|
|
Interpretation of HijackThis Logfile
Hello,
I did a scan of my system and this is the results(below). I have no way of interpreting them myself. Please, if anyone can help. I need to know which ones are harmful and should be deleted. I am having problems opening up Internet Explorer. Apparently something is disabling the browser. Any help will be greatly appreciated. Logfile of HijackThis v1.97.7 Scan saved at 11:35:50 PM, on 8/25/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\w anmpsvc.exe C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\program files\support.com\bin\tgcmd.exe C:\Program Files\DIGStream\digstream.exe C:\WINDOWS\system32\0l8yzcq337ad.exe C:\WINDOWS\System32\wpameter.exe C:\WINDOWS\system32\winpx.exe C:\Program Files\Washer\washer.exe C:\WINDOWS\System32\srsev23.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\Program Files\CompuServe 7.0\cstray.exe C:\Program Files\SBC\Connection Manager\CManager.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\PROGRA~1\COMPUS~1.0\wcs2000.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\WINDOWS\explorer.exe C:\WINDOWS\syssg.exe C:\Documents and Settings\Celeste Gale\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javasq32.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [0l8yzcq337ad] C:\WINDOWS\system32\0l8yzcq337ad.exe O4 - HKLM\..\Run: [m3yN0ut] C:\documents and settings\michael mcgary\local settings\temp\m3yN0ut.exe O4 - HKLM\..\Run: [jXaC5l] C:\documents and settings\michael mcgary\local settings\temp\jXaC5l.exe O4 - HKLM\..\Run: [9TK5dDXE] C:\documents and settings\michael mcgary\local settings\temp\9TK5dDXE.exe O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe O4 - HKLM\..\Run: [4CRY#ZW5HY8NSJ] C:\WINDOWS\System32\FepP.exe O4 - HKLM\..\Run: [WinInit] Win86.exe O4 - HKLM\..\Run: [WinLogin] win32x.exe O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [zvravbagzrp] C:\WINDOWS\System32\vsyeuiw.exe O4 - HKLM\..\Run: [w3FT37Q] wpameter.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [winpx.exe] C:\WINDOWS\system32\winpx.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 O4 - HKCU\..\Run: [0l8yzcq337ad] C:\WINDOWS\system32\0l8yzcq337ad.exe O4 - HKCU\..\Run: [h0w3RXc8X] srsev23.exe O4 - HKCU\..\Run: [sex] C:\WINDOWS\System32\sexxx.exe O4 - HKCU\..\Run: [Taca] C:\Documents and Settings\Celeste Gale\Application Data\rttr.exe O4 - HKCU\..\Run: [Pcfck] C:\WINDOWS\System32\oiqiyk.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKLM\..\RunOnce: [osxio] C:\WINDOWS\ocmsn.log:osxio O4 - HKLM\..\RunOnce: [atlor32.exe] C:\WINDOWS\system32\atlor32.exe O4 - HKLM\..\RunOnce: [systb32.exe] C:\WINDOWS\system32\systb32.exe O4 - HKLM\..\RunOnce: [appar32.exe] C:\WINDOWS\appar32.exe O4 - HKLM\..\RunOnce: [syssg.exe] C:\WINDOWS\syssg.exe O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/xjust/online.chm::/on-line.exe O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Q8276112.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e1e2729109a237 O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105 O17 - HKLM\System\CCS\Services\Tcpip\..\{85FD29AD-A497-45B8-B6D9-30475818AC87}: NameServer = 205.188.146.146 O17 - HKLM\System\CCS\Services\Tcpip\..\{C0094D2B-5F02-4D4A-AE1E-082D8275CFF2}: NameServer = 206.13.28.12,203.13.31.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105 O17 - HKLM\System\CS2\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105 |
| All times are GMT +1. The time now is 01:03 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters