Help with HiJackthis log

  1. 19-09-2004  #1
    Lindale
    Lindale is offline Newbie

    Help with HiJackthis log

    I am having several problems but first lets get this seen about can you tell me what i need to delete?

    Logfile of HijackThis v1.97.7
    Scan saved at 3:53:18 PM, on 9/19/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\windows\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\tcpsvcs.exe
    C:\windows\system32\slserv.exe
    C:\windows\System32\svchost.exe
    C:\windows\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\windows\Explorer.EXE
    C:\windows\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\program files\internet optimizer\sim\msbb.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\windows\BBSTORE\DSS\DSSAGENT.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ClockSync\Sync.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\windows\system32\cidaemon.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\America Online 9.0a\aolwbspd.exe
    C:\DOCUME~1\Stacy\LOCALS~1\Temp\008780ec.exe
    C:\Documents and Settings\Stacy\Local Settings\Temporary Internet Files\Content.IE5\S9MZ89U1\HijackThis[1].exe
    C:\Documents and Settings\Stacy\Local Settings\Temporary Internet Files\Content.IE5\S9MZ89U1\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-click.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-click.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Stacy\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\windows\nem219.dll (file missing)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\windows\bi.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {68FD405D-E116-1BA4-D350-64550DA9744C} - C:\windows\System32\lbbhabn.dll
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Mike\Application Data\winshow\winshow.dll (file missing)
    O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Mike\Application Data\winlink\winlink.dll (file missing)
    O2 - BHO: (no name) - {6DFB4927-32BE-4185-9A82-C600E8F2A2E8} - C:\windows\System32\ecf.dll (file missing)
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\windows\wsem300.dll (file missing)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\windows\nem218.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [msbb] c:\program files\internet optimizer\sim\msbb.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [DSS] C:\windows\BBSTORE\DSS\DSSAGENT.EXE
    O4 - HKCU\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /A "C:\windows\System32\E_S10C.tmp"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O4 - HKLM\..\RunOnce: [sys1930265] C:\DOCUME~1\Stacy\LOCALS~1\Temp\008780ec.exe delete
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...7/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13555b5ce0632b2...p/RdxIE601.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuch.mht!http://www.n28.net/n001/mt/mt.chm::/...sInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...722.8883796296
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...18/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9772A9D6-F54C-4163-B5F3-1F996CCA6BF9}: NameServer = 205.188.146.146

  3. 19-09-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    Please post your log HERE We have a forum for problems such as this

    Also your version of HJT is old, the new version is 1.98.2
    Last edited by Bear; 19-09-2004 at 08:29 PM.
+ Reply to Thread
« Windows XP Home Logoff | XP File Encryption Dysfunction »