Hikack-this log - 7 questionable entries

  NickyK 19:21 12 Nov 2004
Locked

I recently ran an automated analysis of my most recent hijack-this log. Are any of the following worth fixing?

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

click here

ult.htm ?

(I think the above is my Dell's homepage setting)


O8 - Extra context menu item: &AOL Toolbar

search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML ?


O9 - Extra button: Bromas y chistes - {068C36CF-

483E-4CA8-A7F2-10EFFDA49C45} -

click here?

l=games_fastclick&ver=1&t=new (file missing) ?



O9 - Extra button: Antivirus - {4358161B-A4B8-

498E-8019-3DAB50DFD578} -

click here?

l=games_fastclick&ver=1&t=new (file missing) ?


O9 - Extra button: Games - {C8950078-94A4-4C32-

BB9C-4666357965AF} - C:\games_fastclick\index.htm

?


O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

click here

mgr/en-us/1,0,0,21/mcgdmgr.cab


R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

click here

ve/defaults/su/*click here oo.com ?

(This one keeps messing with my IE searchbar/searchpage/local machine default and no matter how many times I fixit, it returns).

  NickyK 19:26 12 Nov 2004

PS. The "click heres" above link to the providers of the entries as follows:

R1 Dell

09 Bromas i chistas

09 descragar antivirus

016 not found

R1 Yahoo (not found) and Not found, but was Yahoo.

  VoG II 19:28 12 Nov 2004

Please wait for a response from Nellie2.

  Nellie2 19:45 12 Nov 2004

Hi

I can't advise on bits of a hijack log. I would need to see the whole thing. So I can get the whole picture.

  NickyK 20:15 12 Nov 2004

I'm posting this in two chunks:

1.
Logfile of HijackThis v1.98.2
Scan saved at 19:57:04, on 12/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Perfect Process\ppshield.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe

C:\Program Files\blcorp\UWCSuite\WinMem\WinMem.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Documents and Settings\Nicholas Wermuth\My Documents\Unused Desktop Shortcuts\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = click here*click here

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = click here*click here

  NickyK 20:16 12 Nov 2004

Chunk 2:


O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Anti-keylogger 5.2] C:\Program Files\Anti-keylogger\ak5_load.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [WinMem] C:\Program Files\blcorp\UWCSuite\WinMem\WinMem.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: Bromas y chistes - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - click here (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Antivirus - {4358161B-A4B8-498E-8019-3DAB50DFD578} - click here (file missing)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Games - {C8950078-94A4-4C32-BB9C-4666357965AF} - C:\games_fastclick\index.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: ppctlcab - click here

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - click here

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - click here

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - click here

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - click here

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{64D2354C-C664-4EF3-BAD0-F037CBDCA3AB}: NameServer = 195.93.49.134

  Nellie2 21:05 12 Nov 2004

Sorry for the delay... been busy elsewhere!

The only lines I would fix in that log are the following

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/ *hxxp://xxx.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/ *hxxp://xxx.yahoo.com/

O9 - Extra button: Bromas y chistes - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - hxxp: //xxx.accesoplugin.com/prom/a_bromas2/?l=games_fastclick&ver=1&t=new (file missing)

  NickyK 22:16 12 Nov 2004

Thanks very much. Appreciated.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?