hijack.exe
From: sandy (anonymous_at_discussions.microsoft.com)
Date: 08/30/04
- Next message: viking: "Re: Serial port blocked by sp2?"
- Previous message: aMIR: "offline saved files problem"
- Next in thread: Jerry: "Re: hijack.exe"
- Reply: Jerry: "Re: hijack.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Aug 2004 10:30:19 -0700
Hi again. Just sent in a post about regedit. I ran
HijackThis and it gave me a number of hings to fix, but
don't know what needs to be left there and what needs to
be fixed or deleted. Here is the log file:
Logfile of HijackThis v1.97.7
Scan saved at 11:22:19 AM, on 31/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\SED\SED.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntkb.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\rzlaci.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\WINDOWS\System32\jceaao.exe
C:\Documents and Settings\John\Application Data\bntw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\VB.INI:mgmhi
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\system32\mdfre.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32
\mdfre.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\system32\mdfre.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {8B2CEA01-7DD8-C720-D770-
D6B11CBE5AAF} - C:\WINDOWS\system32\sdkgl.dll
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program
Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32
\748156.exe
O4 - HKLM\..\Run: [ntkb.exe] C:\WINDOWS\system32\ntkb.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program
Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32
\hkcmd.exe
O4 - HKLM\..\Run: [dyptxw] C:\WINDOWS\System32\rzlaci.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program
Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32
\matrixhere.exe
O4 - HKCU\..\Run: [Qqs] C:\WINDOWS\System32\jceaao.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Coou] C:\Documents and
Settings\John\Application Data\bntw.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and
Settings\John\Application Data\ttuh.exe
O4 - HKLM\..\RunOnce: [mgmhi] C:\WINDOWS\VB.INI:mgmhi
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program
Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\cdlsp.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.greg-search.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{08931827-2CFB-
4E6E-AAE0-4C7A55826368}: NameServer =
216.126.103.27,198.235.200.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{08931827-2CFB-
4E6E-AAE0-4C7A55826368}: NameServer =
216.126.103.27,198.235.200.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{08931827-2CFB-
4E6E-AAE0-4C7A55826368}: NameServer =
216.126.103.27,198.235.200.134
thanks again and i apologize if i sent it to the wrong
newsgroup
Sandy
- Next message: viking: "Re: Serial port blocked by sp2?"
- Previous message: aMIR: "offline saved files problem"
- Next in thread: Jerry: "Re: hijack.exe"
- Reply: Jerry: "Re: hijack.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
