Sample details: e567289cb12ff6f0e6ffe80f75224195 --

Hashes
MD5: e567289cb12ff6f0e6ffe80f75224195
SHA1: 31e20a9e1c659d5dd6e5bfaa21fb0b7a0cea759c
SHA256: d71ad6304f3140e341ed2a0982e9689339b58ee342c896a3121d2503a790904a
SSDEEP: 24576:Nn0o3ekB413PGwJDPFk6jIgyIkQ8JIuHgdUp0wRc:Nn0o3ekXwJDPF3RulmwRc
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Browsers | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/SEH__vba | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Advapi_Hash_API | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Internet_API |
Parent Files
47811d50390a86a17102d7496e6eabb9
Strings
		!This program cannot be run in DOS mode.
`.data
-A8E9-HijackThis
frmEULA
TrendMicro HijackThis
&                   GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
                            Preamble
  The licenses for most software are designed to take away your
freedom to share and change it.  By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.  This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it.  (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.)  You can apply it to
your programs, too.
  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
  To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.
  We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
  Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
  Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
modification follow.
                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License.  The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language.  (Hereinafter, translation is included without limitation in
the term "modification".)  Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope.  The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole.  If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works.  But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.  However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License.  Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
  5. You are not required to accept this License, since you have not
signed it.  However, nothing else grants you permission to modi
Command2
I Do Not Accept
Command1
I Accept
HijackThis
HijackThis Beta
HijackThis
frmMain
modRegistry
modMain
modInfo
modLSP
modInternet
modBackup
modStartupList
modEncrypt
modProcMan
modHosts
modMD5_2
modADSSpy
modLanguage
frmEULA
modUtils
HijackThis
txtCheckUpdateProxy
cmdInfo
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
fraScan
cmdProcManRun
chkStartupListComplete
chkStartupListFull
cmdSaveDef
cmdDelOnReboot
cmdConfigBackupDelete
cmdCheckUpdate
fraMiscToolsScroll
lblInfo
cmdN00bLog
cmdUninstManSave
cmdScan
lstADSSpyResults
lstResults
cmdAnalyze
cmdDeleteService
txtHelp
txtNothing
fraUninstMan
lstBackups
cmdMainMenu
mnuADSSpySave
mnuADSSpyStr1
mnuADSSpySelNone
mnuADSSpySelInv
mnuADSSpySelAll
fraHostsMan
lstHostsMan
filLanguage
cmdConfig
chkAutoMark
chkConfirm
chkBackup
chkIgnoreSafe
chkLogProcesses
lblStatus
txtDefStartPage
txtDefSearchPage
txtDefSearchAss
txtDefSearchCust
lstIgnore
chkShowN00bFrame
chkConfigStartupScan
cmdStartupList
cboN00bLanguage
cmdHostsManager
cmdProcessManager
cmdADSSpy
cmdLangLoad
picPaypal
cmdARSMan
fraProcessManager
chkConfigTabs
cmdConfigIgnoreDelAll
cmdN00bBackups
cmdConfigBackupDeleteAll
chkDoMD5
cmdN00bTools
cmdADSSpyHelp
cmdADSSpyWhatsThis
cmdHelp
cmdFix
lstProcManDLLs
chkProcManShowDLLs
fraHelp
fraADSSpyStatus
lstProcessManager
cmdUninstManBack
fraSubmit
cmdUninstManOpen
imgProcManSave
fraConfigTabs
cmdHostsManDel
cmdProcManKill
fraOther
cmdN00bScan
lblProcManDblClick
cmdHostsManToggle
cmdHostsManOpen
cmdUninstManDelete
vscMiscTools
chkADSSpyIgnoreSystem
cmdADSSpySaveLog
fraADSSpy
lblADSSpyStatus
cmdADSSpyScan
lblConfigInfo
cmdADSSpyRemove
cmdUninstManEdit
cmdProcManRefresh
cmdADSSpyBack
fraN00b
cmdConfigIgnoreDelSel
chkShowN00b
chkAdvLogEnvVars
cmdConfigBackupRestore
cmdN00bClose
fraConfig
lblMD5
chkADSSpyQuick
cmdHostsManBack
cmdN00bHJTQuickStart
cmdLangReset
chkADSSpyCalcMD5
imgMiscToolsDown1
imgMiscToolsDown2
imgMiscToolsUp2
txtUninstManName
imgMiscToolsUp1
txtUninstManCmd
lstUninstMan
cmdUninstManRefresh
imgProcManCopy
cmdProcManBack
imgMiscToolsDown
mnuADSSpy
imgMiscToolsUp
ObfuscateData
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
shell32
shlwapi.dll
SHDeleteKeyA
Kernel32
GetVersionExA
GetWindowsDirectoryA
AllocateAndInitializeSid
comdlg32.dll
GetOpenFileNameA
GetSaveFileNameA
MoveFileExA
GetUserNameA
GetComputerNameA
GetDateFormatA
lstrlenA
GetUserDefaultLCID
shell32.dll
ShellExecuteEx
wsock32.dll
inet_addr
GetShortPathNameA
FindFirstFileA
FindNextFileA
FindClose
OpenSCManagerA
OpenServiceA
RtlMoveMemory
DeleteService
CloseServiceHandle
user32
GetSystemMetrics
SHFileOperationA
ExpandEnvironmentStringsA
Advapi32
OpenProcessToken
OpenThreadToken
GetCurrentProcess
GetCurrentThread
GetTokenInformation
IsValidSid
EqualSid
FreeSid
IsWow64Process
Kernel32.dll
Wow64DisableWow64FsRedirection
GetLogicalDrives
Wow64RevertWow64FsRedirection
LoadLibraryA
GetProcAddress
FreeLibrary
SystemParametersInfoA
CloseHandle
GetTickCount
GetVolumeInformationA
GetDriveTypeA
CreateFileA
CreateFileW
NTDLL.DLL
NtQueryInformationFile
DeleteFileA
ShellExecuteA
GetPrivateProfileStringA
RegEnumKeyA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetFileTime
FileTimeToSystemTime
GetFileVersionInfoA
FileTimeToLocalFileTime
PSAPI.DLL
EnumProcesses
GetModuleFileNameExA
OpenProcess
EnumProcessModules
version.dll
GetFileVersionInfoSizeA
VerQueryValueA
lstrcpyA
wininet
InternetOpenA
Module32First
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetGetConnectedState
Module32Next
Thread32First
Thread32Next
TerminateProcess
SuspendThread
ResumeThread
OpenThread
GetCurrentProcessId
SendMessageA
__vbaStrR4
VBA6.DLL
__vbaStrI4
__vbaVarTstNe
__vbaFpR4
__vbaFileCloseAll
__vbaBoolVarNull
__vbaExitProc
__vbaI4Str
__vbaEnd
__vbaAryVar
__vbaAryCopy
__vbaI2Str
__vbaVarCmpEq
__vbaI2Abs
__vbaAryUnlock
__vbaAryLock
__vbaUbound
__vbaBoolVar
__vbaInStr
__vbaStrVarVal
__vbaAryDestruct
__vbaVarDup
__vbaVarCat
__vbaNew2
__vbaVarMove
__vbaVarTstEq
__vbaLenBstr
__vbaI2I4
__vbaFpI4
__vbaI4Var
__vbaGenerateBoundsError
__vbaLsetFixstr
__vbaStrFixstr
__vbaInStrVar
__vbaVarSub
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaDateVar
__vbaAryConstruct2
__vbaErrorOverflow
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFileClose
__vbaPrintFile
__vbaFileOpen
__vbaStrI2
__vbaHresultCheckObj
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaOnError
__vbaFreeStrList
__vbaStrCat
__vbaFreeObj
__vbaFreeStr
__vbaStrCopy
__vbaStrCmp
__vbaFreeObjList
__vbaObjSet
__vbaStrMove
__vbaVarIndexStore
__vbaVarAdd
__vbaVarIndexLoad
__vbaVarIndexLoadRefLock
__vbaRefVarAry
__vbaVarVargNofree
__vbaRedimPreserve
__vbaRedim
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
__vbaObjVar
__vbaUI1I2
__vbaLateMemCallLd
__vbaVarCmpGt
__vbaLateMemSt
__vbaLenVarB
__vbaStrCompVar
__vbaVarNot
__vbaNameFile
__vbaRecDestruct
__vbaVarCopy
__vbaRecDestructAnsi
__vbaVarTstGt
__vbaLineInputStr
__vbaVarAnd
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarOr
__vbaStrR8
__vbaR8Str
__vbaObjSetAddref
__vbaLateMemCall
__vbaMidStmtBstr
__vbaLenVar
__vbaStrBool
__vbaVarMul
__vbaPowerR8
Command1
Command2
__vbaFpR8
__vbaLateIdSt
__vbaForEachCollObj
__vbaNextEachCollObj
__vbaI2Var
__vbaStrLike
__vbaCastObj
__vbaNew
frmMain
coolwebsearch
33n[[hZZd::W		naa
qqgGGA;;9
imn@Uma
^^^sss
\\Z{{s
QQvggo
))2/		
fff+fff9fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@&&
fff+fffUfffqfff
fff9fffqfff
IIIQBBB
^^^D\\\
dddAfff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
\\\E\\\
@@@Y:::#
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff>fff
fff7fff
fff*fff
fff!eee'fff'fff'fff'fff'eee'fff'fff'fff'fff'eee'fff'fff'fff'eee'fff';;lJ
ggg2fffneee
eee=fff?fff?eee?fff?fff?fff?eee?fff?eee?fff?%%
aaa	aaa	aaa	aaa	aaa	aaa	ddc
TahomaF
fraOther
Other stuff
cmdSaveDef
Add checked to ignorelist
cmdConfig
Config...
cmdHelp
Info...
fraScan
Scan && fix stuff
cmdInfo
Info on selected item...
cmdScan
Tahoma
cmdFix
Fix checked
picPaypal
txtNothing
No suspicious items found!
Tahoma
fraHelp
Tahoma
txtHelp
lstResults
fraSubmit
cmdAnalyze
AnalyzeThis
cmdMainMenu
Main Menu
fraConfig
Configuration
Tahoma
chkConfigTabs
Misc Tools
Tahoma)
chkConfigTabs
Backups
Tahoma)
chkConfigTabs
Ignorelist
Tahoma)
chkConfigTabs
Tahoma)
fraConfigTabs
vscMiscTools
fraMiscToolsScroll
cmdLangLoad
Load this file
cmdLangReset
Reset to default
filLanguage
*.lng;*.LNG
cmdARSMan
Open Uninstall Manager...
cmdDeleteService
Delete an NT service...
chkAdvLogEnvVars
Include environment variables in logfile
cmdADSSpy
Open ADS Spy...
cmdDelOnReboot
Delete a file on reboot...
cmdHostsManager
Open hosts file manager
cmdProcessManager
Open process manager
chkStartupListComplete
List empty sections (complete)
chkStartupListFull
List also minor sections (full)
txtCheckUpdateProxy
cmdCheckUpdate
Check for update online
cmdStartupList
Generate StartupList log
chkDoMD5
Calculate MD5 of files if possible
lblInfo
Open the integrated ADS Spy utility to scan for hidden data streams.
lblConfigInfo
Language files
Tahoma
linSeperator
linSeperator
lblInfo
Open a utility to manage the items in the Add/Remove Software list.
lblInfo
Delete a Windows NT Service (O23). USE WITH CAUTION! (WinNT4/2k/XP only)
linSeperator
lblConfigInfo
Update check
Tahoma
linSeperator
lblConfigInfo
Update check
Tahoma
lblConfigInfo
Advanced settings (these will not be saved)
Tahoma
lblConfigInfo
System tools
Tahoma
linSeperator
linSeperator
linSeperator
linSeperator
linSeperator
linSeperator
lblInfo
If a file cannot be removed from memory, Windows can be setup to delete it when the system is restarted.
lblConfigInfo
Opens a small editor for the 'hosts' file.
lblConfigInfo
Opens a small process manager, working much like the Task Manager.
lblConfigInfo
Use this proxy server (host:port) :
lblConfigInfo
Phones home to www.spywareinfo.com to see if a newer HijackThis version exists.
lblConfigInfo
StartupList (integrated: v1.52)
Tahoma
imgMiscToolsUp
GIF89a
Click to scroll
imgMiscToolsUp2
GIF89a
imgMiscToolsDown
GIF89a
Click to scroll
imgMiscToolsDown2
GIF89a
imgMiscToolsUp1
GIF89a
imgMiscToolsDown1
GIF89a
fraProcessManager
Itty Bitty Process Manager
lstProcManDLLs
chkProcManShowDLLs
Show DLLs
lstProcessManager
cmdProcManKill
Kill process
cmdProcManRun
Run...
cmdProcManBack
cmdProcManRefresh
Refresh
lblConfigInfo
Loaded DLL libraries by selected process:
imgProcManCopy
888888
Copy list to clipboard
imgProcManSave
GIF89a
   000@@@PPP```ppp
  HH Hp H
 HHHHHpHH
 pHHpHppH
Save list to file..
lblConfigInfo
Running processes:
lblProcManDblClick
Double-click a file to view its properties.
fraConfigTabs
fraConfigBackup
Tahoma"
cmdConfigBackupDeleteAll
Delete all
cmdConfigBackupDelete
Delete
cmdConfigBackupRestore
Restore
lstBackups
lblConfigInfo
This is your list of items that were backed up. You can restore them (causing HijackThis to re-detect them unless you place them on the ignorelist) or delete them from here. (Antivirus programs may detect HijackThis backups!)
fraADSSpy
ADS Spy
fraADSSpyStatus
lblADSSpyStatus
Ready.
lstADSSpyResults
cmdADSSpyBack
cmdADSSpySaveLog
Save log...
chkADSSpyCalcMD5
Calculate MD5 checksum of streams
chkADSSpyIgnoreSystem
Ignore safe system info streams
chkADSSpyQuick
Quick scan (Windows base folder only)
cmdADSSpyRemove
Remove selected
cmdADSSpyScan
Tahoma
cmdADSSpyWhatsThis
What's this?
cmdADSSpyHelp
fraConfigTabs
fraConfigIgnorelist
Tahoma"
lstIgnore
cmdConfigIgnoreDelSel
Delete
cmdConfigIgnoreDelAll
Delete all
lblConfigInfo
The following items will be ignored when scanning for hijacks. Note that the format of items can change between versions and you should re-create your ignorelist after an upgrade, to prevent duplicate items here.
fraConfigTabs
fraConfigMain
Tahoma"
chkConfigStartupScan
Run HijackThis scan at startup and show it when items are found
chkShowN00bFrame
Show intro frame at startup
chkLogProcesses
Include list of running processes in logfiles
chkIgnoreSafe
Ignore non-standard but safe domains in IE (e.g. msn.com, microsoft.com)
chkAutoMark
Mark everything found for fixing after scan
txtDefStartPage
txtDefSearchPage
txtDefSearchAss
txtDefSearchCust
chkConfirm
Confirm fixing && ignoring of items (safe mode)
chkBackup
Make backups before fixing items
lblConfigInfo
Below URLs will be used when fixing hijacked/unwanted MSIE pages:
lblConfigInfo
Default Start Page:
lblConfigInfo
Default Search Page:
lblConfigInfo
Default Search Assistant:
lblConfigInfo
Default Search Customize:
fraUninstMan
Add/Remove Programs Manager
cmdUninstManSave
Save list...
txtUninstManCmd
txtUninstManName
cmdUninstManRefresh
Refresh list
cmdUninstManEdit
Edit uninstall command
cmdUninstManBack
cmdUninstManDelete
Delete this entry
cmdUninstManOpen
Open Add/Remove Software list
lstUninstMan
lblInfo
Here you can see the list of programs in the Add/Remove Software list in the Control Panel. You can edit the uninstall command or delete an item completely. Beware, restoring a deleted item is not possible!
lblInfo
Uninstall command:
lblInfo
fraHostsMan
Hosts file manager
cmdHostsManOpen
Open in Notepad
cmdHostsManBack
cmdHostsManToggle
Toggle line(s)
cmdHostsManDel
Delete line(s)
lstHostsMan
lblConfigInfo
Note: changes to the hosts file take effect when you restart your browser.
lblConfigInfo
Hosts file located at: C:\WINDOWS\hosts
fraN00b
New users quickstart
Tahoma
cboN00bLanguage
cmdN00bScan
Do a system scan only
Tahoma
cmdN00bHJTQuickStart
Open online HijackThis QuickStart
Tahoma
chkShowN00b
Don't show this frame again when I start HijackThis
cmdN00bClose
None of the above, just start the program
cmdN00bTools
Open the Misc Tools section
cmdN00bBackups
View the list of backups
cmdN00bLog
Do a system scan and save a logfile
Tahoma
lblInfo
Change language:
linSeperator
linSeperator
linSeperator
linSeperator
lblInfo
Courtesy of TomCoyote.org
lblInfo
What would you like to do?
lblStatus
shpMD5Progress
shpMD5Background
lblMD5
Calculating MD5 checksum of [file]...
shpProgress
shpBackground
lblInfo
Below are the results of the scan. Be careful what you delete, HijackThis cannot determine what is bad and what merely customized by you. The best thing to do is save a log file and show it to knowledgable folks.
lblInfo
Welcome to HijackThis, the first general browser hijacker detecter and remover as far as I know. This program will be updated to detect general hijacker techniques as long as mainstream spyware removers don't detect the specific hijacker.
mnuADSSpy
ADSSpy popupmenu
mnuADSSpySelAll
Select all
mnuADSSpySelNone
Select none
mnuADSSpySelInv
Invert selection
mnuADSSpyStr1
mnuADSSpySave
Save results to disk...
bEULAArgee
szDataIn
f9=d0R
}#j|hh
}#j@hh
}#j@hh
}#j@hh
}#j@hh
}#j@hh
}#j|hh
jxh0$A
jlh0$A
j|h0$A
j|h0$A
j|h0$A
j|h0$A
j|h0$A
jlh0$A
jlh0$A
jth0$A
VVVVRPQ
t}HtCHu}
f9=d0R
f95d0R
t9h`0R
f9=t0R
f9=z0R
}#jPhh
}#j`hh
}#jPhh
}#j`hh
}#jPhh
}#j`hh
f95d0R
}#jPhh
}#j`hh
}#jThx
}#jThx
}#jThx
}#jThx
}#j|hh
}#jThx
jHh0$A
MSVBVM60.DLL
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaVarIndexStore
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaI2Abs
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaForEachCollObj
__vbaStrBool
__vbaExitProc
__vbaFileCloseAll
__vbaStrLike
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
__vbaStrFixstr
__vbaBoolVar
__vbaFpR8
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaStrCompVar
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
__vbaAryCopy
_allmul
__vbaLateIdSt
__vbaLenVarB
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
aaa	aaa	aaa	aaa	aaa	aaa	ddc
eee=fff?fff?eee?fff?fff?fff?eee?fff?eee?fff?%%
fff!eee'fff'fff'fff'fff'eee'fff'fff'fff'fff'eee'fff'fff'fff'eee'fff';;lJ
ggg2fffneee
))2/		
fff+fff9fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@fff@&&
fff+fffUfffqfff
fff9fffqfff
IIIQBBB
^^^D\\\
dddAfff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
\\\E\\\
@@@Y:::#
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff@fff
fff>fff
fff7fff
fff*fff
QQvggo
33n[[hZZd::W		naa
qqgGGA;;9
imn@Uma
^^^sss
\\Z{{s