Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

HiJackThis! Results - need assistance.

•

Join Date: Dec 2003

Posts: 1

Reputation: Anomaly is an unknown quantity at this point

Solved Threads: 0

Anomaly

Offline

Newbie Poster

HiJackThis! Results - need assistance.

Dec 29th, 2003

I am not too familiar with the HiJack This! program, and would like someone with experience to instruct me on what is safe to delete:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:05 PM, on 12/29/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\umocvdln.exe
C:\windows\system32\winsvc32.exe
C:\WINDOWS\System32\WLOGF.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nick\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {018F84AF-BF6B-E958-6E8A-D829EA4CCC28} - C:\WINDOWS\system32\uncqwkiz.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {98CF9AF6-17AB-9149-79D1-C8B2EA88C500} - C:\WINDOWS\system32\urcsomtu.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gwwhtwgj] C:\WINDOWS\umocvdln.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [0Service] c:\windows\system32\winsvc32.exe
O4 - HKLM\..\Run: [Wnsck2 driver] WLOGF.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\RunOnce: [Wnsck2 driver] WLOGF.EXE
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Nick\Application Data\DownloadPlus.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: http://www.suprnova.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_401/QDow.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/097e929e79f0d6d...p/RdxIE601.cab
O16 - DPF: {5B9F41D5-E279-41AF-BDB5-41703613DFAC} (corpOffice.xmlRequest) - http://cinet.rentway.com/intranet/EP...corpOffice.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} (Calendar Control 8.0) - http://cinet.rentway.com/intranet/EPCF20/ocx/mscal1.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

•

Join Date: May 2002

Posts: 155

Reputation: Monte will become famous soon enough

Solved Threads: 3

Monte

Offline

Junior Poster

Re: HiJackThis! Results - need assistance.

Dec 30th, 2003

Depends what you wanted deleted bro... I can't help ya unless you tell me what you dont want.

•

Join Date: May 2003

Posts: 865

Reputation: TallCool1 is a jewel in the rough

Solved Threads: 44

TallCool1

Offline

Practically a Posting Shark

Re: HiJackThis! Results - need assistance.

Dec 30th, 2003

Well, besides the obvious virus and syware infestation, not much.

You need to run a virus checker. Grisoft AVG is free.

You need Spybot - Search & Destroy and/or Ad-Aware. Links here.
There's also some programs being run that are not needed.

-- Michael Rudas

How To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.

•

Join Date: Aug 2003

Posts: 9,592

Reputation: caperjack is a splendid one to behold

Solved Threads: 496

caperjack

Offline

Posting Prodigy

Re: HiJackThis! Results - need assistance.

Dec 30th, 2003

•

Originally Posted by Monte

Depends what you wanted deleted bro... I can't help ya unless you tell me what you dont want.

If you know how hijackthis works you should be able to tell them what to remove !

Also I would suggest going to the hijackthis fourm ,more people there who know how to read logs and help you remove the bad stuff ,A few things stick out in the log but i don't know all the bad stuff ,still reading on how to distinguish the good from the bad .
Fourm::: http://forums.spywareinfo.com/index.php?showtopic=23177

info on bad stuff;;;
http://www.spywareinfo.com/bhos/

and more info ;;;;
http://www.spywareinfo.com/~merijn/cwschronicles.html

and search to see if something is bad or good ;;
http://www.sysinfo.org/startuplist.php