Forum     

Go Back   Digit Technology Discussion Forum > Portables, Peripherals and Electronics > QnA (read only)
hijackthis logfile hijackthis logfile
Register FAQ Calendar Mark Forums Read

QnA (read only) Mods please help transfer the contents of this forum to proper sections. :)


 
 
LinkBack Thread Tools Search this Thread Display Modes
Old 02-06-2005, 09:31 PM   #1 (permalink)
In The Zone
 
himtuna's Avatar
 
Join Date: Apr 2005
Location: Delhi
Posts: 241
Default hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 9:28:54 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Longhorn

Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn

Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\compaq\Desktop\BACK

UP\waste\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.

yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.msn.co.in/
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://rd.companion.yahoo.com/slv/yc.../*http://searc

h.yahoo.com/search?p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-

B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-

A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1

\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program

Files\Billion\ADSL USB Modem\CnxDslTb.exe"

"Billion\ADSL USB Modem"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe

EGDACCESS_1059.dll,InstantAccess
O4 - Startup: Stardock ObjectDock.lnk =

C:\WINDOWS\BricoPacks\Longhorn

Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk =

C:\WINDOWS\BricoPacks\Longhorn

Inspirat\YzToolBar\YzToolBar.exe
O8 - Extra context menu item: Send To &Bluetooth -

C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5

-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-

9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-

C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} -

http://akamai.downloadv3.com/binaries/EGDAccess/EGDA

CCESS_1059_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CAD73B0-

6C52-4B1C-B43D-B8546155E81B}: NameServer = 202.54.15.30

203.197.12.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{543A8059-

9480-4019-A492-95C9CF3AF312}: NameServer =

132.201.8.12,132.147.6.30
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-

414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32

\textwareilluminatorbaseProtocol.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

Unknown owner - C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"

/service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc.

- C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple

Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service

(McAfeeFramework) - Network Associates, Inc. -

C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet

Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
__________________
http://www.himtuna.com/
http://www.himanshuthakur.com/
Do good to be good !
himtuna is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 02-06-2005, 09:44 PM   #2 (permalink)
Another Brick in the Wall
 
drgrudge's Avatar
 
Join Date: Jul 2004
Location: Dubai/Chennai
Posts: 3,027
Default
What?

Why did u post? U have any problem. Can u post agian properly, why is it not showing up in a order and there is gap between each entries.
__________________
I Love Photography. I Love Aperture. I Love Mac.
drgrudge is offline  
Old 02-06-2005, 09:53 PM   #3 (permalink)
In The Zone
 
himtuna's Avatar
 
Join Date: Apr 2005
Location: Delhi
Posts: 241
Default
HI MY I.E IS ATTACKED BY MALWARES DIRTY POP-UPS
Logfile of HijackThis v1.99.1
Scan saved at 9:52:12 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\compaq\Desktop\BACK UP\waste\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.companion.yahoo.com/slv/yc...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/yc...om/search?p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Billion\ADSL USB Modem\CnxDslTb.exe" "Billion\ADSL USB Modem"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1059.dll,InstantAccess
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binarie...SS_1059_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CAD73B0-6C52-4B1C-B43D-B8546155E81B}: NameServer = 202.54.15.30 203.197.12.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{543A8059-9480-4019-A492-95C9CF3AF312}: NameServer = 132.201.8.12,132.147.6.30
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtoco l.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
__________________
http://www.himtuna.com/
http://www.himanshuthakur.com/
Do good to be good !
himtuna is offline  
Old 02-06-2005, 10:01 PM   #4 (permalink)
Distinguished Member
 
anandk's Avatar
 
Join Date: Mar 2005
Location: Pune
Posts: 3,783
Default
run ms antispyware & adaware and ccleaner.
use maxthon (an ie based browser). its got a good pop-up and ad blocker.
all available at www.download.com
shud solve yout problem.
__________________
> www.TheWindowsClub.com <
= www.WinVistaClub.com =
Microsoft® MVP
anandk is offline  
Old 02-06-2005, 10:41 PM   #5 (permalink)
Another Brick in the Wall
 
drgrudge's Avatar
 
Join Date: Jul 2004
Location: Dubai/Chennai
Posts: 3,027
Default
Fix the following entries.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.companion.yahoo.com/slv/yc...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/yc...om/search?p=%s
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binarie...SS_1059_XP.cab



Quote:
O17 - HKLM\System\CCS\Services\Tcpip\..\{543A8059-9480-4019-A492-95C9CF3AF312}: NameServer = 132.201.8.12,132.147.6.30
Why is this IP showing SOUTHWESTERN BELL TELEPHONE COMPANY?
__________________
I Love Photography. I Love Aperture. I Love Mac.
drgrudge is offline  
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
Latest Threads
Must Watch Movies Recommended By Digitians
- by ~Phenom~
Kingdom of Amalur: Reckoning discussion
- by vamsi_krishna
Your Gaming Backlog/Progress Report!
- by Ethan_Hunt
The LG Optimus One Thread
- by noobdroid
Poor Jokes Thread
- by rezurect007
Letsbuy.com now integrated with Flipkart.com
- by Terabyte
Battlefield 3 Multiplayer Discussion
- by Charan
Battlefield 3 discussion!
- by cyborg47
How to disable Airtel Missed Call Alerts
- by Charan
Diablo III Discussion
- by Gaurav Bhattacharjee

Advertisement




All times are GMT +5.5. The time now is 03:39 AM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2