Tech Support Guy banner
Cancel

HijackThis log

1588 Views 19 Replies 3 Participants Last post by  Rollin' Rog
K
I am being bombarded with popups! I notice something called DLHelper on my computer is this bad? I downloaded HijackThis and installed it. This is the log. Could someone please let me know what to do?

Logfile of HijackThis v1.97.7
Scan saved at 12:59:32 PM, on 03/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\ePO Agent\naimas32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\webesd\srvany.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\WINNT\system32\svchost.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\PD\shwicon.exe
C:\Program Files\ePO Agent\naimag32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\My Documents\programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mybrga.az.honeywell.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Honeywell Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://iecfg.honeywell.com/proxy/proxy.pac
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A08D-8F6FA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsc032.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SwdisUsrPCN.olt12c1vv01] "C:\PROGRA~1\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\Program Files\Tivoli\swdis\1\wdusrpcn.env"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lcfep] "C:\PROGRA~1\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022] "C:\Program Files\PD\shwicon.exe" -t"The Company\USB Flash HDD Series Driver v1.17r022"
O4 - HKLM\..\Run: [NaimAgent_UI] C:\Program Files\ePO Agent\naimag32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.allied.com
O15 - Trusted Zone: electronicmaterials.envolv.com
O15 - Trusted Zone: iecfg.honeywell.com
O15 - Trusted Zone: my.honeywell.com
O15 - Trusted Zone: www.honeywell.com
O15 - Trusted Zone: www.ibm.com
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://my.honeywell.com/app/yahoo/outlctlx.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/0338d9fa442974291120/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0338d9fa442974291120/netzip/RdxIE2.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLHelper/DLHelper.cab
O16 - DPF: {CD89AB62-B70C-43CF-AC83-C7BB55C3DA43} - http://www.sirsearch.com/toolbar/partner/selfnetwork/setup_selfnet_bundle_tdp047.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks
Troy
See less See more
Save
Like
Status
Not open for further replies.
1 - 8 of 20 Posts
mobo
Rescan and put a check next to each of these then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A08D-8F6FA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsc032.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/0338d9fa442974291120/netzip/RdxIE.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0338d9fa442974291120/netzip/RdxIE2.cab

O16 - DPF: {CD89AB62-B70C-43CF-AC83-C7BB55C3DA43} - http://www.sirsearch.com/toolbar/partner/selfnetwork/setup_selfnet_bundle_tdp047.cab

Thanks
Troy [/B][/QUOTE]
See less See more
Save
Like
mobo
Rescan and put a check next to these then close all browser windows and click "fix checked"

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)

O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

Then delete C:\Program Files\TV Media\Tvm.exe
See less See more
Save
Like
mobo
Since you have spybot installed use its immunize feature then fradded adware protecton you should install Spyware Blaster from http://www.javacoolsoftware.com/spywareblaster.html. be sure to keep thes updates as well.
Save
Like
mobo
This should be removed
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
Save
Like
mobo
After a little searching i found out that it is possibly a cws variant so

Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems

CWS takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.
Save
Like
mobo
You said you had spybot, update it fully then run a scan as I found an older link here and it removed the entry.
Save
Like
mobo
What I wanted you to do was run a scan not immunize. Click on Search & Destroy then click "check for problems" When finished have it "fix problems"
Save
Like
mobo
As always Rog, a wealth of knowledge and excellent communication skills..

Thanks
Save
Like
1 - 8 of 20 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top