Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > HiJackThis log - help!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

HiJackThis log - help!

Reply to Message Icon

Name: magicdog
Date: January 30, 2004 at 04:39:33 Pacific
OS: Win98SE
CPU/Ram: PII 233/256mb
Comment:

I am having a problem with a trojan or dialler or something.
I've run AdAware, Spybot, SpyWareGuard, SpySweeper, SpyRemover and CWShredder but it's still in the system.

I have run HiJackThis and enclose the log for an expert to look at:

Logfile of HijackThis v1.97.7
Scan saved at 12:29:46 PM, on 1/30/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\STARTER.exe
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\B'S CLIP\BSCLIP.exe
C:\PROGRAM FILES\CRICK SOFTWARE\USB KEYS2\USBKEYS.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.exe
C:\WINDOWS\RUNDLL32.exe
E:\ANTI-SPYWARE\HIJACKTHIS\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [USBKeys] C:\Program Files\Crick Software\USB Keys2\\USBKeys.exe -winstartup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.ichat.com/custom/nativeclient/msichat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/en_US/DjVuControl.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {4C759EC6-96BD-4551-A320-E61A1D68437F} - http://toolbar.globalwebsearch.com/toolbar/gws.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial4/058729uk.exe
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab

TIA



Sponsored Link
Ads by Google

Response Number 1
Name: Bob (by BigBob)
Date: January 30, 2004 at 06:37:58 Pacific
Reply:

Looks Like the global web search try this site for removal
GLOBAL


0

Response Number 2
Name: magicdog
Date: January 30, 2004 at 16:24:21 Pacific
Reply:

Thanks for the reply BigBob

I've tried it and it didn't work (I even ran the uninstaller in safe mode).

Any other ideas?

TIA


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


HijackThis NOTEPAD MEDIAL... trustworthy spyware remov...



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: HiJackThis log - help!
Hijackthis log HELP www.computing.net/answers/security/hijackthis-log-help/12595.html

hijackthis log help plz. www.computing.net/answers/security/hijackthis-log-help-plz/25381.html

Hijackthis log, HELP !! www.computing.net/answers/security/hijackthis-log-help-/7441.html