Results 1 to 2 of 2

Thread: Hijackthis

  1. 07-07-2004, 04:59 AM #1
    CoryPenwell
    CoryPenwell is offline
    Poster
    Join Date
    Oct 2003
    Posts
    67
    I downloaded hijackthis to fix my home page. i ran a scan and it said to be careful what you delete. can anyone tell me what i should delete.


    Logfile of HijackThis v1.98.0
    Scan saved at 11:57:50 PM, on 7/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\winai32.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\d3nq32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\Documents and Settings\Cory\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ivvco.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivvco.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ivvco.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ivvco.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ivvco.dll/sp.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivvco.dll/index.html#96676
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {FA72B7B8-21F5-118B-EFBB-A3F57457DA8D} - C:\WINDOWS\system32\sysyk.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [d3nq32.exe] C:\WINDOWS\d3nq32.exe
    O4 - HKLM\..\RunOnce: [winai32.exe] C:\WINDOWS\winai32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
    O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://www.movie-browser.com/tl7000.dll
    O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000X.../bridge-c1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8249CB62-E487-4BCF-AE37-A55216CAC3DC}: NameServer = 205.171.3.65 205.171.2.65
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
    Reply With Quote Reply With Quote
  3. 07-07-2004, 08:35 AM Software & Hardware   -   #2
    dopey
    dopey is offline
    Poster
    Join Date
    Jun 2003
    Posts
    126
    please extract the hijack this into it's own folder. that way, the backups will be safe from accidental erasure. rescan with hijack this and check the following items. Once done click the fix checked button.

    O2 - BHO: (no name) - {FA72B7B8-21F5-118B-EFBB-A3F57457DA8D} - C:\WINDOWS\system32\sysyk.dll

    O4 - HKLM\..\Run: [d3nq32.exe] C:\WINDOWS\d3nq32.exe
    O4 - HKLM\..\RunOnce: [winai32.exe] C:\WINDOWS\winai32.exe

    O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://www.movie-browser.com/tl7000.dll
    O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000X.../bridge-c1.cab

    Download About:Buster from either of the following locations.

    Code:
    http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
    Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!!

    Run AboutBuster.exe, click ok, then start, then OK. This will scan your computer for the files responsible for hijacking your home and/or search settings/page.

    Reboot and post a new HijackThis log along with the report from About:Buster.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page Generation Time
0.09
Number of Queries
12
Links: Talkgold Forum | AdServices