Logfile Hijack

  1. 05-05-2005  #1
    ddski
    ddski is offline Newbie

    Question Logfile Hijack

    Im having all kinds of problems. Thought I would start with logfile. I first followed your request to run adware. I also defrag. and scan disk but had to do it in safe mode.
    Would appreciate any help I could get.

    Denise


    Logfile of HijackThis v1.99.1
    Scan saved at 1:25:16 PM, on 5/5/2005
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    c:\windows\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\TOSHIBA\MOUSE\TMOUSE.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\WINDOWS\SYSTEM\PSPCCARD.EXE
    C:\WINDOWS\SYSTEM\PWRTRAY.EXE
    C:\WINDOWS\SYSTEM\TESCKEY.EXE
    C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
    C:\WINDOWS\SYSTEM\THOTKEY.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
    C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\DENISE\COMPUTER SECURITY\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/toshiba/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.tradingtutor.com"); (C:\Program Files\Netscape\Users\kerry\prefs.js)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TMOUSE] C:\Toshiba\Mouse\tmouse.exe
    O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
    O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
    O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
    O4 - HKLM\..\Run: [TEscKey] TESCKEY.EXE
    O4 - HKLM\..\Run: [TFunckey] TFUNCKEY.EXE
    O4 - HKLM\..\Run: [THotkey] THotkey.Exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
    O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: ComcastHSI - {8A4C80A4-1926-4A36-9C71-A9E185BD854D} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Help - {390898A0-2910-480A-8A8C-50D5502B151D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: Support - {66396612-95EC-45A5-BA4B-ADDB2E08CEC7} - http://www.comcastsupport.com (file missing) (HKCU)
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030...verContent.cab
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...ivingroom1.xml
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1

  3. 06-05-2005  #2
    HJThis
    HJThis is offline Senior Member
    Hello,ddski & Welcome

    Well here is all that i see in this logfile if anyone thinks
    i miss something say so please.

    & can you till me what is the problem your having.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: ComcastHSI - {8A4C80A4-1926-4A36-9C71-A9E185BD854D} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Help - {390898A0-2910-480A-8A8C-50D5502B151D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: Support - {66396612-95EC-45A5-BA4B-ADDB2E08CEC7} - http://www.comcastsupport.com (file missing) (HKCU)

    Then do a reboot tell us how it gos

    HGD
  4. 06-05-2005  #3
    ddski
    ddski is offline Newbie
    Thanks for your help.
    Can you explain the comment "Please don't PM logfiles?
  5. 06-05-2005  #4
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,ddski

    Well it's to keep anyone, from sending me Private Messages
    asking for help with there HijackThis logfile it's not going to happen.

    HGD
+ Reply to Thread
« I've been hijacked by looking-for.cc | About this again »