CastleCops® My Hijack This log file

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

My Hijack This log file

This topic is locked you cannot edit posts or make replies

All -> FavForums -> Trend Micro HijackThis Logs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

nonwing07

Cadet
Cadet

Joined: Nov 29, 2003
Posts: 4
Location: USA

Posted: Sun Nov 30, 2003 1:44 am Post subject: My Hijack This log file

This is my first time using this program. I'm somewhat knowledgeable on spyware issues but not enough to analyze things thoroughly. I'm not having any problems with my PC but I wanted to post my log and have someone take a look at it to see if anything catches their eye as a problem. I really appreciate all you guys do for us. I cant thank you enough. Thanks JS Indiana ------------------------------------------------------------------------------------- Logfile of HijackThis v1.97.7 Scan saved at 8:50:30 PM, on 11/29/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (xxxxxxxxx) (I believe this is my ip, I deleted it by putting xx's) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\DllHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Joe Snyder\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hoseheads.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=AEB988D1-4E1A-484A-8CEF-EAA48FF43232&version_id=18 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hoseheads.com/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [77799624.exe] C:\WINDOWS\System32\77799624.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01f28edbe88a32cd4105/netzip/RdxIE601.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Bulldog

General

Premium Member

Joined: Nov 16, 2003
Posts: 4375
Location: Canada

Posted: Sun Nov 30, 2003 8:41 am Post subject:

Quote:

MSIE: Internet Explorer v6.00 SP1 (xxxxxxxxx) (I believe this is my ip, I deleted it by putting xx's)

Nope..that is/was the build number of IE that you are running.
Anyway..
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=AEB988D1-4E1A-484A-8CEF-EAA48FF43232&version_id=18
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [77799624.exe] C:\WINDOWS\System32\77799624.exe

Reboot and delete:
C:\WINDOWS\System32\77799624.exe <-- file

Acheton

Forums Admin
Premium Member

Joined: Sep 04, 2003
Posts: 8925
Location: Uk

Posted: Sun Nov 30, 2003 8:42 am Post subject:

All looks fine to me although I am not sure what this is: O4 - HKLM\..\Run: [77799624.exe] C:\WINDOWS\System32\77799624.exe Someone with more experience might post with some ideas. Ach _________________ �What success a man builds from his gifting can be destroyed in a moment because of character.�

TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands

Posted: Sun Nov 30, 2003 5:22 pm Post subject:

It's Winpup malware. Have Hijack This fix it, reboot, delete the C:\WINDOWS\System32\77799624.exe file itself. Cheers, _________________ Tony CLSID List

nonwing07

Cadet
Cadet

Joined: Nov 29, 2003
Posts: 4
Location: USA

Posted: Mon Dec 01, 2003 4:56 am Post subject:

Thanks Kindly

TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands

Posted: Mon Dec 01, 2003 9:59 am Post subject:

You're welcome. Glad we were able to help. NOTE: This thread is now closed. Should you need it reopened, please PM a mod. Everyone else having a comparable issue, please launch a new topic for yourself. _________________ Tony CLSID List

	All -> FavForums -> Trend Micro HijackThis Logs	All times are GMT
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 77ppm 0.210s (0.044s) Making cybercriminals unhappy since 2002*