hijackthis

If you're under attack by spyware, adware, malware or the likes, post your HiJack This! log here for analysis.

Moderator: 127.0.0.1

hijackthis

Postby tater salad » Sun Sep 26, 2004 2:17 pm

hey i downloaded hijack this and am not sure what i should check so if you have any suggestions here is my log file:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\hkmjphx.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EJ\Desktop\hijackthis\HijackThis.exe

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Microsoft Update] hkmjphx.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] hkmjphx.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSlti32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Update] hkmjphx.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] MSlti32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 63caa5842a
O17 - HKLM\System\CCS\Services\Tcpip\..\{4257FDC5-1B30-4890-94C0-D7185152D8C8}: NameServer = 207.69.188.187 207.69.188.186
User avatar
tater salad
End-Loser
End-Loser
 
Posts: 79
Joined: Wed Sep 22, 2004 8:07 pm
Location: spanaway

Postby CyberAcharya » Mon Sep 27, 2004 2:28 am

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
>>>> Don't Fix it.

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
>>>> Don't Fix it.

O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
>>>> Don't Fix it.

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
>>>> Fix it.

O4 - HKLM\..\Run: [Microsoft Update] hkmjphx.exe
>>>> Fix it.

O4 - HKLM\..\Run: [Microsoft Update Machine] MSlti32.exe
>>>> Fix it.

O4 - HKLM\..\RunServices: [Microsoft Update] hkmjphx.exe
>>>> Fix it.

O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSlti32.exe
>>>> Fix it.

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
>>>> depends whether a user deems it necessary

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
>>>> Fix it.

O4 - HKCU\..\Run: [Microsoft Update] hkmjphx.exe
>>>> Fix it.

O4 - HKCU\..\Run: [Microsoft Update Machine] MSlti32.exe
>>>> Fix it.

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
>>>> depends whether a user deems it necessary. CTFMon is involved with the language/alternative input services in Office XP. Not required if you don't need these features.

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
>>>> Fix it.

O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
>>>> Fix it.

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

>>>> The above are buttons on main Internet Explorer toolbar or items in the Internet Explorer 'Tools' menu that are not part of the default installation. If you do not need these buttons you can remove them safely.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
>>>> Fix it.

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
>>>> Fix it.

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file. ... 779c1451ea
34585808392bb5a9ec48bd31258b709ec3f493e1e790bd3f61768f666e:3fdf1f5c28b3ed45336e8d63caa5842a
>>>> Fix it.

O17 - HKLM\System\CCS\Services\Tcpip\..\{4257FDC5-1B30-4890-94C0-D7185152D8C8}: NameServer =
207.69.188.187 207.69.188.186
>>>> Don't Fix it.
User avatar
CyberAcharya
Level 3 Tech
 
Posts: 291
Joined: Fri Aug 20, 2004 3:04 am

Postby tater salad » Mon Sep 27, 2004 6:57 pm

hey thanks man
User avatar
tater salad
End-Loser
End-Loser
 
Posts: 79
Joined: Wed Sep 22, 2004 8:07 pm
Location: spanaway


Return to HiJack This

Who is online

Users browsing this forum: No registered users and 1 guest

cron