|
|
reggy
new user
Reg'd: Thu
Posts: 3
|
|
i have a prog called hijackthis and i duno what to keep n get rid of
also my msn mesenger comes up for 10 secs then disapeares again and i cant use it
here is my log for hijackthis
be warned i got loads o crap here
Logfile of HijackThis v1.98.2
Scan saved at 06:13:43, on 12/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\WINDOWS\bokja.exe
C:\WINDOWS\wovax.exe
C:\WINDOWS\goidr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\FinePixViewer\QuickDCFeyb.exe
C:\Documents and Settings\David J Bosanquet\My Documents\''\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Messenger\msmsgsrrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321teenchat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/time/reg/hometime/home_btd2.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [EKRXBHOU] C:\WINDOWS\EKRXBHOU.exe
O4 - HKLM\..\Run: [lga] C:\WINDOWS\System32\lga.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [C5T] C:\WINDOWS\Vxtna.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DJQWDKQ] C:\WINDOWS\DJQWDKQ.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [enozqrqd] C:\WINDOWS\enozqrqd.exe
O4 - HKCU\..\Run: [urox] C:\WINDOWS\urox.exe
O4 - HKCU\..\Run: [cnwx] C:\WINDOWS\cnwx.exe
O4 - HKCU\..\Run: [xongp] C:\WINDOWS\xongp.exe
O4 - HKCU\..\Run: [mfobcjst] C:\WINDOWS\mfobcjst.exe
O4 - HKCU\..\Run: [pszqfsd] C:\WINDOWS\pszqfsd.exe
O4 - HKCU\..\Run: [teb] C:\WINDOWS\teb.exe
O4 - HKCU\..\Run: [jih] C:\WINDOWS\jih.exe
O4 - HKCU\..\Run: [gfwfef] C:\WINDOWS\gfwfef.exe
O4 - HKCU\..\Run: [cdmjmpux] C:\WINDOWS\cdmjmpux.exe
O4 - HKCU\..\Run: [xchcx] C:\WINDOWS\xchcx.exe
O4 - HKCU\..\Run: [irijchgr] C:\WINDOWS\irijchgr.exe
O4 - HKCU\..\Run: [cjenkz] C:\WINDOWS\cjenkz.exe
O4 - HKCU\..\Run: [qtmfwp] C:\WINDOWS\qtmfwp.exe
O4 - HKCU\..\Run: [julen] C:\WINDOWS\julen.exe
O4 - HKCU\..\Run: [atqx] C:\WINDOWS\atqx.exe
O4 - HKCU\..\Run: [lmdafwf] C:\WINDOWS\lmdafwf.exe
O4 - HKCU\..\Run: [tsfmlaj] C:\WINDOWS\tsfmlaj.exe
O4 - HKCU\..\Run: [onwhgbeb] C:\WINDOWS\onwhgbeb.exe
O4 - HKCU\..\Run: [bsjax] C:\WINDOWS\bsjax.exe
O4 - HKCU\..\Run: [bwt] C:\WINDOWS\bwt.exe
O4 - HKCU\..\Run: [hedqx] C:\WINDOWS\hedqx.exe
O4 - HKCU\..\Run: [enmtazmf] C:\WINDOWS\enmtazmf.exe
O4 - HKCU\..\Run: [qnytgj] C:\WINDOWS\qnytgj.exe
O4 - HKCU\..\Run: [fqxifir] C:\WINDOWS\fqxifir.exe
O4 - HKCU\..\Run: [sjsbur] C:\WINDOWS\sjsbur.exe
O4 - HKCU\..\Run: [uruf] C:\WINDOWS\uruf.exe
O4 - HKCU\..\Run: [mrirwj] C:\WINDOWS\mrirwj.exe
O4 - HKCU\..\Run: [mhqvcf] C:\WINDOWS\mhqvcf.exe
O4 - HKCU\..\Run: [hcj] C:\WINDOWS\hcj.exe
O4 - HKCU\..\Run: [C5T] C:\WINDOWS\Vxtna.exe
O4 - HKCU\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKCU\..\Run: [wovax] C:\WINDOWS\wovax.exe
O4 - HKCU\..\Run: [goidr] C:\WINDOWS\goidr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgsrrs.exe" /background
O4 - HKCU\..\Run: [ozcz] C:\WINDOWS\ozcz.exe
O4 - Startup: BetterMSN.lnk = C:\Program Files\BetterMSN\BetterMSN.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/time/reg/hometime/home_btd2.htm
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.37.5:80/iex/ofile.exe?url=http://66.117.37.5:80/dexGB286.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FON19106/flash.cab
O16 - DPF: {73ED84D5-7AC8-9BE1-E696-6DD66CE722C0} (DownloadUL Class) - http://public.searchbarcash.com/cab/022/kyqczoce.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FA4599-C3BE-4C63-8A5A-FC12858B1101}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
|
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
In reply to:
be warned i got loads o crap here
You got that right! O.k. let's do some cleaning:
Unless you already have it, download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe
Install the program and launch it.
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
 Click on the gear icon  to access the preferences/settings window.
1. In the General window make sure the following are selected:
 Automatically save log-file
Automatically quarantine objects prior to removal
Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select:
Scan Within Archives
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan my IE favorites for banned URL’s
Scan my Hosts file
Under  Click here to select drives + folders, choose:
All of your hard drives
Click on the Advanced button on the left and select:
Include additional process information
Include additional file information
Include environment information
Include additional object details
Click the Tweak button and select:
Under the  Scanning Engine:
Unload recognized processes during scanning
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Under the  Cleaning Engine:
Let Windows remove files in use at next reboot
Click on Proceed to save the settings.
Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
Use Custom Scanning Options
Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
Save the log file when it asks and then click Finish
When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
Reboot your computer.
Download VX2 finder from here: http:// http://www.downloads.subratam.org/VX2Finder.exe
Open VX2 finder
Click the find vx2 button
then click the make log button.
Post the log along with a fresh hijackthis log.
P.S. I like the nickname, very appropriate! 
|
reggy
new user
Reg'd: Thu
Posts: 3
|
|
omy parents are admins and they are away for the week but i was hoping to sort it out b4 they came back
could i do it in safe mode???install adware then run it in normal mode??
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Do you have someone nearby who has a p.c? If so, get them to download the programmes I listed onto a CDR then run them in your (parents) p.c. Then post back. Are you gonna be in trouble now?
|
greysts
regular
Reg'd: Thu
Posts: 18153
Loc: Colchester
|
|
I didn't get where I am today by analysing HJT logs!
1,2,3,4 Keep 'em waiting at the door
5,6,7,8 Always pays to make 'em wait.
Come!!
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
TheFatControlleR
Forum Admin
Reg'd: Fri
Posts: 6805
Loc: Megatripolis
|
|
Yes, CJ!
 TFC
'Truth and reason are common to all men, and no more belong to the man who first uttered them than to him that repeated them after him' - Michel De Montaigne
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
