ylmansour
June 11th, 2004, 07:33 PM
I have already used Ad-aware, and CWshredder, attached is my HijackThis logfile, please let me know what to get rid of and how? Thank you so much. I hate these about blank people.
Logfile of HijackThis v1.97.7
Scan saved at 12:35:11 PM, on 6/11/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\Program Files\Common Files\fh.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\WINNT\system32\ihjlzhfb.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\windll32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\YL\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.180/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.180/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.180/search.php
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [winupd] C:\WINNT\system32\winupd.exe
O4 - HKLM\..\Run: [zkxzwz] C:\WINNT\system32\ihjlzhfb.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\system32\windll32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
:dizzy:
Logfile of HijackThis v1.97.7
Scan saved at 12:35:11 PM, on 6/11/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\Program Files\Common Files\fh.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\WINNT\system32\ihjlzhfb.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\windll32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\YL\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.180/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.180/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.180/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.180/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.180/search.php
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [winupd] C:\WINNT\system32\winupd.exe
O4 - HKLM\..\Run: [zkxzwz] C:\WINNT\system32\ihjlzhfb.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [windll32.exe] C:\WINNT\system32\windll32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
:dizzy: