cimdam
asked on
hijack this
can anyone give me any tips on the results of running hijack this , heres the list
Logfile of HijackThis v1.97.7
Scan saved at 11:08:28 AM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires .exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.ex e
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\system32\pcs\pc svc.exe
C:\Program Files\Yahoo!\Messenger\YPa ger.exe
C:\Program Files\MyWebSearch\bar\2.bi n\MWSOEMON .EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CImdaM.YOUR-KYBTG 65GXE.000\ Desktop\Hi jackThis.e xe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\WINDOWS\System32 /left.html
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = CImdaM"s N tha house
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System 32\Userini t.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: (no name) - {C528DB4C-9617-F9E7-6623-0 C64D6012D1 4} - C:\PROGRA~1\boobdate\BOLDS HOW.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn2 \ycomp5_3_ 16_0.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1 70DE4475CC A} - C:\Program Files\MyWebSearch\bar\2.bi n\MWSBAR.D LL
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\colo real.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD .EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.ex e
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals ched.exe -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc svc.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2 .bin\mwsoe mon.exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad pt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad pt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad pt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad pt.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi n.dll
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi n2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-0 0AA00389B7 1} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4 1EE9F4C36C E} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7 D54A7E8A78 D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-3 98534BB899 9} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B 9FD0631E72 6} - http://www.zestyfind.com/app/AX/AX.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-2 1F9CD6306B 7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5 213C29A827 B} (llamapro) - https://www.pimpwar.com/crew/llamapro/llamapro.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5 213C29A827 C} (llamapro) - https://www.pimpwar.com/crew/llamapro/llamapro.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-8 47D1036C65 D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
O16 - DPF: {FF65677A-8977-48CA-916A-D FF81B037DF 3} (WMService Class) - http://download.overpro.com/WildApp.cab
Logfile of HijackThis v1.97.7
Scan saved at 11:08:28 AM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\cisvc.
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\rundll
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.ex
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\system32\pcs\pc
C:\Program Files\Yahoo!\Messenger\YPa
C:\Program Files\MyWebSearch\bar\2.bi
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CImdaM.YOUR-KYBTG
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: UserInit=C:\WINDOWS\System
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {C528DB4C-9617-F9E7-6623-0
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\colo
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.ex
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {33564D57-0000-0010-8000-0
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B
O16 - DPF: {DE22A7AB-A739-4C58-AD52-2
O16 - DPF: {E4961D20-6367-4C75-BCF3-5
O16 - DPF: {E4961D20-6367-4C75-BCF3-5
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {FF65677A-8977-48CA-916A-D
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
both solutions helped out alot system works great thx fellas
ASKER