Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

hjt log - rynlds722


  • This topic is locked This topic is locked
3 replies to this topic

#1 Guest_rynlds722_*

Guest_rynlds722_*

  • Guests
  • OFFLINE
  •  

Posted 05 January 2005 - 10:45 PM

Logfile of HijackThis v1.99.0
Scan saved at 9:54:22 PM, on 1/5/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NTOD.EXE
C:\WINDOWS\SYSTEM\MFCQP32.EXE
C:\WINDOWS\MSWR.EXE
C:\WINDOWS\SYSTEM\APPZF.EXE
C:\WINDOWS\SYSTEM\SYSII.EXE
C:\WINDOWS\NETKE32.EXE
C:\WINDOWS\D3PS32.EXE
C:\WINDOWS\IEIR32.EXE
C:\WINDOWS\MFCDN32.EXE
C:\WINDOWS\APPDH32.EXE
C:\WINDOWS\SYSTEM\NETFR.EXE
C:\WINDOWS\SDKSW32.EXE
C:\WINDOWS\SYSTEM\ADDFY32.EXE
C:\WINDOWS\SDKSU.EXE
C:\WINDOWS\SYSTEM\CRVE.EXE
C:\WINDOWS\SYSTEM\JAVAQN.EXE
C:\WINDOWS\SYSTEM\IPWV32.EXE
C:\WINDOWS\SYSTEM\CRGE.EXE
C:\WINDOWS\SYSTEM\ADDFK32.EXE
C:\WINDOWS\SYSTEM\ATLQY.EXE
C:\WINDOWS\SYSTEM\IELI.EXE
C:\WINDOWS\SDKFD32.EXE
C:\WINDOWS\SYSTEM\CRAX.EXE
C:\WINDOWS\SYSTEM\D3QV.EXE
C:\WINDOWS\ATLAH.EXE
C:\WINDOWS\APPQQ.EXE
C:\WINDOWS\SYSTEM\APIUW.EXE
C:\WINDOWS\SYSTEM\MFCNO.EXE
C:\WINDOWS\APPRQ32.EXE
C:\WINDOWS\SYSTEM\CRGG32.EXE
C:\WINDOWS\ATLSD.EXE
C:\WINDOWS\D3UF32.EXE
C:\WINDOWS\SYSTEM\ATLDJ32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\TIBS3.EXE
C:\PROGRAM FILES\FREE RAM XP\FREERAM XP PRO 1.40.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\D3UF32.EXE
C:\WINDOWS\NETCE.EXE
C:\WINDOWS\SYSTEM\IELI.EXE
C:\WINDOWS\SYSTEM\JAVAWY.EXE
C:\WINDOWS\SYSTEM\JAVAWY.EXE
C:\WINDOWS\APPQH32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SDKFD32.EXE
C:\WINDOWS\WINOX32.EXE
C:\WINDOWS\APPQQ.EXE
C:\WINDOWS\SYSTEM\SDKTY.EXE
C:\WINDOWS\SYSTEM\SDKTY.EXE
C:\WINDOWS\NETZL.EXE
C:\WINDOWS\NETZL.EXE
C:\WINDOWS\SYSTEM\ATLAO.EXE
C:\WINDOWS\SYSTEM\ATLDJ32.EXE
C:\WINDOWS\NETZL.EXE
C:\WINDOWS\SYSTEM\ATLUA32.EXE
C:\WINDOWS\SYSTEM\JAVAWY.EXE
C:\WINDOWS\IEAH.EXE
C:\WINDOWS\SYSTEM\ADDFK32.EXE
C:\WINDOWS\SYSTEM\ADDZG32.EXE
C:\WINDOWS\SYSTEM\ADDFK32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\FILZIP\FILZIP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\nwuue.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Centimark Corporation
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B4D24F76-7F17-47B7-6E94-D1DE3C5B2648} - C:\WINDOWS\SYSTEM\SYSVG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\THINKPAD\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\THINKPAD\UTILIT~1\BATINFEX.DLL,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [D0F0.TMP] C:\WINDOWS\TEMP\D0F0.TMP.exe 0 10001
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\SYSTEM\tibs3.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [D3PS32.EXE] C:\WINDOWS\D3PS32.EXE
O4 - HKLM\..\RunServices: [NTOD.EXE] C:\WINDOWS\SYSTEM\NTOD.EXE
O4 - HKLM\..\RunServices: [MFCQP32.EXE] C:\WINDOWS\SYSTEM\MFCQP32.EXE
O4 - HKLM\..\RunServices: [MFCDN32.EXE] C:\WINDOWS\MFCDN32.EXE
O4 - HKLM\..\RunServices: [IEIR32.EXE] C:\WINDOWS\IEIR32.EXE
O4 - HKLM\..\RunServices: [APPZF.EXE] C:\WINDOWS\SYSTEM\APPZF.EXE
O4 - HKLM\..\RunServices: [MSWR.EXE] C:\WINDOWS\MSWR.EXE
O4 - HKLM\..\RunServices: [SYSII.EXE] C:\WINDOWS\SYSTEM\SYSII.EXE
O4 - HKLM\..\RunServices: [NETKE32.EXE] C:\WINDOWS\NETKE32.EXE
O4 - HKLM\..\RunServices: [NETFR.EXE] C:\WINDOWS\SYSTEM\NETFR.EXE
O4 - HKLM\..\RunServices: [SDKSU.EXE] C:\WINDOWS\SDKSU.EXE
O4 - HKLM\..\RunServices: [APPDH32.EXE] C:\WINDOWS\APPDH32.EXE
O4 - HKLM\..\RunServices: [SDKSW32.EXE] C:\WINDOWS\SDKSW32.EXE
O4 - HKLM\..\RunServices: [ADDFY32.EXE] C:\WINDOWS\SYSTEM\ADDFY32.EXE
O4 - HKLM\..\RunServices: [JAVAQN.EXE] C:\WINDOWS\SYSTEM\JAVAQN.EXE
O4 - HKLM\..\RunServices: [CRVE.EXE] C:\WINDOWS\SYSTEM\CRVE.EXE
O4 - HKLM\..\RunServices: [ADDFK32.EXE] C:\WINDOWS\SYSTEM\ADDFK32.EXE
O4 - HKLM\..\RunServices: [ATLQY.EXE] C:\WINDOWS\SYSTEM\ATLQY.EXE
O4 - HKLM\..\RunServices: [SDKFD32.EXE] C:\WINDOWS\SDKFD32.EXE
O4 - HKLM\..\RunServices: [IELI.EXE] C:\WINDOWS\SYSTEM\IELI.EXE
O4 - HKLM\..\RunServices: [CRAX.EXE] C:\WINDOWS\SYSTEM\CRAX.EXE
O4 - HKLM\..\RunServices: [D3QV.EXE] C:\WINDOWS\SYSTEM\D3QV.EXE
O4 - HKLM\..\RunServices: [APPQQ.EXE] C:\WINDOWS\APPQQ.EXE
O4 - HKLM\..\RunServices: [ATLAH.EXE] C:\WINDOWS\ATLAH.EXE
O4 - HKLM\..\RunServices: [IPWV32.EXE] C:\WINDOWS\SYSTEM\IPWV32.EXE
O4 - HKLM\..\RunServices: [APIUW.EXE] C:\WINDOWS\SYSTEM\APIUW.EXE
O4 - HKLM\..\RunServices: [CRGE.EXE] C:\WINDOWS\SYSTEM\CRGE.EXE
O4 - HKLM\..\RunServices: [CRGG32.EXE] C:\WINDOWS\SYSTEM\CRGG32.EXE
O4 - HKLM\..\RunServices: [MFCNO.EXE] C:\WINDOWS\SYSTEM\MFCNO.EXE
O4 - HKLM\..\RunServices: [ATLSD.EXE] C:\WINDOWS\ATLSD.EXE
O4 - HKLM\..\RunServices: [APPRQ32.EXE] C:\WINDOWS\APPRQ32.EXE
O4 - HKLM\..\RunServices: [ATLDJ32.EXE] C:\WINDOWS\SYSTEM\ATLDJ32.EXE
O4 - HKLM\..\RunServices: [D3UF32.EXE] C:\WINDOWS\D3UF32.EXE
O4 - HKLM\..\RunServices: [NETCE.EXE] C:\WINDOWS\NETCE.EXE
O4 - HKLM\..\RunServices: [JAVAWY.EXE] C:\WINDOWS\SYSTEM\JAVAWY.EXE
O4 - HKLM\..\RunServices: [APPQH32.EXE] C:\WINDOWS\APPQH32.EXE
O4 - HKLM\..\RunServices: [WINOX32.EXE] C:\WINDOWS\WINOX32.EXE
O4 - HKLM\..\RunServices: [SDKTY.EXE] C:\WINDOWS\SYSTEM\SDKTY.EXE
O4 - HKLM\..\RunServices: [NETZL.EXE] C:\WINDOWS\NETZL.EXE
O4 - HKLM\..\RunServices: [ATLAO.EXE] C:\WINDOWS\SYSTEM\ATLAO.EXE
O4 - HKLM\..\RunServices: [ATLUA32.EXE] C:\WINDOWS\SYSTEM\ATLUA32.EXE
O4 - HKLM\..\RunServices: [IEAH.EXE] C:\WINDOWS\IEAH.EXE
O4 - HKLM\..\RunServices: [ADDZG32.EXE] C:\WINDOWS\SYSTEM\ADDZG32.EXE
O4 - HKCU\..\Run: [FreeRAM XP] "C:\PROGRAM FILES\FREE RAM XP\FREERAM XP PRO 1.40.EXE" -win
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Washee] C:\Program Files\Washee\Washee.exe FirstTime FirstTime FirstTime
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://Centranet/
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centimark.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = centimark.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.1.1.18

BC AdBot (Login to Remove)

 


#2 Guest_rynlds722_*

Guest_rynlds722_*

  • Guests
  • OFFLINE
  •  

Posted 06 January 2005 - 11:10 AM

guessing it cant be fixed due to no response.......

#3 Guest_rynlds722_*

Guest_rynlds722_*

  • Guests
  • OFFLINE
  •  

Posted 09 January 2005 - 09:09 PM

anyone...?

#4 Guest_rynlds722_*

Guest_rynlds722_*

  • Guests
  • OFFLINE
  •  

Posted 11 January 2005 - 04:27 PM

i fixed it myself




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users