Can someone tell me what my HJT Log File means?

Status
Not open for further replies.

Milliteq_CEO

In Runtime
Messages
127
Location
Hell
Hello everyone, I came here for this, because I looked up ToolBar888 on Google, and saw that someone used Hijack This to get rid of it, so I came here for someone to analize my log. So, can someone please do it?
-----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:39:57 AM, on 7/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\dfndrd_4.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\jfnociaA.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\System32\winlog.exe
C:\Program Files\Common Files\{B07046BA-0956-1033-0820-020705200001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PSHope\PSHope.exe
C:\PROGRA~1\COMMON~1\ICROSO~1\iexplore.exe
C:\Program Files\?icrosoft\?ttrib.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\update\updmangr.exe
C:\WINDOWS\jfnocia.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\explorer.exe
c:\documents and settings\all users\start menu\programs\startup\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\C-Money\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {66E334B8-AF22-D480-0CE1-874A36D9F297} - C:\WINDOWS\System32\zovmmxtf.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\afktr.exe
F2 - REG:system.ini: UserInit=userinit.exe,laqxclg.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [sprwin] rundll32.exe C:\WINDOWS\System32\sprwin.dll,start
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_4.exe
O4 - HKLM\..\Run: [jfnociaA] C:\WINDOWS\jfnociaA.exe
O4 - HKLM\..\Run: [bika2b60] RUNDLL32.EXE w002ff74.dll,n 001a2b5f00000003002ff74
O4 - HKLM\..\Run: [w0034d37.dll] RUNDLL32.EXE w0034d37.dll,I2 001a2b5f00034d37
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\swinkqez.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [Rmat] "C:\PROGRA~1\COMMON~1\ICROSO~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Hhnthp] C:\PROGRA~1\ICROSO~1\TTRIB~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinkqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pjdsregp.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA711599-572C-4853-9543-A5C0B2D4A656}: NameServer = 71.250.0.12 151.197.0.38
O20 - AppInit_DLLs: svchost.dll C:\WINDOWS\System32\svchost.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\fpp2037oe.dll
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe

Thanks! ^_^
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Follow these instructions carefully

Download ALL 10 programs and update if needed.

Ad Aware SE Personal Free

Ad-aware Messenger Service Plugin

Ad-Aware VX2 Cleaner Plug-In 2.0

Spybot Search and Destroy Free

Windows Defender 2 Beta

HijackThis

Ewido

CCleaner

Cleanup!

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel, Internet Options.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, Firewall, click apply, don¡¦t reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked.

Now run each Spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

Now go to the recycle bin and delete everything that is in it.

Then run CCleaner „² make sure you run the Cleaner section of Windows and Applications and then the Registry Cleaner. Make a backup if you wish while running the Registry Cleaner when it asks you.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode.

Then run HiJackthis!

Save the log, copy and paste the log on www.techist.com
Do not attach the log, copy and paste always. This will make things go much faster.
 

Milliteq_CEO

In Runtime
Messages
127
Location
Hell
Thank you very much. And, I already have Ad-Aware, Spy Bot, and HiJack This. Also, I wanted to know, is Spy Sweeper a good tool, or no?
 

Milliteq_CEO

In Runtime
Messages
127
Location
Hell
Ad_Aware already deletes the files, but puts them in a quarentine list. Should I delete the auto-quarentine lkist or no?
 

Milliteq_CEO

In Runtime
Messages
127
Location
Hell
Logfile of HijackThis v1.99.1
Scan saved at 12:08:19 AM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{B07046BA-0956-1033-0820-020705200001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\update\updmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gaim\gaim.exe
C:\Documents and Settings\C-Money\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\afktr.exe
F2 - REG:system.ini: UserInit=userinit.exe,laqxclg.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA711599-572C-4853-9543-A5C0B2D4A656}: NameServer = 71.250.0.12 151.197.0.38
O20 - AppInit_DLLs: repairs303169590.dll
 

baronvongogo

Fully Optimized
Messages
2,756
Location
United Kingdom, Warrington
you have surf side kick 3 here are instructions on removing it found at http://www.bleepingcomputer.com/forums/topic9549.html:

# Close Internet Explorer and keep it closed throughout the entire removal process.

# Enter the control panel by clicking on the Start menu, then clicking on Run.

# Now type control in the Open field and press the OK button.

# Double-click on the Add/Remove Programs icon.

# Look for and uninstall the following entries if found in the Add/Remove Programs window.

Surf Sidekick
Surf Sidekick 2
Surf Sidekick 3

It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program.

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the followin in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.

# Navigate to the c:\hijackthis directory and double-click on HijackThis

# When the program starts, double-click on the HijackThis icon and then click on the Scan button.

# Put a checkmark next to the following entries if they exist:
R3 - URLSearchHook: (no name) - {000AB005-FF12-42C2-8DF5-39E12E5F9C91} - (no file)
R3 - URLSearchHook: (no name) - {000AB005-FF12-42C2-8DF5-39E12E5F9C91} - C:\Program Files\SurfSideKick\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick] C:\Program Files\SurfSideKick\Ssk.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O20 - AppInit_DLLs: repairs.dll
O20 - AppInit_DLLs: repairs302972943.dll

# Then click the Fix button

# Exit HijackThis.

# Reboot your computer

# Delete the following directories if they exist:

C:\PROGRAM FILES\SurfSideKick
C:\Program Files\SurfSideKick 3\
C:\Program Files\Common Files\VCClient\

# Search for the following files and if found delete them:

Sskknwrd.dll
Ssk.log
SskUpdater.exe
Ssk.exe


# Download the following reg file to your desktop. When it is finished downloading double-click on it and say Yes when it asks if you would like to merge the data.

Right click this link and choose save target as to use it.
http://www.bleepingcomputer.com/files/spyware/fixssk.reg
 

Milliteq_CEO

In Runtime
Messages
127
Location
Hell
O20 - AppInit_DLLs: repairs302972943.dll
Mine has a different number. And, most of thethings you typed aren';t on there.
 

baronvongogo

Fully Optimized
Messages
2,756
Location
United Kingdom, Warrington
I would fix these entries in hijackthis:

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

O20 - AppInit_DLLs: repairs303169590.dll

Also did you check add and remove programs? did you see surf side kick 3 or toolbar888? if you did uninstall them.

Go to my computer after all of that above and go to tools then folder options, view and then check the noe that says show hidden files and folders. Then re run a hijackthis scan and post.

Check my computer and program files for the folder toolbar888 and delete if found.
 
Status
Not open for further replies.
Top Bottom