Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjtlog-xfl


  • This topic is locked This topic is locked
1 reply to this topic

#1 xfl

xfl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 03 August 2004 - 04:57 PM

Logfile of HijackThis v1.98.1
Scan saved at 5:48:27 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\iein32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\javaxf32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tfrmv.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tfrmv.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tfrmv.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tfrmv.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tfrmv.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tfrmv.dll/index.html#96676
R3 - Default URLSearchHook is missing
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.cache.directory", "C:\\Documents and Settings\\Chris\\Application Data\\Mozilla\\Profiles\\default\\jgymqmsf.slt\\Cache");
user_pref("browser.history.last_page_visited", "http://ad.doubleclick.net/adi/N805.cbs.marketwatch.com/B1284960.13;sz=336x280;ord=28656?");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.1", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-9, windows-1254, windows-1252");
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "73788715.s");
user_pref("timebomb.first_launch_time", "1073787645385000");
user_pref("wallet.SchemaValueFileName", "73790752.w");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\Chris\Application Data\Mozilla\Profiles\default\jgymqmsf.slt\prefs
O2 - BHO: (no name) - {855D9ABD-36CC-FBCB-F69B-5F15C25AE571} - C:\WINDOWS\netya32.dll
O4 - HKLM\..\Run: [javaxf32.exe] C:\WINDOWS\system32\javaxf32.exe
O4 - HKLM\..\RunOnce: [netzw32.exe] C:\WINDOWS\system32\netzw32.exe
O4 - HKLM\..\RunOnce: [ieeu.exe] C:\WINDOWS\ieeu.exe
O4 - HKLM\..\RunOnce: [iegy32.exe] C:\WINDOWS\system32\iegy32.exe
O4 - HKLM\..\RunOnce: [addfl.exe] C:\WINDOWS\system32\addfl.exe
O4 - HKLM\..\RunOnce: [javakg32.exe] C:\WINDOWS\system32\javakg32.exe
O4 - HKLM\..\RunOnce: [mfcrm.exe] C:\WINDOWS\system32\mfcrm.exe
O4 - HKLM\..\RunOnce: [iein32.exe] C:\WINDOWS\iein32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:05 PM

Posted 04 August 2004 - 08:23 AM

The first thing I need you to do is download the file from here:

Getservice.zip

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users