Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 14 of 14 Posts

· Registered
22 Posts
Discussion Starter · #1 ·
Could someone take a look at this and tell me if there is something there that shouldn't be. Have run all the recommended sooftware but system still does not seem to be working properly. When logged on after a bit any new address I punch into IE address bar come back saying "cannot find server".

Logfile of HijackThis v1.97.7
Scan saved at 1:36:14 PM, on 27/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ( Operating System Class) -,0,0,76/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -,0,0,16/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC782A97-2FD9-44E1-868E-6A8C10D09285}: NameServer =

Thanks as always.


· Gone but Never Forgotten
17,966 Posts
Hi, I don't see anything wrong in the log. You have a good number of apps guarding things....

If you have anything turned off using msconfig or similar task program, we might not be seeing everything, though.

· Registered
22 Posts
Discussion Starter · #4 ·

Thank you appreciate the time. No have nothing turned off. Is there some place I can start to understand some of the things you people look for when you see a HiJack program, or is it just a matter of reading everything as it gets posted here i.e. experience.

Again thanks for the time.


· Registered
9,520 Posts
We use you guys as guinee pigs:D
Just takes time and experience and learning/knowing what to use and advise.......after a while you find you are doing HijackThis logs in your sleep:)
Just spend time in the security forum and see how things work.

· Registered
5,845 Posts
Hi fcpo... If you are interested in learning about interpretation of HJT logs, here are a couple of good places to start.

HJT Tutorial

HJT Tutorial 2

This site has what they call "Boot Camp" where they post sample logs for you to analyze and then experts give you feedback on how you do. You must register to participate.

Be aware this is no simple process. Aside from the fact the threat is constantly evolving, HJT log encompasses just about everything that can go wrong on a computers OS. Virus, spyware, hijack, trojans... you name it and HJT will generally indicate it. Some can be real subtle and difficult to pick out. There is even some intuitive aspects to interpretation. Mainly, it's just experience.

The links above do nothing more than provide the basics. Learning the ins and outs is a matter of desire and skill. This is something akin to being a medical doctor... You are in school forever.

· Registered
9,520 Posts
You will also become very sad and withdrawn in your home and social will atempt to converse with people who have no idea or interest in what your talking about and at parties or family you explain the fascination of yet another new CWS variant at the dinner table..... you will be as welcome as aunt maude and uncle walters prayer and tamborine evenings.
But your friends here will think your cool:D

· Registered
22 Posts
Discussion Starter · #9 ·

Thanks. As is aid hate doing things without understanding why and like anything else in life, "if it's worth doing it's worth spending the time to do it right.

Will start reading. As for "boot camp" spent 36 yrs in the Canadian Navy, so "boot camp" is not new.

Again appreciate all the advice.


· Registered
5,845 Posts
$teve... TRUE STORY. :D :D

HJT is indeed a whole different world all it's own. The average user simply has NO idea what I'm talking about. I've quit talking about it in social gatherings because people were starting to think I was obsessing (maybe I was/am :D ).

The good news is when one of my friends or relatives has some kind of really weird thing happen on their computer, I'm the one they call for advice/help (that IS good, isn't it? :confused: ).

I really do get a great amount of satisfaction from helping others understand what is going on with their PC's and get them up and running again. To date I have 6 friends and relatives "Customers" (non paying, of course) that I keep their systems tweaked and tuned. My daughter calls me her "Computer Wizard". Nice to hear even if it's not true. Everything is truly relative.

· Registered
5,845 Posts
Thanks, Mark. 'preciate the thought. Mixed feelings about this one.

On the one hand, I'm glad to have made it to 65 and still have a reasonably healthy mind and body... :D

On the other hand... DAMN, I'm 65 !!!! :eek:

I'm a little amazed at the whole idea.

Reality has me losing my old HMO medical insurance and going on Medicare. :(

· Registered
5,845 Posts
Lets see 65 plus 20... That's ummm... uhhhh... YEAH 106!!! Now that I know when I'm going I can plan on going out with 5¢ in cash and all my credit cards maxed out. Sounds like a plan... :D
1 - 14 of 14 Posts
Not open for further replies.