Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Robb235

Robb235

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 August 2005 - 07:05 PM

Recently I noticed that I was unable to reach one of my favorate car enthusiast site's mymonte.com. At first I thought the site was simply down but after I accessed it from another computer I realized that wasn't the case. A couple days later I made the switch to DSL from Dial-up and the problem persisted. After the switch I realized that I also could no longer access ATT.net, which happens to be my old dial-up ISP.

When I mean that I can't access the site, I mean that I am consistently getting the "This Page Cannot Be Displayed" from IE and a timeout error with Firefox.

I have no idea if a HijackThis log could show my problem or not but I figure it couldn't hurt.

Logfile of HijackThis v1.99.1
Scan saved at 7:56:25 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Booster\TD\TweakDUN\TweakMeter.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/ie4/search/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 129.74.250.90 www.nd.edu
O1 - Hosts: 66.225.238.65 www.coloryourprofyle.com
O1 - Hosts: 64.33.103.165 daltonator.net
O1 - Hosts: 217.77.32.184 www.capnasty.org
O1 - Hosts: 213.221.181.207 clans.barrysworld.net
O1 - Hosts: 62.142.11.7 www.saunalahti.fi
O1 - Hosts: 66.152.98.201 www.cyberwalker.net
O1 - Hosts: 66.98.178.8 swgb.heavengames.com
O1 - Hosts: 212.69.203.235 www.galacticbattlegrounds.co.uk
O1 - Hosts: 216.133.245.242 www.asknow.org
O1 - Hosts: 38.113.1.151 planet-hack.hypermart.net
O1 - Hosts: 64.12.164.120 9337387.home.icq.com
O1 - Hosts: 66.33.221.4 www.huffphotography.com
O1 - Hosts: 66.218.77.68 www.geocities.com
O1 - Hosts: 69.13.76.18 www.onzuka.com
O1 - Hosts: 207.46.20.30 www.microsoft.com
O1 - Hosts: 208.187.163.162 www.slipups.com
O1 - Hosts: 66.129.95.152 www.surfola.com
O1 - Hosts: 69.12.120.153 www.dolland.net
O1 - Hosts: 216.119.82.128 www.car-stats.com
O1 - Hosts: 216.109.118.40 red.clientapps.yahoo.com
O1 - Hosts: 66.218.89.75 www.rossboxing.com
O1 - Hosts: 69.47.10.13 bucky.kicks-ass.net
O1 - Hosts: 204.254.246.12 caranddriver.radicalmedia.com
O1 - Hosts: 204.107.174.148 www.theautochannel.com
O1 - Hosts: 66.180.116.57 www.clubgpstore.com
O1 - Hosts: 64.191.135.78 www.completeexhaust.com
O1 - Hosts: 136.142.42.14 www.pitt.edu
O1 - Hosts: 66.244.251.18 oudidntkn0w.netfirms.com
O1 - Hosts: 216.133.236.130 www.nationallampoon.com
O1 - Hosts: 64.136.25.171 dtcc.cz28.com
O1 - Hosts: 72.29.75.111 www.rmcgp.com
O1 - Hosts: 63.247.73.246 mymonte.com
O1 - Hosts: 64.124.68.7 www.cardomain.com
O1 - Hosts: 12.182.41.250 www.jegs.com
O1 - Hosts: 207.150.192.12 www.engineered.net
O1 - Hosts: 63.247.73.246 www.mymonte.com
O1 - Hosts: 67.106.16.3 www.turbomopar.com
O1 - Hosts: 66.103.149.180 www.roadraceengineering.com
O1 - Hosts: 208.254.3.160 www.schube.com
O1 - Hosts: 204.127.198.24 home.comcast.net
O1 - Hosts: 66.7.168.227 www.denverspeed.com
O1 - Hosts: 64.89.68.216 members.nuvox.net
O1 - Hosts: 69.13.130.1 shop.ivalueinternet.com
O1 - Hosts: 69.25.212.139 www.mandsproduction.com.
O1 - Hosts: 216.168.50.10 www.goodfor3.com
O1 - Hosts: 64.241.117.80 www.birthdaycards.com
O1 - Hosts: 70.182.148.69 chrisboniolkickingcamp.com
O1 - Hosts: 204.127.137.37 h_body.home.att.net
O1 - Hosts: 216.91.137.101 www.thrashercharged.com
O1 - Hosts: 217.160.226.85 williamwren.com
O1 - Hosts: 204.127.137.37 home.att.net
O1 - Hosts: 66.152.98.201 www.l67swap.com
O1 - Hosts: 12.120.124.51 help.att.net
O1 - Hosts: 204.127.12.39 www.att.net
O1 - Hosts: 204.127.166.6 memberservices.att.net
O1 - Hosts: 204.127.135.145 webmail.att.net
O1 - Hosts: 195.238.0.64 users.skynet.be
O1 - Hosts: 146.145.203.58 www.32degrees.com
O1 - Hosts: 69.93.227.156 www.paintballtimes.com
O1 - Hosts: 64.15.205.241 www.bbtpaintball.com
O1 - Hosts: 64.70.165.209 www.p8ntballer.com
O1 - Hosts: 66.98.198.57 www.warpig.com
O1 - Hosts: 64.106.150.69 www.endlesspb.com
O1 - Hosts: 128.121.222.65 www.guardimpact.com
O1 - Hosts: 66.111.46.189 sc.relaxism.com
O1 - Hosts: 195.149.21.29 www.planetarion.com
O1 - Hosts: 83.223.98.12 www.veneratiohq.org
O1 - Hosts: 165.193.120.166 www.hotmail.com
O1 - Hosts: 68.142.226.54 www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [TweakMeter] C:\Booster\TD\TweakDUN\TweakMeter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: http://www.mymonte.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123515539531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123515521937
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

BC AdBot (Login to Remove)

 


m

#2 Robb235

Robb235
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 August 2005 - 09:38 PM

I made a backup of the HJT and I deleted the following entries:

O1 - Hosts: 129.74.250.90 www.nd.edu
O1 - Hosts: 66.225.238.65 www.coloryourprofyle.com
O1 - Hosts: 64.33.103.165 daltonator.net
O1 - Hosts: 217.77.32.184 www.capnasty.org
O1 - Hosts: 213.221.181.207 clans.barrysworld.net
O1 - Hosts: 62.142.11.7 www.saunalahti.fi
O1 - Hosts: 66.152.98.201 www.cyberwalker.net
O1 - Hosts: 66.98.178.8 swgb.heavengames.com
O1 - Hosts: 212.69.203.235 www.galacticbattlegrounds.co.uk
O1 - Hosts: 216.133.245.242 www.asknow.org
O1 - Hosts: 38.113.1.151 planet-hack.hypermart.net
O1 - Hosts: 64.12.164.120 9337387.home.icq.com
O1 - Hosts: 66.33.221.4 www.huffphotography.com
O1 - Hosts: 66.218.77.68 www.geocities.com
O1 - Hosts: 69.13.76.18 www.onzuka.com
O1 - Hosts: 207.46.20.30 www.microsoft.com
O1 - Hosts: 208.187.163.162 www.slipups.com
O1 - Hosts: 66.129.95.152 www.surfola.com
O1 - Hosts: 69.12.120.153 www.dolland.net
O1 - Hosts: 216.119.82.128 www.car-stats.com
O1 - Hosts: 216.109.118.40 red.clientapps.yahoo.com
O1 - Hosts: 66.218.89.75 www.rossboxing.com
O1 - Hosts: 69.47.10.13 bucky.kicks-ass.net
O1 - Hosts: 204.254.246.12 caranddriver.radicalmedia.com
O1 - Hosts: 204.107.174.148 www.theautochannel.com
O1 - Hosts: 66.180.116.57 www.clubgpstore.com
O1 - Hosts: 64.191.135.78 www.completeexhaust.com
O1 - Hosts: 136.142.42.14 www.pitt.edu
O1 - Hosts: 66.244.251.18 oudidntkn0w.netfirms.com
O1 - Hosts: 216.133.236.130 www.nationallampoon.com
O1 - Hosts: 64.136.25.171 dtcc.cz28.com
O1 - Hosts: 72.29.75.111 www.rmcgp.com
O1 - Hosts: 63.247.73.246 mymonte.com
O1 - Hosts: 64.124.68.7 www.cardomain.com
O1 - Hosts: 12.182.41.250 www.jegs.com
O1 - Hosts: 207.150.192.12 www.engineered.net
O1 - Hosts: 63.247.73.246 www.mymonte.com
O1 - Hosts: 67.106.16.3 www.turbomopar.com
O1 - Hosts: 66.103.149.180 www.roadraceengineering.com
O1 - Hosts: 208.254.3.160 www.schube.com
O1 - Hosts: 204.127.198.24 home.comcast.net
O1 - Hosts: 66.7.168.227 www.denverspeed.com
O1 - Hosts: 64.89.68.216 members.nuvox.net
O1 - Hosts: 69.13.130.1 shop.ivalueinternet.com
O1 - Hosts: 69.25.212.139 www.mandsproduction.com.
O1 - Hosts: 216.168.50.10 www.goodfor3.com
O1 - Hosts: 64.241.117.80 www.birthdaycards.com
O1 - Hosts: 70.182.148.69 chrisboniolkickingcamp.com
O1 - Hosts: 204.127.137.37 h_body.home.att.net
O1 - Hosts: 216.91.137.101 www.thrashercharged.com
O1 - Hosts: 217.160.226.85 williamwren.com
O1 - Hosts: 204.127.137.37 home.att.net
O1 - Hosts: 66.152.98.201 www.l67swap.com
O1 - Hosts: 12.120.124.51 help.att.net
O1 - Hosts: 204.127.12.39 www.att.net
O1 - Hosts: 204.127.166.6 memberservices.att.net
O1 - Hosts: 204.127.135.145 webmail.att.net
O1 - Hosts: 195.238.0.64 users.skynet.be
O1 - Hosts: 146.145.203.58 www.32degrees.com
O1 - Hosts: 69.93.227.156 www.paintballtimes.com
O1 - Hosts: 64.15.205.241 www.bbtpaintball.com
O1 - Hosts: 64.70.165.209 www.p8ntballer.com
O1 - Hosts: 66.98.198.57 www.warpig.com
O1 - Hosts: 64.106.150.69 www.endlesspb.com
O1 - Hosts: 128.121.222.65 www.guardimpact.com
O1 - Hosts: 66.111.46.189 sc.relaxism.com
O1 - Hosts: 195.149.21.29 www.planetarion.com
O1 - Hosts: 83.223.98.12 www.veneratiohq.org
O1 - Hosts: 165.193.120.166 www.hotmail.com
O1 - Hosts: 68.142.226.54 www.yahoo.com

I know I should have waited for someone knowlegable with HTJ answer before I started messing with it, but I had never noticed such entries before and I figured I could restore it back incase I screwed something up.

If you happen to notice anything else that looks odd please let me know. :thumbsup:

Thanks.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:56 AM

Posted 14 August 2005 - 11:53 PM

Poster stated that problem was solved so I will close this topic.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users