|
Re: HijackThisLog Analysis - LuxTour
Date: Friday, 24 September, 2004 6:25 PM
Here is what you should do.
Reboot the computer and put it to safe mode. Then run the HJT scan again.
End the below suspicious process :
C: \ WINDOWS \ SYSTEM \ DRVDDLL.EXE
Remove these additional browser plug-in keys (O2...O4):
O4 - HKCU \ .. \ Run: [drvddll.exe] C: \ WINDOWS \ SYSTEM \ drvddll.exe
Remove these extra items in IE menu (O8...O9):
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
Delete these files from your C: drive.
C: \ WINDOWS \ SYSTEM \ DRVDDLL.EXE
Original log but with private information removed.
Logfile of HijackThis v1.98.2
Scan saved at 6:21:45 PM, on 24-Sep-2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C: \ WINDOWS \ SYSTEM \ KERNEL32.DLL
C: \ WINDOWS \ SYSTEM \ MSGSRV32.EXE
C: \ WINDOWS \ SYSTEM \ SPOOL32.EXE
C: \ WINDOWS \ SYSTEM \ MPREXE.EXE
C: \ WINDOWS \ SYSTEM \ mmtask.tsk
C: \ WINDOWS \ SYSTEM \ MSTASK.EXE
C: \ WINDOWS \ EXPLORER.EXE
C: \ WINDOWS \ SYSTEM \ SYSTRAY.EXE
C: \ PROGRAM FILES \ NORTON ANTIVIRUS \ NAVAPW32.EXE
C: \ WINDOWS \ RunDLL.exe
C: \ WINDOWS \ SYSTEM \ DRVDDLL.EXE
C: \ PROGRAM FILES \ MICROSOFT OFFICE \ OFFICE \ OSA.EXE
C: \ WINDOWS \ SYSTEM \ DDHELP.EXE
C: \ WINDOWS \ SYSTEM \ PSTORES.EXE
C: \ WINDOWS \ DESKTOP \ HIJACKTHIS.EXE
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: luxurytours.com.sg /
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,AutoConfigURL = website: my.singnet.com.sg
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyServer = website: proxy2.singnet.com.sg:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = sg;
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ SYSTEM \ MSDXM.OCX
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [TaskMonitor] C: \ WINDOWS \ taskmon.exe
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA~1 \ GRISOFT \ AVG7 \ AVGCC.EXE / STARTUP
O4 - HKLM \ .. \ Run: [AVG7_AMSVR] C: \ PROGRA~1 \ GRISOFT \ AVG7 \ AVGAMSVR.EXE
O4 - HKLM \ .. \ RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM \ .. \ RunServices: [McAfeeWebScanX] C: \ PROGRAM FILES \ NETWORK ASSOCIATES \ MCAFEE VIRUSSCAN \ WebScanX.Exe / RUNSERVICES
O4 - HKCU \ .. \ Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU \ .. \ Run: [drvddll.exe] C: \ WINDOWS \ SYSTEM \ drvddll.exe
O4 - HKCU \ .. \ Run: [AVG7_Run] C: \ PROGRA~1 \ GRISOFT \ AVG7 \ AVGW.EXE / RUNONCE
O4 - Startup: Office Startup.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C: \ Program Files \ Microsoft Office \ Office \ FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = singnet.com.sg
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: NameServer = 165.21.83.88,165.21.100.88
|
Post your comment