1. Hey Guest Did you know you can win an Honor 10 phone worth ₹33,000 and an additional ₹70,000 in paytm vouchers, just by replying to some threads and taking part in the discussions happening in the Honor Hub?

    What are you waiting for? Start commenting and start winning! Remember to read the instructions posted here.

    Dismiss Notice

ple.. chk HijackTHIS log file

Discussion in 'Software Q&A' started by pirates1323, Apr 6, 2006.

Thread Status:
Not open for further replies.
  1. pirates1323

    pirates1323 New Member

    Joined:
    Feb 10, 2005
    Messages:
    281
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    NOiDA
    this is my HijackThis log file.......While browsing the net.....a window appears saying "adultfriendfinder" when I log in to the net....I thought of posting my Hijack this log file.......Thz in advance :wink:


    Logfile of HijackThis v1.99.1
    Scan saved at 10:21:06 AM, on 4/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\progra~1\mcafee\MCAFEE~2\masalert.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ping.exe
    C:\Program Files\Sify Broadband\BBClient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\spoolsv.exe
    G:\Downloads\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
    O2 - BHO: (no name) - {F838C124-D9D4-82F0-D3B2-C9C6D48602CB} - C:\DOCUME~1\Robin\APPLIC~1\WAITDA~1\Exit Pop.exe
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [holeliesstupidbalm] C:\Documents and Settings\All Users\Application Data\Live Cake Hole Lies\Wma Global.exe
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKCU\..\Run: [Burn peak] C:\DOCUME~1\Robin\APPLIC~1\MESSKN~1\skipthat.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143643385523
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
     
  2. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    O2 - BHO: (no name) - {F838C124-D9D4-82F0-D3B2-C9C6D48602CB} - C:\DOCUME~1\Robin\APPLIC~1\WAITDA~1\Exit Pop.exe
    O4 - HKLM\..\Run: [holeliesstupidbalm] C:\Documents and Settings\All Users\Application Data\Live Cake Hole Lies\Wma Global.exe
    O4 - HKCU\..\Run: [Burn peak] C:\DOCUME~1\Robin\APPLIC~1\MESSKN~1\skipthat.exe
    O4 - Global Startup: Bluetooth.lnk = ?

    I dunno whats Robin, so if u use and trust it, its ok not to fix that I guess
    And what is holeliesstupidbalm?

    Others:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2B2E1EDC-2FF7-4637-A980-3D6217D1527A}: NameServer = 202.144.13.50,202.144.50.4

    If you have put these settings then not a problem...
     
  3. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    logfile appears clean...by and large; but for a detailed analysis and solutions, copy paste it in www.hijackthis.de .
     
  4. khattam_

    khattam_ Fresh Stock Since 2005

    Joined:
    Feb 13, 2005
    Messages:
    1,015
    Likes Received:
    5
    Trophy Points:
    38
    Please Check Mine Too

    Please Check Mine Too....
    i get a warning in the lower right corner of the windows saying "Your Computer is infected with a virus............ blah blah........" I'm sure it is done by a malware which i removed manually.... but I'm unable to fix the warning thing....................
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 06:42:42, on 10/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\System32\imapi.exe
    e:\program files\mcafee.com\agent\mcdetect.exe
    e:\PROGRA~1\mcafee.com\vso\mcshield.exe
    e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    E:\WINDOWS\system32\oodag.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\McAfee.com\VSO\mcvsshld.exe
    E:\Program Files\McAfee.com\VSO\oasclnt.exe
    E:\PROGRA~1\McAfee.com\Agent\McAgent.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Messenger\msmsgs.exe
    e:\progra~1\mcafee.com\vso\mcvsescn.exe
    e:\progra~1\mcafee.com\vso\mcvsftsn.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    D:\Security (F)\Security\Extras\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://adblock.linkz.com/abho/bandsearch.abs
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = eenepal.com
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] E:\PROGRA~1\McAfee.com\Agent\McAgent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] E:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C63D4FFE-AF2F-4B03-A9C9-26C2261CB220}: NameServer = 202.70.64.5 202.70.64.15
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe
    
    
    Thanks in advance
     
  5. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    R1-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = eenepal.com

    If u dont know what Eenpal is jus delete this

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C63D4FFE-AF2F-4B03-A9C9-26C2261CB220}: NameServer = 202.70.64.5 202.70.64.15

    If you dont use/know this nameserver/ip address, delete this too...

    rest clean...
     
  6. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    khattam : urs appears clean too !
     
  7. vmp_vivek

    vmp_vivek New Member

    Joined:
    Jun 3, 2005
    Messages:
    405
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    City 17
    I think that's:

    IP Address: 202.144.50.4

    Hostname: dns1.del.sify.net

    I analyzed that on the net, so if you are using sify, then 202.144.13.50,202.144.50.4 seems to be ok. :)
     
Thread Status:
Not open for further replies.

Share This Page