home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Security and Privacy Issues
Please help me with this Hijack Please help me with this Hijack
Join TechIMO for Free!
Register Blogs FAQ Members List Calendar Search Today's Posts Mark Forums Read
Reply Get bargains at  »  Dealighted.com
 
Thread Tools
Currently Active Users: 1846
Discussions: 188,470, Posts: 2,244,174, Members: 232,724
Old April 1st, 2005, 10:06 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Apr 2005
Posts: 1
Please help me with this Hijack
This is my Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:33:48 PM, on 4/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MFCKI.EXE
C:\WINDOWS\IPFB32.EXE
C:\WINDOWS\SYSTEM\D3CG32.EXE
C:\WINDOWS\MFCWU.EXE
C:\WINDOWS\SYSTEM\SYSBW32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\ADDWE.EXE
C:\WINDOWS\ATLLU32.EXE
C:\WINDOWS\SYSWY.EXE
C:\WINDOWS\ADDBG.EXE
C:\WINDOWS\SYSTEM\D3GF.EXE
C:\WINDOWS\SYSTEM\ADDIQ32.EXE
C:\WINDOWS\MFCAG32.EXE
C:\WINDOWS\APPXB.EXE
C:\WINDOWS\SDKDQ32.EXE
C:\WINDOWS\SYSTEM\ATLHO.EXE
C:\WINDOWS\ADDYX32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\DELETESATELLITE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\SCHEDULER DAEMON.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROTECTOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PRIVACY CONTROL CENTER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:7212
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Class - {5D04D4AD-FEBB-3BE2-CE5A-DA41BFA2F067} - C:\WINDOWS\IEWP.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MFCKI.EXE] C:\WINDOWS\SYSTEM\MFCKI.EXE /s
O4 - HKLM\..\RunServices: [IPFB32.EXE] C:\WINDOWS\IPFB32.EXE /s
O4 - HKLM\..\RunServices: [D3CG32.EXE] C:\WINDOWS\SYSTEM\D3CG32.EXE /s
O4 - HKLM\..\RunServices: [MFCWU.EXE] C:\WINDOWS\MFCWU.EXE /s
O4 - HKLM\..\RunServices: [SYSBW32.EXE] C:\WINDOWS\SYSTEM\SYSBW32.EXE /s
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [ADDWE.EXE] C:\WINDOWS\SYSTEM\ADDWE.EXE /s
O4 - HKLM\..\RunServices: [ATLLU32.EXE] C:\WINDOWS\ATLLU32.EXE /s
O4 - HKLM\..\RunServices: [SYSWY.EXE] C:\WINDOWS\SYSWY.EXE /s
O4 - HKLM\..\RunServices: [ADDBG.EXE] C:\WINDOWS\ADDBG.EXE /s
O4 - HKLM\..\RunServices: [D3GF.EXE] C:\WINDOWS\SYSTEM\D3GF.EXE /s
O4 - HKLM\..\RunServices: [ADDIQ32.EXE] C:\WINDOWS\SYSTEM\ADDIQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCAG32.EXE] C:\WINDOWS\MFCAG32.EXE /s
O4 - HKLM\..\RunServices: [APPXB.EXE] C:\WINDOWS\APPXB.EXE /s
O4 - HKLM\..\RunServices: [SDKDQ32.EXE] C:\WINDOWS\SDKDQ32.EXE /s
O4 - HKLM\..\RunServices: [ATLHO.EXE] C:\WINDOWS\SYSTEM\ATLHO.EXE /s
O4 - HKLM\..\RunServices: [ADDYX32.EXE] C:\WINDOWS\ADDYX32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe" nowait
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\GhostSurf 2005\Protector.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB
fluffhead001 is offline   Reply With Quote
Old April 1st, 2005, 10:09 PM     #2 (permalink)
Ultimate Member
 
Undeadlord's Avatar
 
Join Date: Oct 2001
Location: Philadelphia, PA
Posts: 1,542
Send a message via ICQ to Undeadlord Send a message via AIM to Undeadlord Send a message via Yahoo to Undeadlord
Run that log file through the page here
http://www.hijackthis.de/index.php?langselect=english

It will give you a good idea of whats good and whats not.

I did it and you have quite a few Nasty things showing up, this should help you get rid of them.


Undeadlord
__________________
"Mercy for the guilty is treason to the innocent"

Undeadlord is offline   Reply With Quote
Old April 1st, 2005, 10:43 PM     #3 (permalink)
Ultimate Member
 
Join Date: Oct 2001
Posts: 10,821
I think first Id make sure I had ran adaware SE and spybotS&D...both of which you can get at www.majorgeeks.com under "spyware tools"

also a great new one..stronger than those two is one called adwareaway http://www.adwareaway.com/ it is supposed to cost $$$ but you can download it for free and it'll work like 5 days or something (all you need it to do is work one day though, lol)

JP
__________________
"Even a fool is thought to be wise if he is silent"

John Prophet is offline   Reply With Quote
Reply

« Identity theft: inescapable | Computer at work needs help BAD! »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
HiJack galehickey General Tech Discussion 4 March 30th, 2005 01:58 PM
Restricted sites. soulja General Tech Discussion 98 September 12th, 2003 03:18 PM
Raid0 Help... JäX Storage Related 10 January 11th, 2003 12:02 PM
Plane Hijack Foiled shahani IMO Community 20 November 18th, 2002 01:12 PM
Ad-Aware has picked up something new... crazyray General Tech Discussion 6 May 2nd, 2002 04:13 PM

Most Active Discussions
Is It Just Me? (2999)
"mastermind" of London at.. (65)
Intel Pentium 4 531 (7)
Please don't divorce us (40)
AMD Phenom II X4 940 Black Edition (11)
nVidia GTX 295 now available (21)
Replacing integrated video card (5)
Folderchat Weekday thread (458)
building a gaming computer, input p.. (14)
Recent Discussions
canon eos20d problem (1)
I cant sign into msn messenger,.. (8)
nVidia GTX 295 now available (21)
Folderchat Weekday thread (458)
Could I run this set-up (15)
Bought the Visiontek Radeon 387.. (1)
CPU Overheating ?? (18)
Computer will not boot(powers o.. (2)
*TechIMO's Top 30 PCs* (44)
Blackberry Storm, Gears of War .. (2)
Core 2 Quad Q9550 system (3)
COWBOOM Ripoff! Used Laptop w/$.. (4)


All times are GMT -4. The time now is 06:54 AM.
TechIMO Copyright 2008 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings and Reviews - Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28