Thread: Help with HJT log Please
View Single Post
Old 05-22-2005, 10:03 PM   #1 (permalink)
tigsboy
Registered User
 
Join Date: Nov 2004
Posts: 12
OS: 2000


Help with HJT log Please
Hi all,
I have performed all the standard tasks before posting this, CWShreddar, Adaware, Spybot, SpywareBlaster, SWG and Virus Scan. I can see some suspect entries and would like to clean up completely and then see if there are any other problems. Any help would be much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:34:51 AM, on 20/05/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SNMP.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPFW.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\OPTIONS\CABS\CDOCK.EXE
C:\PROGRAM FILES\COMPAQ\EASYACCESSBUTTONS\CPQEK.EXE
C:\PROGRAM FILES\COMPAQ\POWERCON ENHANCEMENTS\CPQACDC.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\WPSPSW.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\COMPAQ\SECURITY\SECURE32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM32\XPSP2FW.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-link.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: (no name) - {761C0DDE-94A4-65C7-20A0-50FA40E61730} - sysconf16.dll (file missing)
F1 - win.ini: load=WPSHRC.EXE
O2 - BHO: Name - {5161DDA0-7CEA-11D9-9548-A0B659C1414A} - C:\WINDOWS\SYSTEM\MSDXI.DLL
O2 - BHO: (no name) - {7EE26CE1-7CEA-11D9-9548-A0B61C55FFBD} - C:\WINDOWS\SYSTEM\QWSXP.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Name - {8F5EA544-BD9D-11D9-9549-A0D259C1F7FF} - C:\WINDOWS\SYSTEM\MSDXI.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Name - {C7C66083-C79D-11D9-9549-50F459C10300} - C:\WINDOWS\SYSTEM\MSDXI.DLL
O2 - BHO: Name - {70D2FAE4-C7C5-11D9-9549-70D559C17BFE} - C:\WINDOWS\SYSTEM\MSDXI.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Check Dock] c:\Windows\Options\Cabs\cdock.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe
O4 - HKLM\..\Run: [Hibernation] C:\Program Files\COMPAQ\PWRCON\HIB32.EXE
O4 - HKLM\..\Run: [CPQCalib] C:\Program Files\COMPAQ\PWRCON\CPQCALIB.EXE
O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Compaq Computer Security] C:\PROGRA~1\COMPAQ\SECURITY\Secure32.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [pizda] DTOURS.exe
O4 - HKLM\..\Run: [driver32] stuffmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SNMP agent] SNMP.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [ftbar] zantu.exe
O4 - HKCU\..\Run: [WinInitDll] ***CTF.exe
O4 - HKCU\..\Run: [new32] sysconf16.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 69.50.161.82
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605687.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: t5TR - {7EE26CE0-7CEA-11D9-9548-A0B673195A26} - C:\WINDOWS\SYSTEM\QWSXP.DLL
O18 - Filter: t5RDR - {4F36D268-81EF-11D9-9548-10BEBDDD8B85} - C:\WINDOWS\SYSTEM\QWSXP.DLL
O18 - Filter: t5ER - {228901A2-81DD-11D9-9548-B0E02B41489E} - C:\WINDOWS\SYSTEM\QWSXP.DLL
O18 - Filter: t5^DR - {228901D2-81DD-11D9-9548-B0E0DFC002BA} - C:\WINDOWS\SYSTEM\QWSXP.DLL
tigsboy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here