Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
This log was taken after I did an "end process" on "ctfmon"...which I always turn off, but can't get rid of. Any help of which stuff to kill would be great. Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 1:54:41 PM, on 11/19/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.exe
C:\WINDOWS.000\SYSTEM\SPOOL32.exe
C:\WINDOWS.000\SYSTEM\MPREXE.exe
C:\WINDOWS.000\SYSTEM\SSDPSRV.exe
C:\WINDOWS.000\SYSTEM\MSTASK.exe
C:\WINDOWS.000\SYSTEM\PTUDFAPP.exe
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\EXPLORER.exe
C:\WINDOWS.000\TASKMON.exe
C:\WINDOWS.000\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.exe
C:\WINDOWS.000\RUNDLL32.exe
C:\WINDOWS.000\STARTER.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS.000\SYSTEM\STIMON.exe
C:\PROGRAM FILES\INTERNETSWEEPER\IS.exe
C:\WINDOWS.000\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.exe
C:\WINDOWS.000\SYSTEM\HPZIPM12.exe
C:\WINDOWS.000\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\WINZIP\WINZIP32.exe
C:\DOWNLOADS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage.com/sp.php
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS.000\SYSTEM\IETie.dll (file missing)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS.000\MSODAN.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [PtUDFApp] C:\WINDOWS.000\SYSTEM\PtUDFApp.exe /T
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.exe
O4 - HKLM\..\Run: [3Deep Control Panel] C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS.000\rundll32.exe C:\WINDOWS.000\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS.000\SYSTEM\bcdetect.exe defer
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [InternetSweeper] C:\Program Files\InternetSweeper\is.exe min
O4 - HKCU\..\Run: [Internet Sweeper Pro] C:\PROGRAM FILES\INTERNETSWEEPER\IS.exe min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS.000\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\couponsandoffers_script0.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03970d1d5ce673135d00/netzip/RdxIE6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.592037037
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
For starters, you can start the cleanup by getting rid of all the R1 and R3 entries unless you recognize the URL at the end of any of them as your homepage or search engine:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage.com/sp.php
R3 - Default URLSearchHook is missingThis one is CWS related:
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS.000\MSODAN.DLLMight want to run CWShredder located Here
0 
Interesting that your Windows directory is .000...apparently there was a botched installation at one time?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
