Solve : My Hackthis log help me! plz? – InterviewSolution

InterviewSolution

1.	Solve : My Hackthis log help me! plz?
Answer» Ok this is my log from my HACKTHIS and I think I caught some popup programs please help! O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSE311.TMP\swicdad.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8CF75-1E3F-404A-BC51-D2CAE37DAEB8}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE18EF-17DE-450B-BE67-2E7C689AB357}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CS2\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65The previous ones were missing some these are the complete ones. Logfile of HijackThis v1.98.2 Scan saved at 5:39:27 PM, on 11/4/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running PROCESSES: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\documents and settings\user\local settings\temp\VrsAC.exe C:\documents and settings\user\local settings\temp\BijPNhk8V.exe C:\WINDOWS\system32\nvrspl87.exe C:\Documents and Settings\user\Application Data\pooh.exe C:\WINDOWS\system32\l?censored.exe C:\PROGRA~1\WEB Offer\wo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Bxe0n.exe C:\WINDOWS\system32\AlrYT0v1.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6BAE6706-9543-6D9F-8727-61550FF1783A} - C:\WINDOWS\system32\rrgk.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\user\Local Settings\Temp\zzIIwQNaN.dll O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Lexmark X83 Button MONITOR] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VrsAC.exe] C:\documents and settings\user\local settings\temp\VrsAC.exe O4 - HKLM\..\Run: [BijPNhk8V.exe] C:\documents and settings\user\local settings\temp\BijPNhk8V.exe O4 - HKLM\..\Run: [806a345134d5] C:\WINDOWS\system32\nvrspl87.exe O4 - HKLM\..\Run: [[emailprotected][emailprotected]] C:\WINDOWS\system32\Nyjw1Wb1.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Msuw] C:\Documents and Settings\user\Application Data\pooh.exe O4 - HKCU\..\Run: [Ukjieaho] C:\WINDOWS\system32\l?censored.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - Global Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSE311.TMP\swicdad.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8CF75-1E3F-404A-BC51-D2CAE37DAEB8}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE18EF-17DE-450B-BE67-2E7C689AB357}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65 O17 - HKLM\System\CS2\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65 steven.....Please tell us exactly whats going on with your pc . Is you home page being continually changed ? and to what ......I see a few things that dont look right ...but before I make any suggestions I would like to have the info asked for dl65 No my homepage is suppose to be www.msn.com and it is when I open internet explorer.But for some weird reason my internet explorer is ALSO missing the bottom bar that shows the progress bar. Also I get popups from these weird websites when im surfing the web!Like when i search for things on yahoo it gives me a popup that is www.searchreslt.com and also when im surfing the web it gives me stupid popups to some dating ad and some other ones like Clean ur computers registry n stuff ads.!!!!! AHHHhHmm looks like after searching around I found a program called AD Aware and i used it and it so far seemed like it fixed my problem. But Thanks a lot for trying to help me out!! Even though I fixed it, but thanks for tryin to help me out!! If you had read the Please Read This First - Viruses & Spyware you wouldn't even had to post this thread.steven.....Hummmm ......how about running a hijackthis again now that you have ran Ad-aware ........because the last one did not look good . Dl65

Discussion

No Comment Found

Related InterviewSolutions