Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Hi, I read on here that some help was provided to others who have also had this unfortunate problem, so I followed all the steps. The problem is, I am not smart enough to decipher what all is garbage, and what is needed by my system. If someone could please let me know what to get rid of, it would be highly appreciated. Here is the HijackThis scan report:

Logfile of HijackThis v1.97.3
Scan saved at 12:55:47 AM, on 11/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tim cole\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com (HKLM)
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B07C65-70EB-414F-967E-F81475277BAF}: NameServer = 152.163.244.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B07C65-70EB-414F-967E-F81475277BAF}: NameServer = 152.163.244.4

Thanks in advance!
 

·
Registered
Joined
·
5,955 Posts
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg

Run a new HJT log, then check all of the above entries. With all browser and explorer windows closed, tell HJT to fix them.

Reboot

Find C:\WINDOWS\sys.reg and delete it.

Post a new HJT log so we can make sure we got everything.
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
Thanks for the help, and quick response, it is very much appreciated.....you guys are great! I went ahead, and followed all your directions, and also deleted cookies, files, and history upon reboot for good measure. Here are the current results of the HJT scan. Let me know if I am free and clear now...


Logfile of HijackThis v1.97.3
Scan saved at 2:35:29 AM, on 11/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\AMERIC~2.0\waol.exe
C:\PROGRA~1\AMERIC~2.0\shellmon.exe
C:\PROGRA~1\AMERIC~2.0\aolwbspd.exe
C:\Documents and Settings\tim cole\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com (HKLM)
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B07C65-70EB-414F-967E-F81475277BAF}: NameServer = 152.163.246.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B07C65-70EB-414F-967E-F81475277BAF}: NameServer = 152.163.246.134
 

·
Registered
Joined
·
5,955 Posts
All clear!

jgvernonco’s
recommended
security
software

Zonealarm Firewall (free edition) Zone Labs:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Free antivirus software

http://www.avast.com/i_idt_153.html


Spyware blocking programs (free):

Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions).

http://www.javacoolsoftware.com/spywareblaster.html


Spyware Killers (free)!

Spybot Search & Destroy

http://download.com.com/3000-2144-1...&tag=button

Adaware
Ad-aware - Software - Lavasoft

http://www.lavasoftusa.com/software/adaware/

I run both of these, as they occasionally find something that the other did not.

Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource.

Gibson Research Corporation Home Page

http://grc.com/default.htm

The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it!

Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link:

Microsoft Windows Update

http://v4.windowsupdate.microsoft.com/en/default.asp

Stay safe! Enjoy the WWW!
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top