[BobC]

Hello, and season's greetings one and all. I could sure use a helping hand to get rid of that annoying virus thingy or whatever it is that "hhnt.exe" represents. I'm sure I needn't go into detail about the actions of this piece of digital crap, as you already are familiar with it. Isn't it pathetic that some pimple faced low rent losers feel the need to compensate for their tiny wee limp little [bleep]'s by throwing these stupid adolescent digital tantrums. I have it under control to the extent that it can be disabled by "ctr-alt-del" and ending the process "hhnt.exe." That shuts it off for using the computer as long as i'm not online. I set up a separate limited account (Win XP) for internet access which stymies it completely. I would however like to be rid of the slimy thing so if you could help out there I'd appreciate it very much. By the way, this is my first time here, so I hope I've done it right.



Logfile of HijackThis v1.99.0
Scan saved at 4:35:20 PM, on 31/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FIX-IT~1.0\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\ZoneAlarm\zapro.exe
C:\Program Files\HijakThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} - C:\WINDOWS\ietlbass.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\FIX-IT~1.0\MemCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\ZoneAlarm\zapro.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\FIX-IT~1.0\mxtask.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Advertisements]

Before you fix it would you mind sending me a (preferably zipped) copy of
C:\WINDOWS\hhnt.exe
Send it to pieterATwilderssecurity.org (replace AT with @)

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} - C:\WINDOWS\ietlbass.dll

O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe

Reboot after doing so, preferably into safe mode and delete:
C:\WINDOWS\hhnt.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts <= get a good one, f.e. here: http://www.mvps.org/...p2002/hosts.htm

Regards,

Pieter

Edited by Metallica, 01 January 2005 - 03:19 PM.

[Metallica]

Before you fix it would you mind sending me a (preferably zipped) copy of
C:\WINDOWS\hhnt.exe
Send it to pieterATwilderssecurity.org (replace AT with @)

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} - C:\WINDOWS\ietlbass.dll

O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe

Reboot after doing so, preferably into safe mode and delete:
C:\WINDOWS\hhnt.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts <= get a good one, f.e. here: http://www.mvps.org/...p2002/hosts.htm

Regards,

Pieter

Edited by Metallica, 01 January 2005 - 03:19 PM.