 sn048's HJT log |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs  |
 Jan 21 2008, 10:25 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 9 Joined: 10-January 08 Member No.: 182,634  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:46 PM, on 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\Explorer.exe C:\WINNT\shell.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINNT\mgrs.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\QdrModule\QdrModule9.exe C:\Program Files\SpyDefender Pro\SpyDefender.exe C:\Program Files\Words\Words.exe C:\Program Files\QdrPack\QdrPack11.exe C:\WINNT\A?pPatch\wuauclt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE C:\WINNT\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.leopardsearch.com/searchSmall R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R3 - URLSearchHook: (no name) - {F1267EDD-CDCB-7952-4A2B-E83BEC660F14} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\shell.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: {327de9a9-5b2d-5cdb-5884-62cfa19f2b51} - {15b2f91a-fc26-4885-bdc5-d2b59a9ed723} - C:\WINNT\system32\yoqinddd.dll O2 - BHO: (no name) - {3C262C68-2880-4A55-A02B-CC10F8452B75} - C:\Program Files\ComPlus Applications\hoqeriwof4444.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {6ED7368E-BE24-4A2C-BA20-C5D9915AC9EC} - C:\Program Files\ComPlus Applications\hoqeriwof83122.dll O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\WINNT\system32\mljjkkk.dll O2 - BHO: XBTB07197 - {AE70661A-E706-4e08-B43D-A8FBE57B6469} - C:\PROGRA~1\LEOPAR~1\LEOPAR~1.DLL O2 - BHO: (no name) - {E7FAD23A-6085-4E0B-8B5C-4BE677830AC0} - C:\WINNT\system32\gow.dll O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINNT\system32\efcdccb.dll (file missing) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper9.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopard_search.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1105065695\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.341.0\OEAddOn.exe O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [{68-89-94-4C-ZN}] C:\winnt\system32\lkdsrngj.exe CHD003 O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Program Files\WinAntiSpyware 2006 Free\was6.exe" /min O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\swinlmdt.exe CHD003 O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINNT\system32\ihwqjkti.dll",forkonce O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\ErrorSafe Free\DNSE.exe" -c O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [updated] "C:\Program Files\Common Files\Update\updated.exe" -c -product=wa7p O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINNT\system32\boeumdit.dll",sitypnow O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [Printer] C:\WINNT\system32\printer.exe O4 - HKLM\..\Run: [dc0689e3] rundll32.exe "C:\WINNT\system32\nxuotmkr.dll",b O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [FamilyFeudSetup.exe] C:\DOWNLO~1\FAMILY~1.EXE /r O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min O4 - HKCU\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2 O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe" O4 - HKCU\..\Run: [Shyqbb] C:\WINNT\A?pPatch\wuauclt.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\system32\spoolvs.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: findfast.exe O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE O4 - Startup: TA_Start.lnk = C:\WINNT\system32\lkdsrngj.exe O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\bak\swinlmdt.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopard_search.dll O9 - Extra 'Tools' menuitem: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopard_search.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O15 - Trusted Zone: *.doginhispen.com O15 - Trusted Zone: *.whataboutadog.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exe O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll O20 - AppInit_DLLs: C:\WINNT\system32\wowfx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcdccb - efcdccb.dll (file missing) O20 - Winlogon Notify: mljjkkk - C:\WINNT\SYSTEM32\mljjkkk.dll O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing) O20 - Winlogon Notify: rqrsttq - rqrsttq.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DomainService - Unknown owner - C:\WINNT\system32\dlsuiska.exe (file missing) O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe -- End of file - 14853 bytes |
 |
 
|
|
Jan 21 2008, 11:41 PM
Post
#2
|
|
 SPAM Magnet Group: Site Admin Posts: 14,438 Joined: 6-May 04 From: SW Louisiana Member No.: 363 |
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.
Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows: Logfile of Trend Micro HijackThis v2.0.2 Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. This Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff -------------------- I love being married.
It's so great to find that one special person you want to annoy, for the rest of your life. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 04:34 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.