|
|
|
hijackthis log, still can't open pr
|
Original Message
|
Name: Rossi
Date: March 2, 2004 at 11:28:30 Pacific
Subject: hijackthis log, still can't open pr
OS: windows xp
CPU/Ram: pentium 3
|
Comment:
ok. so after using adaware and spybot, some problems got fixed. but i still can't open some of my programs. like notepad and norton antivirus. someone advised me to download hijackthis and post the log here. so here it is:
Logfile of HijackThis v1.97.7
Scan saved at 3:19:27 AM, on 3/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\microencryp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\microencryp.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\LSAS.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Dre Guapo.ROSS\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O1 - Hosts: 69.56.223.196 just.find-itnow.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 qwertysearch123.biz
O1 - Hosts: 69.56.223.196 www.search-space.com
O1 - Hosts: 69.56.223.196 www.windowws.cc
O1 - Hosts: 69.56.223.196 aifind.info
O1 - Hosts: 69.56.223.196 www.find4u.net
O1 - Hosts: 69.56.223.196 find4u.net
O1 - Hosts: 69.56.223.196 www.lookfor.cc
O1 - Hosts: 69.56.223.196 www.008i.com
O1 - Hosts: 69.56.223.196 www.viewpornkey.com
O1 - Hosts: 69.56.223.196 www.hugesearch.net
O1 - Hosts: 69.56.223.196 www.novaf---.com
O1 - Hosts: 69.56.223.196 www.seznam.cz
O1 - Hosts: 69.56.223.196 aifind.cc
O1 - Hosts: 69.56.223.196 www.onet.pl
O1 - Hosts: 69.56.223.196 teenhqpics.com
O1 - Hosts: 69.56.223.196 www.ttjj.com
O1 - Hosts: 69.56.223.196 www.search-dot.com
O1 - Hosts: 69.56.223.196 www.search-and-go.com
O1 - Hosts: 69.56.223.196 www.slotch.com
O1 - Hosts: 69.56.223.196 www.2fastsearch.net
O1 - Hosts: 69.56.223.196 awebfind.biz
O1 - Hosts: 69.56.223.196 www.power-search.info
O1 - Hosts: 69.56.223.196 www.naver.com
O1 - Hosts: 69.56.223.196 www.daum.net
O1 - Hosts: 69.56.223.196 www.ohcorea.com
O1 - Hosts: 69.56.223.196 www.hao123.com
O1 - Hosts: 69.56.223.196 58q.com
O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
O1 - Hosts: 69.56.223.196 www.startium.com
O1 - Hosts: 69.56.223.196 www.gajai.com
O1 - Hosts: 69.56.223.196 www.wazzupnet.com
O1 - Hosts: 69.56.223.196 freshvideogals.com
O1 - Hosts: 69.56.223.196 www.xgmm.com
O1 - Hosts: 69.56.223.196 searchmyrequest.com
O1 - Hosts: 69.56.223.196 yourbookmarks.ws
O1 - Hosts: 69.56.223.196 wmmse.com
O1 - Hosts: 69.56.223.196 link.startmake.com
O1 - Hosts: 69.56.223.196 www.boredlife.com
O1 - Hosts: 69.56.223.196 approvedlinks.com
O1 - Hosts: 69.56.223.196 www.nkvd.us
O1 - Hosts: 69.56.223.196 www.8095.com
O1 - Hosts: 69.56.223.196 www.dreamwiz.com
O1 - Hosts: 69.56.223.196 ie-search.com
O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
O1 - Hosts: 69.56.223.196 search.psn.cn
O1 - Hosts: 69.56.223.196 www.couldnotfind.com
O1 - Hosts: 69.56.223.196 www.iquicksearch.com
O1 - Hosts: 69.56.223.196 1-se.com
O1 - Hosts: 69.56.223.196 www.spidersearch.com
O1 - Hosts: 69.56.223.196 search.ieplugin.com
O1 - Hosts: 69.56.223.196 itseasy.us
O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 69.56.223.196 www.searchxl.com
O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
O1 - Hosts: 69.56.223.196 www.searchforge.com
O1 - Hosts: 69.56.223.196 www.omega-search.com
O1 - Hosts: 69.56.223.196 searchcentrix.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\DREGUA~1.ROS\APPLIC~1\MICROS~1\Office\Excel10.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Configuration Loader] microencryp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Windows Explorer] LSAS.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
O4 - HKLM\..\RunServices: [Configuration Loader] microencryp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37686.2813773148
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4316/mcfscan.cab any help would be greatly appreciated. thanks in advance.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: Wombat
Date: March 2, 2004 at 12:17:27 Pacific
Subject: hijackthis log, still can't open pr |
Reply: (edit)Try posting the HJT log here... www.netrn.net/phpBB2/ Iligitimi non carborundum est
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: MrCharlie
Date: March 2, 2004 at 14:53:11 Pacific
Subject: hijackthis log, still can't open pr |
Reply: (edit)If you are still here, you have aleast two viruses:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html You also have to run CW-Shredder and Spybot to get rid of alot of the junk first.Update Spybot before you run it.
CW-Shredder-Spybot-HJT
Panda ActiveScan-VirusCheck
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: yeto
Date: March 6, 2004 at 00:40:26 Pacific
Subject: hijackthis log, still can't open pr
|
Reply: (edit)hello, I think I ve got the same problem But I also have many " *1.exe "(for example Awf1.exe, Bcj1.exe, Mgn1.exe...) which are created in my C:/......./local setting/temp and run so that my computer is very slow Can you help me please,
with adaware it says that it is dangerous advertisement files (or something like that) but it can't delete them, I must close them by my own and each time others are created and run!
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
|
|
|
