Thread: hijackthis scan

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    1
    Rep Power
    0

    hijackthis scan


    My computer recently has not allowed me to access "Disk Management" in "Computer Management" on the control panel.. an error that reads "mmc.exe has generated errors and will be closed by windows..." pops up. In addition, multiple error messages popup by themselves from internet explorer that state "cannot find file ///C:/WINNT/dlm.html" I downloaded the software "hijackthis" and ran a scan.. I've pasted the results below and am not sure what is needed and what can be deleted, or if my computer is infected with a virus. thanks in advance

    Logfile of HijackThis v1.97.7
    Scan saved at 9:38:59 AM, on 4/9/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\CTSvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Navnt\navapsvc.exe
    C:\PROGRA~1\Navnt\npssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\Navnt\alertsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\devldr32.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Navnt\POPROXY.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\dl.exe
    C:\WINNT\dlm.exe
    C:\WINNT\system32\config\services.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
    C:\Program Files\Navnt\navapw32.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\HijackThis[1].exe
    c:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sqwire.com/searchpage.php?aid=860
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-explorer.net/search_page.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O3 - Toolbar: Search Explorer Toolbar - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - C:\WINNT\Downloaded Program Files\CONFLICT.1\explbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
    O4 - HKLM\..\Run: [susp] C:\WINNT\susp.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Dial32] C:\WINNT\dl.exe
    O4 - HKLM\..\Run: [Dial33] C:\WINNT\dlm.exe
    O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
    O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: iOpus Internet Macros (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS....viewpoint.com
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...5/sdcregie.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab
    O16 - DPF: {3717DF55-0396-463D-98B7-647C7DC6898A} - http://www.search-explorer.net/toolbar/srchexpl.cab
    O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC} (Loader Class) - http://www.search-feed.com/bigbar/SQLoader.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...903.7845717593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab
    O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0014.cab
    O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    (moved to windows forums)
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Aug 2003
    Posts
    2,491
    Rep Power
    20
    Hi wolfguy,

    You have a coolwebsearch infection, among other things. Please download CWShredder from Here

    Close ALL browser windows or it may not work. Unzip it to a convenient location and select "Fix" (do not just Scan). It will automatically remove the infections.

    Reboot

    I'd like you to perform an online scan at Trend Micro (link below). Fix all items it finds.

    Reboot

    Download UPDATE and scan with Spybot Search and Destroy, Fix all it finds mard in RED.

    Reboot

    Download UPDATE and scan with Adaware, fix all checked items (all links are below).

    Reboot, place HijackThis in it's own folder such as C:\HJT and post a new log.

    Tom
    HijackThis
    Ad-aware
    Spybot Search & Destroy
    SpywareBlaster
    SpywareGuard
    Housecall Online A/V Scan

    Please read the stickys at the top of the forum before posting!

IMN logo majestic logo threadwatch logo seochat tools logo