My PC has been HiJacked. Can Someone review this log?

[tpj0613]

Attched below is the log from HiJack This on my PC. This was created after I ran the latest SpyBot on my system. Can someone review this log and tell me what I need to remove? I greatly appreciate any help anyone can offer.

Logfile of HijackThis v1.97.7
Scan saved at 10:11:46 AM, on 1/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\WINDOWS\System32\wm.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\NOVELL\GroupWise\Notify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Documents and Settings\Sheriffs\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://jcmointranet/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://government.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://government.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://government.dellnet.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.16.137.30:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.16.132.19;10.16.132.40;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\msenfh.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdlgk.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msncjk.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\mscdka.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msobfl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Realtime Monitor] &quot;C:\Program Files\CA\eTrust\InoculateIT\realmon.exe&quot;
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] &quot;C:\Program Files\Messenger\msmsgs.exe&quot; /background
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe
O4 - Startup: FullShot99.lnk = SOFTWARE\FullShot99\FullShot99.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\Notify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -

http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38006.4314583333

O17 - HKLM\System\CCS\Services\Tcpip\..\{331F586A-EEC2-4A45-BFB3-594A101784EC}: Domain = JACKSONGOV.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{331F586A-EEC2-4A45-BFB3-594A101784EC}: NameServer = 10.16.132.7,10.16.132.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{331F586A-EEC2-4A45-BFB3-594A101784EC}: Domain = JACKSONGOV.ORG
O17 - HKLM\System\CS1\Services\Tcpip\..\{331F586A-EEC2-4A45-BFB3-594A101784EC}: NameServer = 10.16.132.7,10.16.132.40

 

[carrr]

First, disable system restore. Instructions here:

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Then, remove these entries:

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\msenfh.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdlgk.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msncjk.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\mscdka.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msobfl.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe

(See this link for more info on manual removal of the above hijacker:

http://www.kephyr.com/spywarescanner/library/clientman.msmc/index.phtml

)

Reboot.
Any better?


&quot;'Tis an ill wind that blows no minds.&quot; - Malaclypse the Younger