1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Hijackthis log or how I was a bad boy !!!!

By Samstoned
Feb 20, 2005
  1. how does this look
    Problem I went to wrong place today now mozzila and firefox will not open
    I hate that .
    even with all the protection on my machine

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Don't know why your programs shut down, probably NOT because of a Hijack.

    Whittling down your log, there is not that much wrong.
    I don't like the R1, but I don't know what it is supposed to look like when you run a server.
    HJT can 'fix' this for you. It makes a backup of every change, so you can always 'undo' it.
    Let HJT 'fix' the mentioned O16 entries.
    www.m71.com is a Eastern-European website under construction. Unless you are Eastern-European yourself, and/or the owner of this website, I'd find this very suspicious.
    O17 entries are signs of hi-jacked websites.
    So, unless this m71.com is yours, let HJT 'fix' them as well.

    To do so, boot in Safe Mode, run HJT on its own, and let it 'fix' that lot.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:80;http=localhost:80;https=localhost:80;socks=localhost:1080
    O16 - DPF: {0000000C-0000-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38363.5430902778
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m7l.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{}: NameServer = deleted for security
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m7l.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = m7l.com

    You should install W2K-SP4 and about 30-odd W2K-updates after that!
  3. Samstoned

    Samstoned TechSpot Paladin Topic Starter Posts: 1,018

    Thank You will check on the proxy thing I don't remember setting that up
    yes thats my server
    I ran in safe mode used mcafee did find 1 file a c.bat
    switched to kaspersky found 14 virus + trojans in system
    had to do a complete browser removal and replace
    gotta warn about this search I was looking for computer remote control software
    like VNC ,but with manager controls clicked into the wrong website
    it looked official enough asked if I wanted a demonstation of software
    thats how I got the bug
    it took over 10 hours to check all my drives
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I just realised I had been looking at www.m71.com instead of www.m7L.com, which is registered in Pittsburgh/PA but is not accessible otherwise (on your PC I guess).
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...