home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Security and Privacy Issues
Please help me with this Hijack Please help me with this Hijack
Ask a Tech Support Question (free)!

Please help me with this Hijack

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 1537
Discussions: 200,506, Posts: 2,374,394, Members: 245,830
Old April 1st, 2005, 10:06 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Apr 2005
Posts: 1
Please help me with this Hijack
This is my Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:33:48 PM, on 4/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MFCKI.EXE
C:\WINDOWS\IPFB32.EXE
C:\WINDOWS\SYSTEM\D3CG32.EXE
C:\WINDOWS\MFCWU.EXE
C:\WINDOWS\SYSTEM\SYSBW32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\ADDWE.EXE
C:\WINDOWS\ATLLU32.EXE
C:\WINDOWS\SYSWY.EXE
C:\WINDOWS\ADDBG.EXE
C:\WINDOWS\SYSTEM\D3GF.EXE
C:\WINDOWS\SYSTEM\ADDIQ32.EXE
C:\WINDOWS\MFCAG32.EXE
C:\WINDOWS\APPXB.EXE
C:\WINDOWS\SDKDQ32.EXE
C:\WINDOWS\SYSTEM\ATLHO.EXE
C:\WINDOWS\ADDYX32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\DELETESATELLITE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\SCHEDULER DAEMON.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROTECTOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PRIVACY CONTROL CENTER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:7212
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Class - {5D04D4AD-FEBB-3BE2-CE5A-DA41BFA2F067} - C:\WINDOWS\IEWP.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MFCKI.EXE] C:\WINDOWS\SYSTEM\MFCKI.EXE /s
O4 - HKLM\..\RunServices: [IPFB32.EXE] C:\WINDOWS\IPFB32.EXE /s
O4 - HKLM\..\RunServices: [D3CG32.EXE] C:\WINDOWS\SYSTEM\D3CG32.EXE /s
O4 - HKLM\..\RunServices: [MFCWU.EXE] C:\WINDOWS\MFCWU.EXE /s
O4 - HKLM\..\RunServices: [SYSBW32.EXE] C:\WINDOWS\SYSTEM\SYSBW32.EXE /s
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [ADDWE.EXE] C:\WINDOWS\SYSTEM\ADDWE.EXE /s
O4 - HKLM\..\RunServices: [ATLLU32.EXE] C:\WINDOWS\ATLLU32.EXE /s
O4 - HKLM\..\RunServices: [SYSWY.EXE] C:\WINDOWS\SYSWY.EXE /s
O4 - HKLM\..\RunServices: [ADDBG.EXE] C:\WINDOWS\ADDBG.EXE /s
O4 - HKLM\..\RunServices: [D3GF.EXE] C:\WINDOWS\SYSTEM\D3GF.EXE /s
O4 - HKLM\..\RunServices: [ADDIQ32.EXE] C:\WINDOWS\SYSTEM\ADDIQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCAG32.EXE] C:\WINDOWS\MFCAG32.EXE /s
O4 - HKLM\..\RunServices: [APPXB.EXE] C:\WINDOWS\APPXB.EXE /s
O4 - HKLM\..\RunServices: [SDKDQ32.EXE] C:\WINDOWS\SDKDQ32.EXE /s
O4 - HKLM\..\RunServices: [ATLHO.EXE] C:\WINDOWS\SYSTEM\ATLHO.EXE /s
O4 - HKLM\..\RunServices: [ADDYX32.EXE] C:\WINDOWS\ADDYX32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe" nowait
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\GhostSurf 2005\Protector.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB
fluffhead001 is offline   Reply With Quote
Old April 1st, 2005, 10:09 PM     #2 (permalink)
Ultimate Member
 
Undeadlord's Avatar
 
Join Date: Oct 2001
Location: Philadelphia, PA
Posts: 1,548
Send a message via ICQ to Undeadlord Send a message via AIM to Undeadlord Send a message via Yahoo to Undeadlord
Run that log file through the page here
http://www.hijackthis.de/index.php?langselect=english

It will give you a good idea of whats good and whats not.

I did it and you have quite a few Nasty things showing up, this should help you get rid of them.


Undeadlord
__________________
"Mercy for the guilty is treason to the innocent"
Undeadlord is offline   Reply With Quote
Old April 1st, 2005, 10:43 PM     #3 (permalink)
Ultimate Member
 
Join Date: Oct 2001
Posts: 10,821
I think first Id make sure I had ran adaware SE and spybotS&D...both of which you can get at www.majorgeeks.com under "spyware tools"

also a great new one..stronger than those two is one called adwareaway http://www.adwareaway.com/ it is supposed to cost $$$ but you can download it for free and it'll work like 5 days or something (all you need it to do is work one day though, lol)

JP
__________________
"Even a fool is thought to be wise if he is silent"
John Prophet is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
HiJack galehickey General Tech Discussion 4 March 30th, 2005 01:58 PM
Restricted sites. soulja General Tech Discussion 98 September 12th, 2003 03:18 PM
Raid0 Help... JäX Storage Related 10 January 11th, 2003 12:02 PM
Plane Hijack Foiled shahani IMO Community 20 November 18th, 2002 01:12 PM
Ad-Aware has picked up something new... crazyray General Tech Discussion 6 May 2nd, 2002 04:13 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (1635)
Review My Build (5)
FT HOOD attack: 7 killed 12 injured (66)
HELP!!! What do you think of this s.. (16)
Looking for a graphic card that wil.. (30)
Assosiations (21496)
My 1st pc build (40)
Aero in Vista (7)
PC Modern Warfare 2: it's much wors.. (12)
core i7 extreme 975, nvidia 9400gt (9)
How to Ship a PC (16)
Building my first computer (13)
slaving laptop drive (7)
[F@H SPAM 11/1/09]New month . . . n.. (33)
Recent Discussions
FAT32 to NTFS file system in Win2kpro (3)
Motherboards and my curse... (25)
Review My Build (5)
HELP!!! What do you think of this sys.. (16)
New Processor, Monitor will not turn .. (2)
2009 Build (4)
Internet very slow since updating AVG.. (7)
My 1st pc build (40)
Freezing During Music/Movies (1)
Windows Experience Index is screwed u.. (2)
ext. sound card laptop to stereo syst.. (2)
Remote Desktop via SSH and error mess.. (2)
Help and Support disappeared from my .. (0)
[F@H SPAM 11/1/09]New month . . . new.. (33)
Basic applications needed for "r.. (1)
core i7 extreme 975, nvidia 9400gt (9)
hard drive problem (2)
Win7 TrustedInstaller Permissions (2)
Speed up Win 7 boot time a bit (1)
Hard Drive test program (2)
wireless westell versalink model 327w (1)
New build 10 second reboot cycle! Won.. (3)
New Linksys Routers (2)
sometime power/Amber light (0)
Mic won't work. (2)


All times are GMT -4. The time now is 03:12 AM.
TechIMO Copyright 2008 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings and Reviews - Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28