hijackthis log

  May$ 12:28 04 Feb 05
Locked

Hi

I was wondering if someone could take a look at this log for me. I have been getting constatnt popups for 680180.net amoung others. Cheers
Logfile of HijackThis v1.98.2
Scan saved at 12:22:59, on 04/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE

  May$ 12:32 04 Feb 05

cont..

C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT FIREWALL CLIENT\ISATRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
M:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\SYSTEM\SWIN32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\SYSTEM\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

  May$ 12:33 04 Feb 05

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [WSTidy] c:\Program Files\WinSuite\Tidy\SMSMTidy.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain =
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
O18 - Protocol: crick - {B861500A-A326-11D3-A248-0080C8F7DE1E} - C:\WINDOWS\SYSTEM\CRICKPRO.DLL

  mulva42 13:34 04 Feb 05

its a bit of a mess.You will need to double space each line so its easier to look at, thats whats putting people off replying to your thread.

  Nellie2 11:08 05 Feb 05

Hello May$, It's ok I unscrambled your log! :)

If you haven't already done so download and Install Ad-Aware SE from click here, keeping the default options. However, some of the settings will need to be changed before your first scan

Close ALL windows except Ad-Aware SE

Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check and make Green: Include Module list in logfile


Click on ‘Proceed’ to save the settings.

Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

If Ad-Aware SE finds bad entries in the registry or bad files, you will receive a list of what it found in the window

Save the log file when it asks and then click ‘finish’

REBOOT to complete the removal of what Ad-Aware SE found

Then run hijackthis again, click the scan button and wait unitl it finishes the scan, put a tick against the following entries, close all other browsers and windows and click 'fix checked'

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\SYSTEM\SWIN32.DLL

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe

Then make sure hidden files and folder are viewable click here for instructions, and boot into safe mode and find and delete this file

C:\WINDOWS\SYSTEM\automove.exe

Reboot back to normal mode and post a fresh hijack log.

  May$ 13:26 06 Feb 05

Will do this asap.

Cheers

  Technotiger 13:39 06 Feb 05

Hi friend - someone else needs your help please, I am useless at these Hijack thingees.


click here


Cheers, hope you don't mind.

  Nellie2 20:32 06 Feb 05

It seems to be sorted Technotiger :)

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

VFX Oscar nominees 2017: Discover how the visual effects were created

Best alternatives to iTunes for Mac | Best music players for macOS: Free your music from the…