home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Security and Privacy Issues
Ask a Tech Support Question (free)!

Please help me with this Hijack

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 2236
Discussions: 200,920, Posts: 2,379,018, Members: 246,286
Old April 1st, 2005, 10:06 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Apr 2005
Posts: 1
Please help me with this Hijack

This is my Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:33:48 PM, on 4/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MFCKI.EXE
C:\WINDOWS\IPFB32.EXE
C:\WINDOWS\SYSTEM\D3CG32.EXE
C:\WINDOWS\MFCWU.EXE
C:\WINDOWS\SYSTEM\SYSBW32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\ADDWE.EXE
C:\WINDOWS\ATLLU32.EXE
C:\WINDOWS\SYSWY.EXE
C:\WINDOWS\ADDBG.EXE
C:\WINDOWS\SYSTEM\D3GF.EXE
C:\WINDOWS\SYSTEM\ADDIQ32.EXE
C:\WINDOWS\MFCAG32.EXE
C:\WINDOWS\APPXB.EXE
C:\WINDOWS\SDKDQ32.EXE
C:\WINDOWS\SYSTEM\ATLHO.EXE
C:\WINDOWS\ADDYX32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\DELETESATELLITE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\SCHEDULER DAEMON.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PROTECTOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GHOSTSURF 2005\PRIVACY CONTROL CENTER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcqsk.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:7212
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Class - {5D04D4AD-FEBB-3BE2-CE5A-DA41BFA2F067} - C:\WINDOWS\IEWP.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MFCKI.EXE] C:\WINDOWS\SYSTEM\MFCKI.EXE /s
O4 - HKLM\..\RunServices: [IPFB32.EXE] C:\WINDOWS\IPFB32.EXE /s
O4 - HKLM\..\RunServices: [D3CG32.EXE] C:\WINDOWS\SYSTEM\D3CG32.EXE /s
O4 - HKLM\..\RunServices: [MFCWU.EXE] C:\WINDOWS\MFCWU.EXE /s
O4 - HKLM\..\RunServices: [SYSBW32.EXE] C:\WINDOWS\SYSTEM\SYSBW32.EXE /s
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [ADDWE.EXE] C:\WINDOWS\SYSTEM\ADDWE.EXE /s
O4 - HKLM\..\RunServices: [ATLLU32.EXE] C:\WINDOWS\ATLLU32.EXE /s
O4 - HKLM\..\RunServices: [SYSWY.EXE] C:\WINDOWS\SYSWY.EXE /s
O4 - HKLM\..\RunServices: [ADDBG.EXE] C:\WINDOWS\ADDBG.EXE /s
O4 - HKLM\..\RunServices: [D3GF.EXE] C:\WINDOWS\SYSTEM\D3GF.EXE /s
O4 - HKLM\..\RunServices: [ADDIQ32.EXE] C:\WINDOWS\SYSTEM\ADDIQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCAG32.EXE] C:\WINDOWS\MFCAG32.EXE /s
O4 - HKLM\..\RunServices: [APPXB.EXE] C:\WINDOWS\APPXB.EXE /s
O4 - HKLM\..\RunServices: [SDKDQ32.EXE] C:\WINDOWS\SDKDQ32.EXE /s
O4 - HKLM\..\RunServices: [ATLHO.EXE] C:\WINDOWS\SYSTEM\ATLHO.EXE /s
O4 - HKLM\..\RunServices: [ADDYX32.EXE] C:\WINDOWS\ADDYX32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\PROGRAM FILES\GHOSTSURF 2005\DeleteSatellite.exe" nowait
O4 - Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\GhostSurf 2005\Protector.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB
fluffhead001 is offline   Reply With Quote
Old April 1st, 2005, 10:09 PM     #2 (permalink)
Ultimate Member
 
Undeadlord's Avatar
 
Join Date: Oct 2001
Location: Philadelphia, PA
Posts: 1,548
Send a message via ICQ to Undeadlord Send a message via AIM to Undeadlord Send a message via Yahoo to Undeadlord
Run that log file through the page here
http://www.hijackthis.de/index.php?langselect=english

It will give you a good idea of whats good and whats not.

I did it and you have quite a few Nasty things showing up, this should help you get rid of them.


Undeadlord
__________________
"Mercy for the guilty is treason to the innocent"
Undeadlord is offline   Reply With Quote
Old April 1st, 2005, 10:43 PM     #3 (permalink)
Ultimate Member
 
Join Date: Oct 2001
Posts: 10,821
I think first Id make sure I had ran adaware SE and spybotS&D...both of which you can get at www.majorgeeks.com under "spyware tools"

also a great new one..stronger than those two is one called adwareaway http://www.adwareaway.com/ it is supposed to cost $$$ but you can download it for free and it'll work like 5 days or something (all you need it to do is work one day though, lol)

JP
__________________
"Even a fool is thought to be wise if he is silent"
John Prophet is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
HiJack galehickey General Tech Discussion 4 March 30th, 2005 01:58 PM
Restricted sites. soulja General Tech Discussion 98 September 12th, 2003 03:18 PM
Raid0 Help... JäX Storage Related 10 January 11th, 2003 12:02 PM
Plane Hijack Foiled shahani IMO Community 20 November 18th, 2002 01:12 PM
Ad-Aware has picked up something new... crazyray General Tech Discussion 6 May 2nd, 2002 04:13 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (2838)
Why is Khalid Sheikh Mohammed even .. (9)
Obama the Muslim (8)
Is the PSU I received dead? (10)
windows vista security holes (7)
Install XP pro and a Vista laptop ?.. (9)
HIS HD5770 graphic card question (15)
A good PSU? (10)
Foreign voltage (7)
Print spooler problem (10)
Dept. of HS: NSA 'Helped' Develop V.. (14)
New Computer wont recognize XP disc (7)
EVGA 9800 gtx help with finding a g.. (8)
Ideal cheap graph card for PC-Gamin.. (15)
Recent Discussions
Help getting around port 80 for camer.. (0)
[F@H SPAM 11/16/09] ! 1/2 months to r.. (30)
windows vista security holes (7)
I need help getting around blocked po.. (0)
Install XP pro and a Vista laptop ?? (9)
Virus Doctor Popup? (0)
EVGA 9800 gtx help with finding a goo.. (8)
Modern Warfare For the PC (32)
Browsers wont load websites (0)
Dept. of HS: NSA 'Helped' Develop Vis.. (14)
Problem with speed step/turbo boost? (1)
monitor will not turn on at all, (0)
Modern Warfare 2: Who Bought It? (61)
World's largest Monopoly Game using G.. (330)
Print spooler problem (10)
SIS 740 and Widescreen (8)
Baffling Problem with my CPU/MoBo's. .. (0)
Display shows 3x5 inch in middle of s.. (0)
HIS HD5770 graphic card question (15)
Best file format to play on Windows H.. (0)
PSP Go bought in Japan (0)
Foreign voltage (7)
Asus P4G8X Mobo (3)
Need hard disk drivers (4)
windows 7 internet problem (4)


All times are GMT -4. The time now is 03:30 PM.
TechIMO Copyright 2009 All Enthusiast, Inc.



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28