J
John V
Hello,
I had W32/Randex on my system and (as far as I know) got
rid of it. All AVG scans come up clean. My system is still
acting REAL flaky (freezing, wont search from the IE
address line, won't shut down properly, won't disconnect
modem connections, etc). Could anyone tell me if they see
anything strange on the Hijack This! log?
Thanks in advance,
Logfile of HijackThis v1.97.7
Scan saved at 4:48:45 PM, on 2/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FaxTalk NetOnHold\Ftnohmgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\syscfgx32.exe
C:\WINDOWS\system32\mscv.exe
C:\Program Files\Turbo\arteraui.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\dmsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dmsvc32.exe
C:\Program Files\Turbo\artera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://webcoast2coast.net/community
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer =
ftp=localhost:8081;http=localhost:8081;https=localhost:8081
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [NetOnHold] C:\Program Files\FaxTalk
NetOnHold\Ftnohmgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Com Port Manager] svch0st.exe
O4 - HKLM\..\Run: [syscfgx32] syscfgx32.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer]
winlogin.exe
O4 - HKLM\..\Run: [Microsoft Mouse Driver Ver 3.0]
pointer32.exe
O4 - HKLM\..\Run: [Device Driver Patch] Krnl686.exe
O4 - HKLM\..\Run: [Microsoft Task Messenger Config]
mscv.exe
O4 - HKLM\..\Run: [Artera] C:\Program
Files\Turbo\arteraui.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Windows driver update]
C:\WINDOWS\system32\dmsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Com Port Manager]
svch0st.exe
O4 - HKLM\..\RunServices: [syscfgx32] syscfgx32.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer]
winlogin.exe
O4 - HKLM\..\RunServices: [Microsoft Mouse Driver Ver 3.0]
pointer32.exe
O4 - HKLM\..\RunServices: [Device Driver Patch] Krnl686.exe
O4 - HKLM\..\RunServices: [Microsoft Task Messenger
Config] mscv.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows driver update]
C:\WINDOWS\system32\dmsvc32.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI
Control) -
http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37960.8734143519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F9FE97-0724-
41E5-8B3C-55B104731A58}: NameServer = 216.126.128.40
216.126.136.250
I had W32/Randex on my system and (as far as I know) got
rid of it. All AVG scans come up clean. My system is still
acting REAL flaky (freezing, wont search from the IE
address line, won't shut down properly, won't disconnect
modem connections, etc). Could anyone tell me if they see
anything strange on the Hijack This! log?
Thanks in advance,
Logfile of HijackThis v1.97.7
Scan saved at 4:48:45 PM, on 2/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FaxTalk NetOnHold\Ftnohmgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\syscfgx32.exe
C:\WINDOWS\system32\mscv.exe
C:\Program Files\Turbo\arteraui.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\dmsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dmsvc32.exe
C:\Program Files\Turbo\artera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://webcoast2coast.net/community
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer =
ftp=localhost:8081;http=localhost:8081;https=localhost:8081
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [NetOnHold] C:\Program Files\FaxTalk
NetOnHold\Ftnohmgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Com Port Manager] svch0st.exe
O4 - HKLM\..\Run: [syscfgx32] syscfgx32.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer]
winlogin.exe
O4 - HKLM\..\Run: [Microsoft Mouse Driver Ver 3.0]
pointer32.exe
O4 - HKLM\..\Run: [Device Driver Patch] Krnl686.exe
O4 - HKLM\..\Run: [Microsoft Task Messenger Config]
mscv.exe
O4 - HKLM\..\Run: [Artera] C:\Program
Files\Turbo\arteraui.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Windows driver update]
C:\WINDOWS\system32\dmsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Com Port Manager]
svch0st.exe
O4 - HKLM\..\RunServices: [syscfgx32] syscfgx32.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer]
winlogin.exe
O4 - HKLM\..\RunServices: [Microsoft Mouse Driver Ver 3.0]
pointer32.exe
O4 - HKLM\..\RunServices: [Device Driver Patch] Krnl686.exe
O4 - HKLM\..\RunServices: [Microsoft Task Messenger
Config] mscv.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows driver update]
C:\WINDOWS\system32\dmsvc32.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/1504d58377b8cfaaa619/netzip/RdxIE601.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI
Control) -
http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37960.8734143519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F9FE97-0724-
41E5-8B3C-55B104731A58}: NameServer = 216.126.128.40
216.126.136.250