HiJackThis

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tottenb, Mar 20, 2004.

  1. tottenb

    tottenb Private E-2

    I just installed Hijack this. It found a ton of stuff. However, I have no idea what is good and what is bad. Does anyone know?

    Logfile of HijackThis v1.97.7
    Scan saved at 12:59:35 PM, on 3/20/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
    C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\OVERNET\OVERNET.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPC32.EXE
    C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eucom.mil/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session={E7B4DC83-4E24-42B2-9957-A9CA8D1DDAC1}&version_id=22
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.btx.dtag.de:80;ftp=ftp-proxy.btx.dtag.de:80
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 207.199.1.105 www.gamespy.com
    O1 - Hosts: 206.132.131.50 www.gamespot.com
    O1 - Hosts: 216.247.236.68 www.tweakfiles.com
    O1 - Hosts: 216.151.127.41 www.tweak3d.net
    O1 - Hosts: 205.252.89.157 www.deskmod.com
    O1 - Hosts: 64.28.67.48 www.slashdot.org
    O1 - Hosts: 207.199.1.103 www.planetquake.com
    O1 - Hosts: 216.247.236.67 www.3dfiles.com
    O1 - Hosts: 207.115.70.83 www.3dspotlight.net
    O1 - Hosts: 216.183.105.186 www.penny-arcade.com
    O1 - Hosts: 209.207.250.33 www.somethingawful.com
    O1 - Hosts: 207.46.209.218 www.msn.com
    O1 - Hosts: 207.0.114.195 www.tabworldonline.com
    O1 - Hosts: 63.214.181.69 www.tweaktown.com
    O1 - Hosts: 205.181.128.80 www.geek.com
    O1 - Hosts: 199.105.102.131 www.happypuppy.com
    O1 - Hosts: 205.229.72.80 www.hothardware.com
    O1 - Hosts: 61.8.3.18 www.insanehardware.com
    O1 - Hosts: 216.34.72.161 www.millisec.com
    O1 - Hosts: 209.249.33.4 www.msicomputer.com
    O1 - Hosts: 208.249.124.215 www.overclockers.com
    O1 - Hosts: 213.207.14.141 zoiah.m3dzone.com
    O1 - Hosts: 63.67.239.189 tdg.vintagegaming.com
    O1 - Hosts: 207.153.207.173 www.tech-junkie.com
    O1 - Hosts: 209.68.32.183 www.storagereview.com
    O1 - Hosts: 209.197.121.2 www.tomshardware.com
    O1 - Hosts: 209.247.194.100 babelfish.altavista.digital.com
    O1 - Hosts: 206.204.212.2 www.symantec.com
    O1 - Hosts: 209.68.58.104 motherboards.org
    O1 - Hosts: 192.18.97.241 www.sun.com
    O1 - Hosts: 216.62.153.3 www.pinkmonkey.com
    O1 - Hosts: 159.33.1.85 cbc.ca
    O1 - Hosts: 166.70.10.23 www.computerhope.com
    O1 - Hosts: 198.235.69.50 www.expressvu.com
    O1 - Hosts: 64.14.126.119 www.brainbench.com
    O1 - Hosts: 208.47.252.43 www.bootdisk.com
    O1 - Hosts: 137.82.195.9 careerowl.ca
    O1 - Hosts: 209.66.74.94 www.techbargains.com
    O1 - Hosts: 206.47.148.163 www.pccanada.com
    O1 - Hosts: 206.161.202.96 www.skinz.org
    O1 - Hosts: 208.228.126.53 www.express.com
    O1 - Hosts: 207.168.8.2 www.onsale.com
    O1 - Hosts: 207.168.8.2 www.egghead.com
    O1 - Hosts: 216.241.100.190 www.computersurplusoutlet.com
    O1 - Hosts: 209.67.181.21 www.buy.com
    O1 - Hosts: 206.253.222.67 www.2cooltek.com
    O1 - Hosts: 206.132.163.111 www.nbc.com
    O1 - Hosts: 209.116.0.210 www.litestep.net
    O1 - Hosts: 216.33.41.60 www.fox.com
    O1 - Hosts: 63.226.107.3 www.darkstep.com
    O1 - Hosts: 193.125.199.4 www.icqplus.org
    O1 - Hosts: 208.51.196.21 www.customize.org
    O1 - Hosts: 63.227.17.77 www.cognitivedistortion.com
    O1 - Hosts: 63.249.168.192 www.graphicsdesign.org
    O1 - Hosts: 64.225.121.225 www.designsbymark.com
    O1 - Hosts: 207.228.228.14 www.98lite.net
    O1 - Hosts: 195.97.246.136 www.1001icqskins.com
    O1 - Hosts: 209.10.46.171 www.diamondmm.com
    O1 - Hosts: 64.41.230.253 www.creative.com
    O1 - Hosts: 64.41.230.253 www.soundblaster.com
    O1 - Hosts: 209.249.164.210 gxs.n3.net
    O1 - Hosts: 209.137.157.25 www.canon.com
    O1 - Hosts: 192.151.52.13 www.hp.com
    O1 - Hosts: 216.18.6.150 www.chalk.com
    O1 - Hosts: 208.185.239.10 sdnews.net
    O1 - Hosts: 216.49.88.12 www.mcafee.com
    O1 - Hosts: 206.96.221.169 www.hardocp.com
    O1 - Hosts: 216.151.100.102 www.anandtech.com
    O1 - Hosts: 216.15.188.70 www.3dgpu.com
    O1 - Hosts: 204.180.41.10 www.reactorcritical.com
    O1 - Hosts: 216.205.180.39 www.3dchipset.com
    O1 - Hosts: 212.35.226.50 www.eurogamer.net
    O1 - Hosts: 206.114.154.45 www.smartalec2000.com
    O1 - Hosts: 128.11.45.131 www.hotfiles.com
    O1 - Hosts: 64.4.43.7 www.hotmail.com
    O1 - Hosts: 216.105.162.18 www.voodooextreme.com
    O1 - Hosts: 216.200.247.148 www.download.com
    O1 - Hosts: 216.200.247.132 www.cnet.com
    O1 - Hosts: 205.181.112.65 www.zdnet.com
    O1 - Hosts: 209.73.164.92 www.altavista.com
    O1 - Hosts: 204.71.200.75 www.yahoo.com
    O1 - Hosts: 216.239.33.100 www.google.com
    O1 - Hosts: 206.253.217.38 www.metacrawler.com
    O1 - Hosts: 209.198.21.71 astalavista.box.sk
    O1 - Hosts: 216.35.123.102 www.ignpc.com
    O1 - Hosts: 143.166.82.178 www.dell.com
    O1 - Hosts: 216.247.236.67 www.3dfiles.com
    O1 - Hosts: 209.87.55.145 www.a-power.com
    O1 - Hosts: 64.23.13.53 www.reliz.ru
    O1 - Hosts: 216.165.161.17 www.theonion.com
    O1 - Hosts: 216.35.123.107 www.ign.com
    O1 - Hosts: 204.146.81.99 www.ibm.com
    O1 - Hosts: 205.214.169.2 www.acerlabs.com
    O1 - Hosts: 216.200.159.128 www.asus.com
    O1 - Hosts: 192.216.191.42 www.acer.com
    O1 - Hosts: 140.174.105.248 www.nvidia.com
    O1 - Hosts: 204.50.136.43 www.matrox.com
    O1 - Hosts: 166.90.143.6 www.3dfx.com
    O1 - Hosts: 207.167.207.71 www.ati.com
    O1 - Hosts: 63.170.89.212 www.abit.com
    O1 - Hosts: 216.200.57.12 www.firingsquad.com
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_1.DLL
    O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IECOMP.DLL
    O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_1.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [ausvc] C:\WINDOWS\ausvc.exe
    O4 - HKLM\..\Run: [SysScan] C:\WINDOWS\bvt.exe
    O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
    O4 - HKLM\..\Run: [TkBellExe] realsched.exe -osboot
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [Overnet] C:\PROGRAM FILES\OVERNET\Overnet.exe -t
    O4 - HKLM\..\Run: [3S] C:\WINDOWS\SYSTEM\3S.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
    O4 - HKLM\..\RunServices: [Msmon] c:\windows\system\msmon.exe
    O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\winlogon.exe
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\Sophia\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
    O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\Sophia\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - User Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: @Home (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/rcriot/microsoft/wtinst.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_1.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
     
    tottenb, Mar 20, 2004
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds