Computer ForumsComputers  

Go Back   Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection
Hjt Hjt
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 03-08-2004, 10:18 AM   #1 (permalink)
Newb Techie
 
Join Date: Mar 2004
Posts: 1
Default Hjt
can someone look at my HJT log? thanx.

Logfile of HijackThis v1.97.7
Scan saved at 11:12:15 AM, on 3/8/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WFXSVC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Symantec\WinFax\wfxctl32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul Marcus\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://auto.ie.searchforge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://auto.ie.searchforge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://auto.ie.searchforge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://auto.ie.searchforge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://auto.ie.searchforge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://auto.ie.searchforge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\Paul Marcus\Desktop\AVGNT.EXE /min
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINNT\System32\MSTMON_J.EXE
O4 - HKLM\..\Run: [SSL] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\image.dll,Install
O4 - HKLM\..\RunOnce: [atpanel] regsvr32.exe /s "C:\Program Files\Common Files\Microsoft Shared\Web Folders\pubplace.dll"
O4 - HKLM\..\RunOnce: [nvpdep] regsvr32 /s /u C:\WINDOWS\dnserr.dll
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinFax Application Port Starter.lnk = C:\WINNT\system32\wfxsnt40.exe
O4 - Global Startup: WinFax PRO Controller.lnk = C:\Program Files\Symantec\WinFax\wfxctl32.exe
O4 - Global Startup: winlogon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...828.3424074074
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt
brookbend is offline   Reply With Quote
Old 03-12-2004, 05:36 PM   #2 (permalink)
True Techie
 
Join Date: May 2003
Posts: 221
Default
First you need to run CWs Shredder
Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems

CWShredder takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.

Then post a fresh log please.
mobo is offline   Reply With Quote
Reply

« download problems | website thieves »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 01:38 PM.

Contact Us - Computer Technology Forums - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0

Contact Management Software and AAOutlook