Please help with hijack log file......................
Can someone please tell me how to get rid of this virus i have. I have put my hijack log file in, i think i have to uncheck some stuff. Logfile of HijackThis v1. 97. 7 Scan saved at 185856, on 02/02/2004 Platform Windows XP SP1 (WinNT 5.
Can someone please tell me how to get rid of this virus i have. I have put my hijack log file in, i think i have to uncheck some stuff.
Logfile of HijackThis v1.97.7
Scan saved at 185856, on 02/02/2004
Platform Windows XP SP1 (WinNT 5.01.2600)
MSIE Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes
C\WINDOWS\System32\smss.exe
C\WINDOWS\system32\winlogon.exe
C\WINDOWS\system32\services.exe
C\WINDOWS\system32\lsass.exe
C\WINDOWS\system32\svchost.exe
C\WINDOWS\System32\svchost.exe
C\WINDOWS\system32\spoolsv.exe
C\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C\WINDOWS\System32\nvsvc32.exe
C\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C\WINDOWS\Explorer.exe
C\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe
C\Program Files\Common Files\CMEII\CMESys.exe
C\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C\Program Files\ToPicks\Bin\Idhost.exe
C\Program Files\ClearSearch\Loader.exe
C\Program Files\Common Files\Dpi\dpi.exe
C\Program Files\Analog Devices\SoundMAX\SMTray.exe
C\quicktime\quicktime pro v.6.0-full\quicktimeinstaller\qttask.exe
C\WINDOWS\system32\pcs\pcsvc.exe
C\Program Files\Messenger\msmsgs.exe
C\Program Files\Common Files\GMT\GMT.exe
C\Program Files\Internet Explorer\iexplore.exe
C\Documents and Settings\All Users\Documents\AntiVirus\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http//www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http//www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F0 - system.ini Shell=Explorer.exe C\WINDOWS\System32\System32.exe
F2 - REGsystem.ini Shell=Explorer.exe C\WINDOWS\System32\System32.exe
O2 - BHO (no name) - {00000000-0000-0000-0000-000000000240} - C\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4E - (no file)
O2 - BHO (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - C\Program Files\Topicks\Bin\HtCheck2.dll
O2 - BHO myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C\Program Files\ClearSearch\IE_ClrSch.DLL
O3 - Toolbar &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C\Program Files\Topicks\Bin\TpBar.dll
O3 - Toolbar &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run [TIxDSL] C\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run [CMESys] "C\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run [AdaptecDirectCD] "C\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run [ToPicks Starter] C\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run [ClrSchLoader] C\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run [NvCplDaemon] RUNDLL32.EXE C\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run [nwiz] nwiz.exe /install
O4 - HKLM\..\Run [Dpi] C\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run [belt] C\WINDOWS\Belt.exe
O4 - HKLM\..\Run [smapp] C\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run [QuickTime Task] "C\quicktime\quicktime pro v.6.0-full\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run [Pcsv] C\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\RunServices [CMD] cmd32.exe
O4 - HKCU\..\Run [MSMSGS] "C\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce [DELDIR0.EXE] "C\DOCUME~1\NICHOL~1\LOCALS~1\Temp\DELDIR0.EXE" "C\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Global Startup Adobe Gamma Loader.lnk = C\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup GStartup.lnk = C\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup updater.lnk = C\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button Downloads (HKLM)
O9 - Extra button Related (HKLM)
O9 - Extra 'Tools' menuitem Show &Related Links (HKLM)
O12 - Plugin for .spop C\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF START_PAGE_URL=http//www.freeserve.com/
O16 - DPF {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http//www.apple.com/qtactivex/qtplugin.cab
O16 - DPF {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https//components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF {20000273-8230-4DD4-BE4F-6889D1E74167} - http//download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http//212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http//launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http//a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http//www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http//www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C0B2551-E17F-44FE-AA28-1F208C9F98DF} NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C0B2551-E17F-44FE-AA28-1F208C9F98DF} NameServer = 195.92.195.94 195.92.195.95
Logfile of HijackThis v1.97.7
Scan saved at 185856, on 02/02/2004
Platform Windows XP SP1 (WinNT 5.01.2600)
MSIE Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes
C\WINDOWS\System32\smss.exe
C\WINDOWS\system32\winlogon.exe
C\WINDOWS\system32\services.exe
C\WINDOWS\system32\lsass.exe
C\WINDOWS\system32\svchost.exe
C\WINDOWS\System32\svchost.exe
C\WINDOWS\system32\spoolsv.exe
C\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C\WINDOWS\System32\nvsvc32.exe
C\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C\WINDOWS\Explorer.exe
C\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe
C\Program Files\Common Files\CMEII\CMESys.exe
C\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C\Program Files\ToPicks\Bin\Idhost.exe
C\Program Files\ClearSearch\Loader.exe
C\Program Files\Common Files\Dpi\dpi.exe
C\Program Files\Analog Devices\SoundMAX\SMTray.exe
C\quicktime\quicktime pro v.6.0-full\quicktimeinstaller\qttask.exe
C\WINDOWS\system32\pcs\pcsvc.exe
C\Program Files\Messenger\msmsgs.exe
C\Program Files\Common Files\GMT\GMT.exe
C\Program Files\Internet Explorer\iexplore.exe
C\Documents and Settings\All Users\Documents\AntiVirus\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http//www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http//www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F0 - system.ini Shell=Explorer.exe C\WINDOWS\System32\System32.exe
F2 - REGsystem.ini Shell=Explorer.exe C\WINDOWS\System32\System32.exe
O2 - BHO (no name) - {00000000-0000-0000-0000-000000000240} - C\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4E - (no file)
O2 - BHO (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - C\Program Files\Topicks\Bin\HtCheck2.dll
O2 - BHO myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C\Program Files\ClearSearch\IE_ClrSch.DLL
O3 - Toolbar &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C\Program Files\Topicks\Bin\TpBar.dll
O3 - Toolbar &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run [TIxDSL] C\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run [CMESys] "C\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run [AdaptecDirectCD] "C\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run [ToPicks Starter] C\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run [ClrSchLoader] C\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run [NvCplDaemon] RUNDLL32.EXE C\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run [nwiz] nwiz.exe /install
O4 - HKLM\..\Run [Dpi] C\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run [belt] C\WINDOWS\Belt.exe
O4 - HKLM\..\Run [smapp] C\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run [QuickTime Task] "C\quicktime\quicktime pro v.6.0-full\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run [Pcsv] C\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\RunServices [CMD] cmd32.exe
O4 - HKCU\..\Run [MSMSGS] "C\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce [DELDIR0.EXE] "C\DOCUME~1\NICHOL~1\LOCALS~1\Temp\DELDIR0.EXE" "C\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Global Startup Adobe Gamma Loader.lnk = C\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup GStartup.lnk = C\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup updater.lnk = C\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button Downloads (HKLM)
O9 - Extra button Related (HKLM)
O9 - Extra 'Tools' menuitem Show &Related Links (HKLM)
O12 - Plugin for .spop C\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF START_PAGE_URL=http//www.freeserve.com/
O16 - DPF {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http//www.apple.com/qtactivex/qtplugin.cab
O16 - DPF {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https//components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF {20000273-8230-4DD4-BE4F-6889D1E74167} - http//download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http//212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http//launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http//a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http//www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http//www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C0B2551-E17F-44FE-AA28-1F208C9F98DF} NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C0B2551-E17F-44FE-AA28-1F208C9F98DF} NameServer = 195.92.195.94 195.92.195.95
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Unfortunately it is likely System32.exe that is the culprit.
Many viruses create a file like that because it "looks" like a system file.
A quick search of www.sarc.com came up with 14 viruses that created a system32.exe file.
Best bet is to update your antivirus, rescan your computer, note down exactly which virus you have then go to www.sarc.com and find the removal tools for that specific virus (assuming that the antivirus program can't clean it)....
Alternately if you have another machine (with a similar OS) you can go to other machine, update the antivirus, then hook up the hard drive as a secondary drive and scan it.
Many viruses create a file like that because it "looks" like a system file.
A quick search of www.sarc.com came up with 14 viruses that created a system32.exe file.
Best bet is to update your antivirus, rescan your computer, note down exactly which virus you have then go to www.sarc.com and find the removal tools for that specific virus (assuming that the antivirus program can't clean it)....
Alternately if you have another machine (with a similar OS) you can go to other machine, update the antivirus, then hook up the hard drive as a secondary drive and scan it.
Here are your problems.
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) -
See http://pestpatrol.com/pestinfo/d/delfin_media_viewer.asp for information about dpi.exe and pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) -
See http://pestpatrol.com/pestinfo/d/delfin_media_viewer.asp for information about dpi.exe and pcsvc.exe
Can someone please tell me how to get rid of Malvare, CWS Hijack i have. I have put my hijack log file in , i just don't know what to do .
Today I downloaded "Hijack this" , my first time,i could say i'm a starter , can somebody help me?????.
Logfile of HijackThis v1.99.0
Scan saved at 5:44:39 PM, on 1/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\42isi6c43zthd.exe
C:\WINDOWS\System32\tibs3.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Manny\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe
C:\WINDOWS\System32\webvw.exe
C:\DOCUME~1\Manny\LOCALS~1\Temp\Temporary Directory 3 for HijackThis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=33464
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=33464
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\C94DML~1.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\42isi6c43zthd.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MP[censored]e] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKCU\..\Run: [webvw] C:\WINDOWS\System32\webvw.exe
O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Civilization Registration.lnk = E:\ATR1.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - AppInit_DLLs: 9zsfbslmbgdmmt.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
Today I downloaded "Hijack this" , my first time,i could say i'm a starter , can somebody help me?????.
Logfile of HijackThis v1.99.0
Scan saved at 5:44:39 PM, on 1/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\42isi6c43zthd.exe
C:\WINDOWS\System32\tibs3.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Manny\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe
C:\WINDOWS\System32\webvw.exe
C:\DOCUME~1\Manny\LOCALS~1\Temp\Temporary Directory 3 for HijackThis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=33464
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=33464
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\C94DML~1.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\42isi6c43zthd.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MP[censored]e] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKCU\..\Run: [webvw] C:\WINDOWS\System32\webvw.exe
O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Civilization Registration.lnk = E:\ATR1.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - AppInit_DLLs: 9zsfbslmbgdmmt.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
Hope this gets to may24
Personally I stopped using Mcaffee & Norton and all that Spam and spyware killer stuff and just switched to AVG Free. One Free copy per home address. Free updates for life. Auto updates, auto scheduler, email scan, boot scan, catches everything except popups. Then I just set my Security settings in IE and XP SP2 properly and I have no trouble.
We have started recommending this for all our clients as well. If they really like it we recommend they by the Pro version.
Just go to Add remove programs and uninstall all that other junk after you get the AVG and update it and go through all the settings in the Control Center.
Also, remove any programs you don't need but if you are not sure do some research first.
IF you know what you are doing you can search the registry and remove the keys for the stuff that still shows up after you have removed programs and done a complete scan and removed all viruses and trojans and malware, etc.
Don't forget once system is clean you may still have things in the system restore that show up so:
Set system Restore as low as possible and apply to clear it out Then turn it off
Do a complete shut down
Now do another Complete System Scan
If everything checks out turn System Restore Back on.
Hope this helps.
Personally I stopped using Mcaffee & Norton and all that Spam and spyware killer stuff and just switched to AVG Free. One Free copy per home address. Free updates for life. Auto updates, auto scheduler, email scan, boot scan, catches everything except popups. Then I just set my Security settings in IE and XP SP2 properly and I have no trouble.
We have started recommending this for all our clients as well. If they really like it we recommend they by the Pro version.
Just go to Add remove programs and uninstall all that other junk after you get the AVG and update it and go through all the settings in the Control Center.
Also, remove any programs you don't need but if you are not sure do some research first.
IF you know what you are doing you can search the registry and remove the keys for the stuff that still shows up after you have removed programs and done a complete scan and removed all viruses and trojans and malware, etc.
Don't forget once system is clean you may still have things in the system restore that show up so:
Set system Restore as low as possible and apply to clear it out Then turn it off
Do a complete shut down
Now do another Complete System Scan
If everything checks out turn System Restore Back on.
Hope this helps.
Thanks a lot GALINK! .
The first thing I did today was to read your answer and without a doubt I downloaded the antivirus AVG ,i made the scan and it found 30 infected files, some of them were healed others didn't but my home page is once again "GOOGLE" .
Now I'm getting rid of ad-aware personal ,I'll remove it and use this antivirus you recommended,I'm having problems getting the updates for AVG, something about a connection failure ,it says CHECK YOUR INTERNET CONNECTION SETTINGS ,so i'm downloading manually the updates , I guess it's because the firewall of Mcafee antivirus .
I need some advices , thanks in advance .
The first thing I did today was to read your answer and without a doubt I downloaded the antivirus AVG ,i made the scan and it found 30 infected files, some of them were healed others didn't but my home page is once again "GOOGLE" .
Now I'm getting rid of ad-aware personal ,I'll remove it and use this antivirus you recommended,I'm having problems getting the updates for AVG, something about a connection failure ,it says CHECK YOUR INTERNET CONNECTION SETTINGS ,so i'm downloading manually the updates , I guess it's because the firewall of Mcafee antivirus .
I need some advices , thanks in advance .
May24 - so glad it helped
Sorry been really busy haven't been on for a couple of days
The ones it didn't remove can be found by viewing the test details then look to see the full path
You can then go through My Computer and delete those manually
Make sure you have your folder options set to show system and hidden files and file extensions
Personally I would get rid of the Mcaffee altogether and just use the XP firewall it works great with the AVG
But sometimes you have to go to the Control Panel and Services to Stop Mcafee before it will let you remove it
Hoping for the Best.
Sorry been really busy haven't been on for a couple of days
The ones it didn't remove can be found by viewing the test details then look to see the full path
You can then go through My Computer and delete those manually
Make sure you have your folder options set to show system and hidden files and file extensions
Personally I would get rid of the Mcaffee altogether and just use the XP firewall it works great with the AVG
But sometimes you have to go to the Control Panel and Services to Stop Mcafee before it will let you remove it
Hoping for the Best.
