vixen7
asked on
Can someone help me with my hijack
I am a dummy with computers..lol
Can you tell me what I can delete and what to do.. I cannot thank you experts enough and this is a great board!
Logfile of HijackThis v1.97.7
Scan saved at 11:14:02 AM, on 4/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bi n\jusched. exe
C:\documents and settings\chris\local settings\temp\ev8QGhwi.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.ex e
C:\Documents and Settings\Chris\Application Data\ctee.exe
C:\WINDOWS\System32\wapicc .exe
C:\WINDOWS\System32\wuaucl t.exe
C:\Program Files\MSN\MSNCoreFiles\msn 6.exe
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for hijackthis1977[1].zip\Hija ckThis.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-E A101271BC2 5} - C:\Program Files\TV Media\TvmBho.dll
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6 BB168A7031 0}_ - (no file)
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-2 9649C80111 D}_ - (no file)
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ ycomp5_3_1 2_0.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-0 0D05990014 C} - C:\WINDOWS\System32\mskpkc .dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-2 9649C80111 D} - C:\PROGRA~1\INCRED~1\BHO\I NCFIN~2.DL L
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6 BB168A7031 0} - C:\PROGRA~1\INCRED~1\BHO\I NCFIN~1.DL L
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-E A101271BC2 5} - C:\Program Files\TV Media\TvmBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ ycomp5_3_1 2_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi n\jusched. exe
O4 - HKLM\..\Run: [ev8QGhwi] C:\documents and settings\chris\local settings\temp\ev8QGhwi.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex e" /nosplash /minimized
O4 - HKCU\..\Run: [Uoou] C:\Documents and Settings\Chris\Application Data\ctee.exe
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapicc .exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked .exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-0 0AA00389B7 1} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-0 09027A35D7 3} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37989.8653009259
O16 - DPF: {AED98630-0251-4E83-917D-4 3A23D66D50 7} (WebHandler Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9 E5E92CD61A 2} (FlashXControl Object) - https://register3.valueactive.com/246/webolr/OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{8 76AA6A1-FD 4F-4B72-B5 49-0F97C45 FF49D}: NameServer = 151.164.14.201 151.164.1.8
Can you tell me what I can delete and what to do.. I cannot thank you experts enough and this is a great board!
Logfile of HijackThis v1.97.7
Scan saved at 11:14:02 AM, on 4/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bi
C:\documents and settings\chris\local settings\temp\ev8QGhwi.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.ex
C:\Documents and Settings\Chris\Application
C:\WINDOWS\System32\wapicc
C:\WINDOWS\System32\wuaucl
C:\Program Files\MSN\MSNCoreFiles\msn
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for hijackthis1977[1].zip\Hija
R1 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-E
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-2
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-0
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-2
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-E
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [ev8QGhwi] C:\documents and settings\chris\local settings\temp\ev8QGhwi.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [Uoou] C:\Documents and Settings\Chris\Application
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapicc
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {33564D57-0000-0010-8000-0
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {AED98630-0251-4E83-917D-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D8089245-3211-40F6-819B-9
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O17 - HKLM\System\CCS\Services\T
Download and run these to automatically detect and remove it for you...
Lavasoft Ad-Aware 6 > http://www.netsecurity.about.com/library/blfreespyware.htm
Spybot-Search & Destroy > http://www.safer-networking.org/
After downloading these, update them. Use both for maximum efficiency.
Good Luck...
Lavasoft Ad-Aware 6 > http://www.netsecurity.about.com/library/blfreespyware.htm
Spybot-Search & Destroy > http://www.safer-networking.org/
After downloading these, update them. Use both for maximum efficiency.
Good Luck...
ASKER
I have run both of those with no sucess,
I did a house call and came up with these
TROJSTILEN A- cant access
CHM Psyme.Y-not cleanable
JS INOR.M-not cleanable
BKDR SANDBOX.A-not cleanable
Am I screwed? I am at a total loss here and LUCF I did what you told me, so all those other things are ok to leave on? I also did a swredder
I did a house call and came up with these
TROJSTILEN A- cant access
CHM Psyme.Y-not cleanable
JS INOR.M-not cleanable
BKDR SANDBOX.A-not cleanable
Am I screwed? I am at a total loss here and LUCF I did what you told me, so all those other things are ok to leave on? I also did a swredder
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the first 3 are in my documents and settings
and the last is in windows/system
Now when you say run a scan in safe mode ...what anitvirus scan do you recommend?
and the last is in windows/system
Now when you say run a scan in safe mode ...what anitvirus scan do you recommend?
If you're able to use an online virusscanner, I suggest you to go for that, otherwise just the one you have installed on your computer.
For all of them counts, in safe mode, you can just delete the offending files if you're having problems getting them picked up by the virusscanner.
For all of them counts, in safe mode, you can just delete the offending files if you're having problems getting them picked up by the virusscanner.
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-2
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-0
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-2
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6
O4 - HKLM\..\Run: [ev8QGhwi] C:\documents and settings\chris\local settings\temp\ev8QGhwi.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKCU\..\Run: [Uoou] C:\Documents and Settings\Chris\Application
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapicc
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked
O4 - Startup: DLHelperEXE.exe
O16 - DPF: {AED98630-0251-4E83-917D-4
Tick the checkbox in front of all these lines, afterwards, click "fix checked"
Reboot and you should be good :)
Greetings,
LucF