 |  |  |  |  |  |  |  |
HijackThis
 |
Can someone tell me what I should fix and what I should leave alone?
Thanks,
BuddyB
Logfile of HijackThis v1.97.7
Scan saved at 7:34:04 AM, on 3/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\regsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\WINDOWS.000\system32\stisvc.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\Olympus\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\SMARTDSK\FLASH\SDSTAT.exe
C:\WINDOWS.000\system32\ntvdm.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS.000\explorer.exe
D:\My Download Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\SMARTDSK\FLASH\SDSTAT.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...986.6066782407
O16 - DPF: {B7BCF6D1-6EF6-11D2-97A1-0000C0EAE6E4} (Sausage Software Installer/Uninstaller) - http://autodownload.sausage.com/Installer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EC1AFAB0-2FEB-11D2-9777-0000C0EAE6E4} (Sausage Software Autodownloader) - http://autodownload.sausage.com/IEAutoDL.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
Thanks,
BuddyB
Logfile of HijackThis v1.97.7
Scan saved at 7:34:04 AM, on 3/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\regsvc.exe
C:\WINDOWS.000\system32\MSTask.exe
C:\WINDOWS.000\system32\stisvc.exe
C:\WINDOWS.000\System32\WBEM\WinMgmt.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\Olympus\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\SMARTDSK\FLASH\SDSTAT.exe
C:\WINDOWS.000\system32\ntvdm.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS.000\explorer.exe
D:\My Download Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\SMARTDSK\FLASH\SDSTAT.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...986.6066782407
O16 - DPF: {B7BCF6D1-6EF6-11D2-97A1-0000C0EAE6E4} (Sausage Software Installer/Uninstaller) - http://autodownload.sausage.com/Installer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EC1AFAB0-2FEB-11D2-9777-0000C0EAE6E4} (Sausage Software Autodownloader) - http://autodownload.sausage.com/IEAutoDL.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
•
•
Join Date: Aug 2003
Posts: 9,796
Reputation: 
Solved Threads: 512
You can fix all or any of these .make sure to close all window programs and IE browsers before fixing .
If you didn't put this in you host file you can fix it .
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
this one is releated to ebay toolbar ,you can remove it
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
I would go to control panel ,add/removeprograms and uninstall this as it is not needed .
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
you can saftely fix any of the 016's as they will come back when you go to the site again ,most are no problem the one above should be fixed .
After you fix them reboot the computer and post a fresh log .
still checking on this one .
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
EDIT : safe to fix above R0
If you didn't put this in you host file you can fix it .
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
this one is releated to ebay toolbar ,you can remove it
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
I would go to control panel ,add/removeprograms and uninstall this as it is not needed .
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS.000\SYSTEM\P2P NETWORKING\P2P
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
you can saftely fix any of the 016's as they will come back when you go to the site again ,most are no problem the one above should be fixed .
After you fix them reboot the computer and post a fresh log .
still checking on this one .
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
EDIT : safe to fix above R0
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
•
•
Join Date: Aug 2003
Posts: 9,796
Reputation:
Solved Threads: 512
post a new log after you fix and reboot computer if you wish
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
|
Similar Threads
- hijackthis log... what to delete?? (Viruses, Spyware and other Nasties)
- this is my first time using hijackthis (Windows NT / 2000 / XP)
- HiJackThis (Windows NT / 2000 / XP)
- HijackThis Log (Viruses, Spyware and other Nasties)
- HiJackThis! Results - need assistance. (Viruses, Spyware and other Nasties)
- HiJackThis-log for viewing - please help :-) (Viruses, Spyware and other Nasties)
- HijackThis Log Help (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: I've been HiJacked
- Next Thread: Downloader-EV Virus HELP!
Views: 6562 | Replies: 3
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware antivirus apple audio avg botnet botnets censorship combofix commercial commercials conficker crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit explorer facebook fancheckvirus firefox gaming gtaiv gumblar halloween herss.exe hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news norton obama onlinethreats paedophile panel patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
