 |  |  |  |  |  |  |  |
HijackThis log - need to know what to do next
 |
I have a problem which most people seem to be having about IE not working and other programs in the Start menu (control panel, search,etc...) I downloaded the Hijackthis program and have the log created:
Logfile of HijackThis v1.97.7
Scan saved at 1:31:44 PM, on 4/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JOHN GILDEA\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhUU.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access.lnk = C:\Program Files\Plustek USA\Scanner\TBClass\Bin\TBMenu.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...363.7520949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
What should I do now? Thanks!
-Surfperch1
Logfile of HijackThis v1.97.7
Scan saved at 1:31:44 PM, on 4/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JOHN GILDEA\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhUU.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access.lnk = C:\Program Files\Plustek USA\Scanner\TBClass\Bin\TBMenu.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...363.7520949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
What should I do now? Thanks!
-Surfperch1
•
•
Join Date: Feb 2002
Posts: 898
Reputation: 
Solved Threads: 26
The C# Man, Myth, Legend
Dump These:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhUU.dll
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhUU.dll
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
-Ryan Hoffman
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
•
•
Join Date: Feb 2004
Posts: 9,929
Reputation: 
Solved Threads: 710
This one too
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Did you pay for spysweeper?
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Did you pay for spysweeper?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2002
Posts: 898
Reputation:
Solved Threads: 26
The C# Man, Myth, Legend
Again crunchie, you are wrong. Dumpprep is legit - its actually from Microsoft.
More information here: http://www.liutilities.com/products/...brary/dumprep/
More information here: http://www.liutilities.com/products/...brary/dumprep/
-Ryan Hoffman
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
•
•
Join Date: Feb 2004
Posts: 9,929
Reputation:
Solved Threads: 710
Yep my mistake. Please ignore.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Okay, thanks guys, but what if I deleted that mistake. I didn't know that it was until after a while and you posted that. Is something going to be wrong on the computer now?
•
•
Join Date: Feb 2002
Posts: 898
Reputation:
Solved Threads: 26
The C# Man, Myth, Legend
Nah, you're safe on this one. My XP Pro installation doesn't have this in the startup.
If you're real paranoid, we could tell ya how to restore that one manually ;-).
If you're real paranoid, we could tell ya how to restore that one manually ;-).
-Ryan Hoffman
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
Okay, thanks. I'm not too paranoid if it's not going to harm anything. Another question to this though, is
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
this the actual spysweeper program? Because if it is I don't want to get rid of it. But if I have to I will.
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
this the actual spysweeper program? Because if it is I don't want to get rid of it. But if I have to I will.
btw, here is the new log without the deletion of the
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
Logfile of HijackThis v1.97.7
Scan saved at 11:30:08 AM, on 4/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JOHN GILDEA\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access.lnk = C:\Program Files\Plustek USA\Scanner\TBClass\Bin\TBMenu.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...363.7520949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
Logfile of HijackThis v1.97.7
Scan saved at 11:30:08 AM, on 4/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JOHN GILDEA\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access.lnk = C:\Program Files\Plustek USA\Scanner\TBClass\Bin\TBMenu.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...363.7520949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
|
Similar Threads
- Helping yourself: What to do before starting a new thread or posting a HiJackThis log (Viruses, Spyware and other Nasties)
- Help with HiJackThis log, please (Viruses, Spyware and other Nasties)
- problems with MSIESH.DLL (Viruses, Spyware and other Nasties)
- Another hijackthis log (Viruses, Spyware and other Nasties)
- hijackthis log (Viruses, Spyware and other Nasties)
- Stu's Hijackthis log file. (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: hijack log file
- Next Thread: IE is hijacked by http://th.msie.cc/index.php?aid=20035
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday