Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can someone take a look at my log please?

Status
Not open for further replies.
noobish

noobish

Programmer
Jan 17, 2004
13
0
0
CA
Logfile of HijackThis v1.97.7
Scan saved at 8:34:27 PM, on 17/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\EZKore.exe
C:\Program Files\RBEnhance\rbenh.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Jayden Ong\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\EZKorewb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {97DAA8C3-E390-4441-8FDD-A2BAEF9F9856} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus Utility.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://redirect.tucows.com/lycos/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
 
Sort by date Sort by votes
I'm no expert, but those internet explorers runnung under program files are very suspicious. I would start with an online virus scan.
 
Upvote 0 Downvote
I wouldn't be concerned about multiple IEXPLORE.EXE's running, but you should check out what these files are doing and why they are on your PC.

C:\WINDOWS\System32\EZKore.exe
C:\Documents and Settings\Jayden Ong\Desktop\HijackThis.exe
 
Upvote 0 Downvote
I don't know what EZKore is, but HijackThis.EXE is an application used to remove spyware.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
Upvote 0 Downvote
There's absoulutely nothing abnormal with multiple iexplorer.exe's running, especially in XP. Explorer is tied in with several other apps, and will show multiple times accordingly.

C:\Documents and Settings\Jayden Ong\Desktop\HijackThis.exe is the program that generated the log that we're looking at.

EZKore? Hopefully the poster knows what that software is, if not, hoepfully they'll let us know so we can look into removal (though I can find fery little about it).

On to the cleaning:

First, disable system restore. Instructions here:

Next, using Hijack This!, remove these entries:

O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch

O3 - Toolbar: (no name) - {97DAA8C3-E390-4441-8FDD-A2BAEF9F9856} - (no file)

Reboot.
Any better?




"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
absolutely right! Don't know what I was thinking about those iexplorers running
 
Upvote 0 Downvote
yeh i jus reformated was getting sick of it plus my comp needed cleaning neways
 
Upvote 0 Downvote
OK, old thread now, I know. But this might still help...


Those O1 hosts entries are the result of a CoolWebSearch ingfection.

Have you run the utility called CoolWebSearch?


Download it, close all browser and Explorer windows, and run it. Be sure to click on FIX and not Scan Only.

Let it run its course, and when it has finished exit the program and reboot your system.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
150
Yoko Littner
Yoko Littner
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
99
Oorde
Oorde
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
79
2ffat
2ffat
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
63
2ffat
2ffat
CDIV
  • Locked
  • Question
port 8080 monitoring -Trend micro deep security agent
Replies
0
Views
66
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top