Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hijack This Log 1

Status
Not open for further replies.
CaKiwi

CaKiwi

Programmer
Apr 8, 2001
1,294
US
I have been cleaning up a friend's machine and this is the current Hijack This log. I would appreciate expert anaysis

Logfile of HijackThis v1.97.7
Scan saved at 2:03:27 PM, on 4/18/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\loadwc.exe
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
G:\PROGRA~1\POPUPS~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\ddhelp.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\tapisrv.exe
C:\WINNT\system32\rasman.exe
C:\WINNT\System32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Microsoft Office\Office\OSA.EXE
C:\QUICKENW\QWDLLS.EXE
C:\Download\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\nzsearch\nzsearchenh.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [Pop-Up Stopper] "G:\PROGRA~1\POPUPS~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinHelp] C:\WINNT\System32\WinHelp.exe
O4 - HKLM\..\Run: [WinGate initialize] C:\WINNT\System32\WinGate.exe -remoteshell
O4 - HKLM\..\Run: [Remote Procedure Call Locator] RUNDLL32.EXE reg678.dll ondll_reg
O4 - HKLM\..\Run: [Program In Windows] C:\WINNT\System32\IEXPLORE.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] G:\Program Files\Yahoo\Messenger\ypager.exe -quiet
O4 - Startup: America Online 5.0 Tray Icon.lnk = G:\Program Files\America Online 5.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: EReg.lnk = EReg206\Reg32.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
CaKiwi
 
Sort by date Sort by votes
I'd first do an online virus scan from pandasoft.
O4 - HKLM\..\Run: [Remote Procedure Call Locator] RUNDLL32.EXE reg678.dll ondll_reg


Would allow hijack this to fix these items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(the 06 line if you or your friend have not set the restrictions)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

This one is a possible-I dont know if it's a substituted file:
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
 
Upvote 0 Downvote
Also, dont know if nt4 supports current explorer, if it does, upgrade with critical updates applied would help security.
 
Upvote 0 Downvote
NT 4 does support IE6, as I have put it on machines running the OS.

John
 
Upvote 0 Downvote
Thanks for the assistance, I will try you suggestions tonight. The reason that windows and IE are not up to date is that I have had problems connecting it to my DSL service because windows is out of date (catch-22). I'm still working on that problem.

CaKiwi
 
Upvote 0 Downvote
Xemus

Just had a look at that page, unfortunately it does not mention NT 4 as a supported operating system.
It's still worth knowing about the CD though.

John
 
Upvote 0 Downvote
thread748-789313 for comments.

My folder is dated February 2004, NT4 is not on the list of supported systems.
 
Upvote 0 Downvote
Thanks for the assistance. The system seems to be in pretty good shape now.

CaKiwi
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
255
goombawaho
goombawaho
MrMode
  • Locked
  • Question
Can anyone tell me what to remove with hijack this?
Replies
2
Views
135
MrMode
MrMode
DougP
  • Locked
  • Question
Some kind of Browser hijack, Can't click on anything in Browser
Replies
11
Views
192
goombawaho
goombawaho
Noway2
  • Locked
  • Question
What to make of this? 2
Replies
17
Views
252
goombawaho
goombawaho
lancekidd
  • Locked
  • Question
Hijack Log
Replies
7
Views
142
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top