internet Explorer 6, available at Windows Update.

    Reboot and post a fresh log
+ Reply to Thread
« I have been hijacked by a BHO and i can't get rid of it!!! | TROJAN HORSE can't get rid!!! please help!! »