Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A Big Thankyou and final Hijack this logifle

Started by Graham , Jul 22 2004 10:36 AM

  • Please log in to reply

#1
Graham
Posted 22 July 2004 - 10:36 AM

Graham

    New Member

  • Member
  • Pip
  • 7 posts
First of all a big thankyou for all your help. I could not believe how quick and easy to follow it was. A donation has been sent. Also I was asked when it was finished to send a final Hijack this Logfile so here it is.

Logfile of HijackThis v1.98.0
Scan saved at 10:30:47 AM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Documents and Settings\Owner\Desktop\Hijack FIle\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:83
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA2AB2D-65F7-41C6-BC47-ED30D3C71FA3}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA2AB2D-65F7-41C6-BC47-ED30D3C71FA3}: NameServer = 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.

Also 1 last question about DSO Exploit. I still have the 1 entry (down from 5 due to earlier fix I described earlier) I understood that as long as windows updates are all done (they are) that it is no big deal. Is that true
THANKS AGAIN I HAVEW REALLY APPRECIATE THE HELP!
  • 0

Advertisements

#2
Smokey
Posted 22 July 2004 - 02:07 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Thank you so much for the kind donation <_<. The DSO Exploit problem is a known bug in Spybot and will be fixed in future versions. You have just a couple HJT lines left to fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

Be sure to keep SpwareBlaster and the Windows Update up-to-date. I strongly recommend you install an Anti-Virus and keep it up-to-date. AVG offers a great free anti-virus:
http://free.grisoft....us/doc/2/tpl/v5

Also, make sure your Windows Firewall is turned on. To do this:

1. Go to "Start", then "Control Panel"
2. Click on "Network and Internet Connections", then "Network Connections" at the bottom
3. Right-click on your internet connection and choose "Properties"
4. Click the "Advanced" tab and make sure "Protect my computer..." is checked
5. Hit "OK" and you will now be protected from hackers
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP