Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Just a check (hijackthis, my friends computer)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Just a check (hijackthis, my friends computer)

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 12-11-2004, 07:16 PM
madmikejt12's Avatar
Dedicated Member
Loyal Contributor
  
Join Date: Nov 2004
Posts: 2,874
madmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L teammadmikejt12 is a key member in the D-A-L team
Send a message via AIM to madmikejt12 Send a message via MSN to madmikejt12
Arrow Just a check (hijackthis, my friends computer)
hi, this is my friends hijackthis log could someone please check it for me? thankyou

Logfile of HijackThis v1.98.2
Scan saved at 18:16:04, on 12/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLSTAT.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLAGENT.EXE
C:\PROGRAM FILES\VOYAGERTEST\FTS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\TRUST\SPACEC@M LITE\TASK.EXE
C:\PROGRAM FILES\AOL 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGEN T.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\AOL\BROADBAND CHECKUP\BIN\MPBTN.EXE
C:\PROGRAM FILES\AOL 9.0\WAOL.EXE
C:\PROGRAM FILES\AOL 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
A:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wyuynijtemsrtbyjud.com/R6JQ0K...R6YiNV8wu.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/u...en/default.htm
F1 - win.ini: run=hpfsched hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Roamboobbuildtool] C:\WINDOWS\Application Data\gram bows roam boob\Face Option.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CALMP3L0004.EXE] C:\WINDOWS\SYSTEM\CALMP3L0004.EXE 1
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Trust SpaceC@m Lite.lnk = C:\Program Files\Trust\SpaceC@m Lite\task.exe
O4 - Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgen t.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {1BB846E0-C190-11D4-A65C-701B50C10000} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\IntraLaunch.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 13-11-2004, 11:24 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Just a check (hijackthis, my friends computer)
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wyuynijtemsrtbyjud.com/R6JQ0...lR6YiNV8wu.html
O4 - HKLM\..\Run: [Roamboobbuildtool] C:\WINDOWS\Application Data\gram bows roam boob\Face Option.exe

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Delete the following files and folders:
C:\WINDOWS\Application Data\gram bows roam boob

Reboot and post a fresh log
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
friends computer needs help robrahm Spyware, Adware, Viruses and HijackThis Logs 3 20-11-2006 08:43 PM
Please check HijackThis log origdav Spyware, Adware, Viruses and HijackThis Logs 1 25-07-2006 09:13 PM
New user, looking for help to clean friends computer Jpoon Spyware, Adware, Viruses and HijackThis Logs 3 24-03-2006 07:38 PM
Help needed with a friends HijackThis log please hopeless Spyware, Adware, Viruses and HijackThis Logs 5 15-05-2005 04:44 AM
Please check my HijackThis log eriboll Spyware, Adware, Viruses and HijackThis Logs 5 22-10-2004 03:48 PM


All times are GMT +1. The time now is 09:50 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav