Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log- Buff1975


  • This topic is locked This topic is locked
2 replies to this topic

#1 buff1975

buff1975

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2004 - 04:14 AM

Logfile of HijackThis v1.98.0
Scan saved at 3:13:11 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\iecg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\system32\sysng.exe
C:\WINDOWS\System32\iazgtu.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\System32\cvss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\WINDOWS\System32\captls.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\WwvNFMvt.exe
C:\WINDOWS\System32\WwvNFMvt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Ona\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\kzoak.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\kzoak.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\kzoak.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kzoak.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {DD378CBC-121A-DB34-7F0F-4908520597CA} - C:\WINDOWS\system32\crxa32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [sysng.exe] C:\WINDOWS\system32\sysng.exe
O4 - HKLM\..\Run: [ynqpqclc] C:\WINDOWS\System32\iazgtu.exe
O4 - HKLM\..\Run: [crea32.exe] C:\WINDOWS\system32\crea32.exe
O4 - HKLM\..\Run: [LA7] C:\documents and settings\ona\local settings\temp\LA7.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MhoL9W3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\manage.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [mxkxjc] C:\WINDOWS\System32\mxkxjc.exe
O4 - HKLM\..\Run: [AutoLoaderrspr1JSgPLXN] "C:\WINDOWS\System32\htimspsv.exe" /HideUninstall /PC="AM.WILD"
O4 - HKLM\..\Run: [rF6X37P] htimspsv.exe
O4 - HKLM\..\Run: [tOoq] C:\documents and settings\ona\local settings\temp\tOoq.exe
O4 - HKLM\..\Run: [apicl32.exe] C:\WINDOWS\system32\apicl32.exe
O4 - HKLM\..\Run: [harmapc] C:\WINDOWS\System32\harmapc.exe
O4 - HKLM\..\RunOnce: [ipqk.exe] C:\WINDOWS\ipqk.exe
O4 - HKLM\..\RunOnce: [d3aa32.exe] C:\WINDOWS\system32\d3aa32.exe
O4 - HKLM\..\RunOnce: [ipbr.exe] C:\WINDOWS\ipbr.exe
O4 - HKLM\..\RunOnce: [netvr32.exe] C:\WINDOWS\system32\netvr32.exe
O4 - HKLM\..\RunOnce: [apici.exe] C:\WINDOWS\system32\apici.exe
O4 - HKLM\..\RunOnce: [apinz.exe] C:\WINDOWS\system32\apinz.exe
O4 - HKLM\..\RunOnce: [ntkc.exe] C:\WINDOWS\system32\ntkc.exe
O4 - HKLM\..\RunOnce: [neted32.exe] C:\WINDOWS\system32\neted32.exe
O4 - HKLM\..\RunOnce: [wincw32.exe] C:\WINDOWS\wincw32.exe
O4 - HKLM\..\RunOnce: [ietp32.exe] C:\WINDOWS\ietp32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\system32\javasl32.exe
O4 - HKLM\..\RunOnce: [d3ru.exe] C:\WINDOWS\d3ru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [aop7RXjqU] captls.exe
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.zestyfind.com/app/AX/AX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - http://www.ouchvideo.com/mmviewer_ic.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07EE8BD2-2731-4C22-870A-FBFCFCAF5CAE}: NameServer = 216.220.0.1 204.70.57.242
O17 - HKLM\System\CS1\Services\Tcpip\..\{07EE8BD2-2731-4C22-870A-FBFCFCAF5CAE}: NameServer = 216.220.0.1 204.70.57.242
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

BC AdBot (Login to Remove)

 


#2 buff1975

buff1975
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2004 - 03:41 PM

Logfile of HijackThis v1.98.0
Scan saved at 2:40:23 PM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ipqk.exe
C:\WINDOWS\System32\cvss.exe
C:\WINDOWS\system32\sysng.exe
C:\documents and settings\ona\local settings\temp\LA7.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\documents and settings\ona\local settings\temp\tOoq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\captls.exe
C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\Fnjt.exe
C:\WINDOWS\System32\WwvNFMvt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ona\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DD378CBC-121A-DB34-7F0F-4908520597CA} - C:\WINDOWS\system32\crxa32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [sysng.exe] C:\WINDOWS\system32\sysng.exe
O4 - HKLM\..\Run: [ynqpqclc] C:\WINDOWS\System32\iazgtu.exe
O4 - HKLM\..\Run: [LA7] C:\documents and settings\ona\local settings\temp\LA7.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\EpqxT5uE.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [mxkxjc] C:\WINDOWS\System32\mxkxjc.exe
O4 - HKLM\..\Run: [AutoLoaderrspr1JSgPLXN] "C:\WINDOWS\System32\htimspsv.exe" /HideUninstall /PC="AM.WILD"
O4 - HKLM\..\Run: [rF6X37P] htimspsv.exe
O4 - HKLM\..\Run: [tOoq] C:\documents and settings\ona\local settings\temp\tOoq.exe
O4 - HKLM\..\Run: [apicl32.exe] C:\WINDOWS\system32\apicl32.exe
O4 - HKLM\..\RunOnce: [d3aa32.exe] C:\WINDOWS\system32\d3aa32.exe
O4 - HKLM\..\RunOnce: [ipbr.exe] C:\WINDOWS\ipbr.exe
O4 - HKLM\..\RunOnce: [netvr32.exe] C:\WINDOWS\system32\netvr32.exe
O4 - HKLM\..\RunOnce: [apici.exe] C:\WINDOWS\system32\apici.exe
O4 - HKLM\..\RunOnce: [apinz.exe] C:\WINDOWS\system32\apinz.exe
O4 - HKLM\..\RunOnce: [ntkc.exe] C:\WINDOWS\system32\ntkc.exe
O4 - HKLM\..\RunOnce: [neted32.exe] C:\WINDOWS\system32\neted32.exe
O4 - HKLM\..\RunOnce: [wincw32.exe] C:\WINDOWS\wincw32.exe
O4 - HKLM\..\RunOnce: [ietp32.exe] C:\WINDOWS\ietp32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\system32\javasl32.exe
O4 - HKLM\..\RunOnce: [d3ru.exe] C:\WINDOWS\d3ru.exe
O4 - HKLM\..\RunOnce: [ymvcs] C:\WINDOWS\wincw32.exe:ymvcs
O4 - HKLM\..\RunOnce: [ipqk.exe] C:\WINDOWS\ipqk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [aop7RXjqU] captls.exe
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07EE8BD2-2731-4C22-870A-FBFCFCAF5CAE}: NameServer = 216.220.30.1 216.220.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07EE8BD2-2731-4C22-870A-FBFCFCAF5CAE}: NameServer = 216.220.30.1 216.220.0.1
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:15 AM

Posted 20 August 2004 - 05:49 PM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site #1

or

HijackThis Download Site #2

Then post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users