jfirestone
asked on
My HijackThis Log
I was doing great, been about 6 months since the last time I had to post one of these. I thought I got all of the things out of my system that were invading, but I still seem to be getting a pop-up ad in my way.
Thank you for the help!
Logfile of HijackThis v1.97.7
Scan saved at 5:24:14 PM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\SYSTEM32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\age nt\mcagent .exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\1stClock\1stClock.ex e
C:\Program Files\ePrompter\ePrompter. exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso \mcvsftsn. exe
C:\Program Files\HIjackthis\HijackThi s.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=home&SEC=bnav
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F 1C52D674FA D} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7 6E68DC4AB2 E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\McUpdat e.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - Startup: 1st Clock.lnk = C:\Program Files\1stClock\1stClock.ex e
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter. exe
O4 - Startup: Shortcut to printstart.lnk = C:\printstart.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0FC35961-D28B-4EAD-98AA-A 151C18C386 1} (ActiveFormSDSE Control) - http://www.phdinc.com/apps/sizing/cab_files/PHDSizeSDSE.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-0 0104B62BDD A} (ChartFX Internet Control) - https://www22.verizon.com/foryourbusiness/billview/download/CfxIEAx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-3 2F1B706892 F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {60F47E29-4A42-11D2-83ED-0 2608CA1099 0} (SmartLOOK CAD Viewer Control) - http://www.i-markinc.com/SmartLOOKX/SmartLOOKX.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0 050DAC24E8 F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0 001023E6D5 A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-7 4599A21DE4 7} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Thank you for the help!
Logfile of HijackThis v1.97.7
Scan saved at 5:24:14 PM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\SYSTEM32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tf
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\age
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\PROGRA~1\mcafee.com\vso
c:\progra~1\mcafee.com\vso
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\1stClock\1stClock.ex
C:\Program Files\ePrompter\ePrompter.
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso
C:\Program Files\HIjackthis\HijackThi
R0 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - Startup: 1st Clock.lnk = C:\Program Files\1stClock\1stClock.ex
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.
O4 - Startup: Shortcut to printstart.lnk = C:\printstart.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {0FC35961-D28B-4EAD-98AA-A
O16 - DPF: {21F49842-BFA9-11D2-A89C-0
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {386A771C-E96A-421F-8BA7-3
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {60F47E29-4A42-11D2-83ED-0
O16 - DPF: {70522FA2-4656-11D5-B0E9-0
O16 - DPF: {9600F64D-755F-11D4-A47F-0
O16 - DPF: {9FC5238F-12C4-454F-B1B5-7
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and Yes one thing more,,,, u are having an old version of hijackthis, v 1.97.7
New one is v 1.98.2, from next time use the latest version :)
New one is v 1.98.2, from next time use the latest version :)
ASKER
Thank you for all the help! Sorry for posting this stuff in here!
np jfirestone
have a good one
PL
have a good one
PL
>> Sorry for posting this stuff in here!
why to be sorry.... not at all needed :)
its just that, if u can solve the hijacking problem with that automatic log file, its good, otherwise if it cannot solve the issue,,, u can always come here and can tell and ask abt ur problems,,,, u will be always welcomed =)
Cheers ^_^
why to be sorry.... not at all needed :)
its just that, if u can solve the hijacking problem with that automatic log file, its good, otherwise if it cannot solve the issue,,, u can always come here and can tell and ask abt ur problems,,,, u will be always welcomed =)
Cheers ^_^
Full removal and Prevention instructions are available on my website,
http://www.petenetlive.com/Tech/Browsers/hijack.htm
Please don't "Gum up" the TA's here by posting Hijack This Logs
go here and have it analysed.
http://www.hijackthis.de/index.php?langselect=english
The EE Official Link to info is,
http:Q_20975384.html#10973783