Thread: Hijack this help!!!!!!!!!!!!!!!!
View Single Post
Old 02-26-2005, 12:54 PM   #1 (permalink)
djbutzen
Registered User
 
Join Date: Feb 2005
Posts: 10
OS: win xp


Hijack this help!!!!!!!!!!!!!!!!
Can someone help with my scan. Is there any site that can help me desipher?

Whatever I got makes it very difficult for me to get on-line.

Thanks in advance.

Dave B...


Logfile of HijackThis v1.99.1
Scan saved at 8:30:03 AM, on 2/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\prutqct.exe
C:\WINDOWS\System32\prutqct.exe
C:\Documents and Settings\Windows User\My Documents\Comp fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = wi.rr.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {05460EBA-C366-402A-A504-6426836E6FD5} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {0CAE85DF-F444-4071-90EC-4E8AB67F8AD0} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {2A16EDF2-AE29-45C7-B581-3FF0CF6D3EF4} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {38FFAFE9-52F2-445E-97FB-B273062A93D0} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59C7D99E-D7D1-400C-9A80-75CDE57BF46D} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: (no name) - {68E29065-DC6A-4EE0-8F5D-695211B11F89} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {6923C5E5-BA91-4563-B93C-E48228386996} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {93172F4F-D1EC-473E-8DBE-8A4AA22DCF8F} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: ohb - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\System32\ic2_win.dll
O2 - BHO: (no name) - {9DEB7E5B-7B04-498B-90E6-9C3035215D5B} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {C4E17322-D63E-4A28-8B85-9447B9662686} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {E8B56F4A-05ED-4D76-90D1-EE45A52C8A9B} - C:\Program Files\2osx21u6\2osx21u6.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINDOWS\System32\ic2_win.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/game...s/y/gst1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdriver...ve/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/036af655...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101250022443
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O21 - SSODL: eplrr9 - {75598E8B-7776-4E4C-90A9-F3AFAA9C1C1F} - C:\WINDOWS\System32\mspdnx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
djbutzen is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here