Using Hijack This. . .Need help knowing what to fix!

Posted 9/21/2004 6:06 PM
#3263
User avatar

harrisonw Member

Date Joined Nov 2016
Total Posts: 5
I'm new to Hijack This and i'm not sure what i need to fix. I'm trying to get rid of extra stuff i don't need running. The only things i have running in the background, to my knowledge; are my keyboard setting, Symantec antivirus, and internet explorer. any help would be appreciated. thanks alot.


Here is what Hijack this says:

Logfile of HijackThis v1.97.7
Scan saved at 1:05:49 PM, on 9/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=https://www.websearch.com/ie.aspx?tb_id=%tb_id]https://www.websearch.com/ie.aspx?tb_id=%tb_id[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intra.hanover.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url=https://www.websearch.com/ie.aspx?tb_id=%tb_id]https://www.websearch.com/ie.aspx?tb_id=%tb_id[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url=https://www.websearch.com/ie.aspx?tb_id=%tb_id]https://www.websearch.com/ie.aspx?tb_id=%tb_id[/url]
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - D:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - D:\PROGRA~1\COMMON~1\WinTools\btiein.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - D:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBKEYBOARD] D:\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [win32.exe] D:\WINDOWS\win32.exe
O4 - HKLM\..\Run: [YBrowser] D:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ANIWZCSService] D:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\RunServices: [Image] rundll32 D:\WINDOWS\image.dll,Install
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - https://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} (YPCXWizard Class) - https://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - https://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095732410703
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - https://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - https://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.3630671296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Posted 9/22/2004 10:16 AM
#3273
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[color=#0000ff>https://www.websearch.com/ie.aspx?tb_id=%tb_idR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.websearch.com/ie.aspx?tb_id=%tb_id[/color][/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [color=#0000ff>https://www.websearch.com/ie.aspx?tb_id=%tb_id[/url]


Run this scanner: [/color]
[color=#0000ff>https://www.mwti.net/antivirus/free_utilities.asp[/url]

Take one of the first seven links, activate all, in settings

[/color]


[color=#0000ff>https://www.safer-networking.org/index.php?page=mirrors

[color=#0000ff>https://www.lavasoftusa.com/support/download/


Open adaware and Click the "Check for updates now" line on the main screen. Click the "Connect" button on the webupdate screen.

If an update is available download it and install it. Click the "Finish" button to go back to the main screen.

Click on the Settings button (gear symbol in the upper right corner of the main status screen) in the quick launch toolbar to open the General settings screen. Check the "Automatically quarantine objects prior to removal" setting and then click "Proceed" to save your changes

Click the "Scan now" button in the main menu on the left side of the main status screen or use the "Start" button in lower right corner. This will open the Preparing System Scan screen. Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Then select "Use custom scanning options" and click "Customize". This will open the Scan Settings Page. Make sure all of the following are On with a "green" checkmark:

Scan within archives
Scan active processes
Scan Registry
Deep-scan Registry
Scan my IE Favorites for banned URLs
Scan my Hosts File

Then Click the Advanced Button – if running- on the left side to open the Advanced Settings screen. Make sure the following is on with a "green" checkmark:

Others are optional to be checked or unchecked.

Then click on the "Tweak" Button to open up the tweak settings.

Open up the Scanning Engine section and make sure ll of the following are On with a "green" checkmark:

Scan registry for all users instead of current user only

Make sure the following is unchecked with a "red" X:

Unload recognized processes & modules during scan.

Open up the Cleaning Engine section and make sure all of the following are On with a "green" checkmark:

Always try to unload modules before deletion
During Removal, unload Explorer and IE if necessary
Let Windows remove files in use at next reboot.

Click the "Proceed" button to save settings.

Click the "Next" button to start the scan.

When a scan is completed the Performing System Scan screen will change name to "Scan Complete".

Click the "Next" button to get to the Scanning Results screens where more information about the objects detected during the scan is available.


To fix all the bad critical objects do the following:

Right click on one of them to open up the selection screen. Click the "Select All" button to select all entries.

When all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.

[b]Plug-Ins for Ad-Aware (VX2 Cleaner) [/b]
Download the free VX2 Cleaner here : https://www.lavasoftusa.com/software/addons/vx2cleaner.shtml[/color][/url]

Close Ad-Aware SE build 1.05 and Ad-Watch (if running)
Install the VX2 Cleaner
Start Ad-Aware SE build 1.05
Go to “Plug-ins”
Select the VX2 Cleaner plug-in and click “Run Plugin”
If your computer isn’t infected, click “Close”.

If your computer is infected:

Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Cwshredder: [color=#0000ff>https://computercops.biz/downloads-file-349-details-CWShredder.html
[/url]

Or: [/color]
[color=#0000ff>https://www.softpedia.com/public/cat/10/17/10-17-150.shtml[/url]Unzip to own folder,check for updates if needed, close all other windows-Fix

[/color]

[color=#0000ff>https://www.softpedia.com/public/cat/10/17/10-17-69.shtml

Post new log




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/22/2004 7:31 PM
#3282
User avatar

harrisonw Member

Date Joined Nov 2016
Total Posts: 5
Thanks for the help Touch. Ran all that fun stuff. . . Here all the results of a new and improved Hijack This:

Logfile of HijackThis v1.98.2
Scan saved at 2:32:34 PM, on 9/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\Program Files\Yahoo!\browser\ybrwicon.exe
D:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBKEYBOARD] D:\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [YBrowser] D:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ANIWZCSService] D:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - https://www.drivershq.com/DD_v4.CAB
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - https://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095732410703



Posted 9/23/2004 7:34 AM
#3286
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, May 25, 2018, 8:36 PM (GMT +2)
There are a total of 61,605 posts in 13,563 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,318 registered members. Please welcome our newest member, Dellsupport.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.