Hijackthis OWNS
02-13-2005, 04:41 AM
i ran this and this is what i came up with. i thank Designtechnica for the help they have provided. i have had richfind for over a year. it slowed the comp down considerable. thanks for the support.
Logfile of HijackThis v1.99.0
Scan saved at 5:16:00 AM, on 13/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\windows\system32\ycmagm.exe
C:\WINDOWS\System32\service.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\windows\system32\packager.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Kyle\LOCALS~1\Temp\~AceTemp\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch.com/?adv_id=define&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Richfind - {B6C16A75-D209-4D1B-9C95-8BA89D2B9435} - C:\WINDOWS\System32\Q2006000.dll
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Richfind - {9570F64D-0BFA-4733-9815-EB24DD649F8C} - C:\WINDOWS\System32\Q2006000.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: tbactivator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mwsearch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Richfind - {8138CB47-8F0B-4AB1-A115-75FBA4BC5A89} - C:\WINDOWS\System32\Q2006000.dll
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O3 - Toolbar: MWSearch Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mwsearch.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [systrans] C:\WINDOWS\System32\service.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ycmagm] c:\windows\system32\ycmagm.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [Win32 Services] C:\WINDOWS\svchosts.cpl
O4 - HKLM\..\RunServices: [systrans] C:\WINDOWS\System32\service.exe
O4 - HKCU\..\Run: [systrans] C:\WINDOWS\System32\service.exe
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Richfind - {8138CB47-8F0B-4AB1-A115-75FBA4BC5A89} - C:\WINDOWS\System32\Q2006000.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/264b9403b90d8ec40805/netzip/RdxIE601.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ca/games9.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (cfgwr Class) - http://morwillsearch.com/mwsearch.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O18 - Filter: text/html - {D0C20622-EA0C-46E0-A3DA-68DE497BF036} - C:\WINDOWS\System32\Q2006000.dll
O18 - Filter: text/plain - {D0C20622-EA0C-46E0-A3DA-68DE497BF036} - C:\WINDOWS\System32\Q2006000.dll
O19 - User stylesheet: (file missing)
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
Logfile of HijackThis v1.99.0
Scan saved at 5:16:00 AM, on 13/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\windows\system32\ycmagm.exe
C:\WINDOWS\System32\service.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\windows\system32\packager.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Kyle\LOCALS~1\Temp\~AceTemp\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch.com/?adv_id=define&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://full-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Richfind - {B6C16A75-D209-4D1B-9C95-8BA89D2B9435} - C:\WINDOWS\System32\Q2006000.dll
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Richfind - {9570F64D-0BFA-4733-9815-EB24DD649F8C} - C:\WINDOWS\System32\Q2006000.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: tbactivator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mwsearch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Richfind - {8138CB47-8F0B-4AB1-A115-75FBA4BC5A89} - C:\WINDOWS\System32\Q2006000.dll
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O3 - Toolbar: MWSearch Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mwsearch.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [systrans] C:\WINDOWS\System32\service.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ycmagm] c:\windows\system32\ycmagm.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [Win32 Services] C:\WINDOWS\svchosts.cpl
O4 - HKLM\..\RunServices: [systrans] C:\WINDOWS\System32\service.exe
O4 - HKCU\..\Run: [systrans] C:\WINDOWS\System32\service.exe
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Richfind - {8138CB47-8F0B-4AB1-A115-75FBA4BC5A89} - C:\WINDOWS\System32\Q2006000.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/264b9403b90d8ec40805/netzip/RdxIE601.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ca/games9.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (cfgwr Class) - http://morwillsearch.com/mwsearch.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O18 - Filter: text/html - {D0C20622-EA0C-46E0-A3DA-68DE497BF036} - C:\WINDOWS\System32\Q2006000.dll
O18 - Filter: text/plain - {D0C20622-EA0C-46E0-A3DA-68DE497BF036} - C:\WINDOWS\System32\Q2006000.dll
O19 - User stylesheet: (file missing)
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe