Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Possible Virus*HijackThis Log Inside*

Status
Not open for further replies.
RWild

RWild

Programmer
Nov 14, 2003
53
0
0
US
Slow Internet activity & mass amount of pop-ups on this PC. The following is a log file created from HijackThis. What is safe to delete?

Logfile of HijackThis v1.98.2
Scan saved at 4:49:17 PM, on 10/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 66.230.146.42 gator.com #cooklop
O1 - Hosts: 66.230.146.42 doubleclick.net #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 tripod.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 geocities.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 adultfriendfinder.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 cj.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 paypopup.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 worldsex.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O1 - Hosts: 66.230.146.42 free6.com #cooklop
O1 - Hosts: 66.230.146.42 trafficmp.com #cooklop
O1 - Hosts: 66.230.146.42 #cooklop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {7A12A061-1396-4A68-8D0D-920618F280DA} - C:\WINDOWS\SYSTEM32\qhdc76.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cdehwfsh] C:\WINDOWS\cdehwfsh.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\RunOnce: [e413390.exe] C:\WINDOWS\System32\e413390.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
 
Sort by date Sort by votes
Too many things to fix just with Hijack at this point.

Download, update the definitions and run my trialware anti-malware of the month - Giant antispyware:

Let it do a complete scan. Then followup with the traditional tools of AdAware, CWShredder and SpyBot - see faq698-4650
 
Upvote 0 Downvote
First I would get rid of anything with "Gator" or "Doubleclick.net" I see that stopzilla is a popup blocker, and stops bots but I have never heard of it. I would probably remove it. Also get rid of "pay pop-up" and "world sex"

If anyone calls and says "I know a little something about computers" just tell them to reformat it.
 
Upvote 0 Downvote
This PC has been like this for a week now, and I finally have had some time to work on this. In the past few days I've ran AdAware, SpyBot and AVG. I have ran them everyday and new stuff is constantly popping up. I then thought of using HijackThis, you say there's to much to fix? Ok then. I will try your suggestion

 
Upvote 0 Downvote
Giant is free trialware for two weeks. It is a new contender and is receiving quite a bit of praise in the Security and Malware community. The trialware is fully functional.

Make sure you update the definition files before doing a scan. It is very easy to use. It removes some things that are quite frankly tedious to do with the traditional toolset of AdAware, CWShredder, SpyBot, etc. and reduces your infected surface to either clean (my limited experience), or at least a manageable list of issues.

 
Upvote 0 Downvote
Thanks for the Giant suggestion...I'm scanning now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pmonett
  • Locked
  • Question
Is it possible to replace Windows Explorer when using Win+E ? 1
Replies
2
Views
160
pmonett
pmonett
DSaba10
  • Locked
  • Question
Creating a log of SFTP Uploads
Replies
0
Views
64
DSaba10
DSaba10
ManniB
  • Locked
  • Question
Multiple Versions of Windows on one machine possible?
Replies
16
Views
375
Aditi Tyagi
Aditi Tyagi
Tom11
  • Locked
  • Question
Windows 8.1 Login Issue
Replies
10
Views
131
Edward Cramer
Edward Cramer
Professor Shadow
  • Locked
  • Question
Windows 10 May 2019 Insider Release Preview problems
Replies
6
Views
97
Abdullah Mughal
Abdullah Mughal

Part and Inventory Search

Sponsor

Back
Top