Re: Help reading a HijackThis log

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Ricky (rsjoiner_at_no_spambellsouth.net)
Date: 11/17/04 

Date: Tue, 16 Nov 2004 20:23:31 -0600

Go here:
http://mjc1.com/mirror/hjt/
For instructions on how to use hijack this

You have to post the log it
produces here:
http://www.spywareinfo.com/forums/
so experts tell you what is good and what is malware

"Jim" <Jim@discussions.microsoft.com> wrote in message
news:CE302EB8-3588-4BD1-9A78-4A7C2E3D7351@microsoft.com...
> Hi:
> I ran hijack this and I was wondering is an MVP could help me know what to
> delete from the log file
>
> Logfile of HijackThis v1.98.2
> Scan saved at 8:55:42 PM, on 11/15/2004
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
> C:\WINDOWS\system32\cisvc.exe
> C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
> c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
> C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\wanmpsvc.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\fxssvc.exe
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\BCMSMMSG.exe
> C:\WINDOWS\System32\DSentry.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\PROGRA~1\mcafee.com\agent\mcagent.exe
> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
> C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
> C:\Program Files\Common Files\Dell\EUSW\Support.exe
> c:\progra~1\mcafee.com\vso\mcvsescn.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\WINDOWS\system32\RUNDLL32.EXE
> C:\Program Files\Digital Line Detect\DLG.exe
> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> c:\progra~1\mcafee.com\vso\mcvsftsn.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\Program Files\MSN\MSNCoreFiles\msn.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
> C:\DOCUME~1\JIM&CA~1\LOCALS~1\Temp\Temporary Directory 1 for
> hijackthis.zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dellnet.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://g.msn.com/0SEENUS/SAOS01
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.ewtn.com/news/index.asp
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.dellnet.com/
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,AutoConfigURL = windowsupdate.microsoft.com
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = http://localhost
> R3 - Default URLSearchHook is missing
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
> C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
> c:\progra~1\mcafee.com\vso\mcvsshl.dll
> O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
> C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
> O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
> O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe
> O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
> Creator
> 5\DirectCD\DirectCD.exe"
> O4 - HKLM\..\Run: [VirusScan Online]
> "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
> O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
> Files\Dell\EUSW\Support.exe
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
> /checktask
> O4 - HKLM\..\Run: [pmr] C:\Program Files\Common Files\Presentia\pmr.exe
> O4 - HKLM\..\Run: [EPSON Stylus CX5200]
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus
> CX5200" /O6 "USB001" /M "Stylus CX5200"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe
> O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
> O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
> Manager\ViewMgr.exe
> O4 - HKLM\..\Run: [New.net Startup] rundll32
> C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
> O4 - Global Startup: Digital Line Detect.lnk = ?
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> (no
> file)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O12 - Plugin for .pdf: C:\Program Files\Internet
> Explorer\PLUGINS\nppdf32.dll
> O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
> Class)
> - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
> O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client
> Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
> O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com
> Download+Installer Class) -
> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,56/mcinsctl.cab
> O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
> Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
> System Class) -
> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://207.188.7.150/0312cff0cbd8d5564e02/netzip/RdxIE601.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
> https://www.gamespyid.com/alaunch.cab
> O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) -
> https://cs7b.instantservice.com/jars/customerxsigned42.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
> O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) -
> http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
> O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
> http://download.abacast.com/download/files/abasetup141.cab
>
>

Quantcast