Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log

Started by BuzzLightYear , Jul 31 2006 10:35 PM

  • Please log in to reply

#1
BuzzLightYear
Posted 31 July 2006 - 10:35 PM

BuzzLightYear

    Member

  • Member
  • PipPip
  • 29 posts
Hello. Here is my hijack this log. Any help will be greatly appreciated. Thanks for doing what you do!

My wife's friend is from Iraq. My wife and her like to download from the internet and I think something they downloaded might be the trouble but I'm not sure.

Logfile of HijackThis v1.99.1
Scan saved at 1:36:02 PM, on 8/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\ossvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\SCHAS.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ieaus.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINNT\system32\USBMonit.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\system32\npmonk.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\mycom\Desktop\Internet Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinPoET] "C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WebSteal] C:\WINNT\system32\WebSteal.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [OKUpdate] "C:\Program Files\OKCodec\Update\OKUpdate.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] "C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe"
O4 - HKLM\..\Run: [PC-Radar] C:\Program Files\PC-Radar\PC_Radar.exe
O4 - HKLM\..\Run: [PCRPopup] C:\Program Files\PC-Radar\PCRPopup.exe
O4 - HKLM\..\Run: [PC_Radar] C:\Program Files\PC-Radar\PC_Radar.exe Icon
O4 - HKLM\..\Run: [SpyMedic] C:\Program Files\SpyMedic\SpyMedic.exe /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O9 - Extra 'Tools' menuitem: &¿ⓒ¿iE­ - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.pdbox.co.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg4.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://update.nprote...ebInstallV2.cab
O16 - DPF: {0C90C10C-96D0-43CE-906B-A64201E7A473} (NxPlayer Control) - http://file.popdj.tv...ls/NxPlayer.CAB
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://cmet.yu.ac.kr...StreamNote2.cab
O16 - DPF: {1A99AD04-C72C-484A-9EEE-1B29B1243263} (ADKiller Control) - http://down.ad-kille...ex/ADKiller.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1E8CC24D-DAB8-4212-B9F8-4D95016A6BA4} - http://www.bestcode....79/icon0079.cab
O16 - DPF: {20AC97A6-EA84-437D-89F4-05EA923ADAD3} (RewardNetwork clxLauncher Class) - http://codebase.clea...er/WScleanx.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://211.63.175.12...down/INIS60.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D394D05-A066-4678-BA38-E85882B09B2E} (Controller Class) - http://www.cosmotan....net/myspeed.cab
O16 - DPF: {316ED558-1FBB-4975-BE33-5C1D294BD0C2} (YBMFonts Control) - http://www.ybmallina...ab/YBMFonts.CAB
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {3CAED5A4-3FF0-4006-87F3-F75FB5A90A74} (iFreeTrans Control) - http://www.fotoris.c...eeTransCtrl.cab
O16 - DPF: {3DA11B9D-C8BF-4ADE-A180-159399C536D9} (BtShellDgb20Com Class) - http://download5.ban...t/BtCxDgb20.cab
O16 - DPF: {3DDB716E-8BA8-43B5-A926-6FB04193FFA0} (Maws_KRail Class) - http://www.barota.co...nFPS_KORAIL.cab
O16 - DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} (XGrid Control) - http://download5.ban.../DaeguXGrid.cab
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co...ir/IB_OnAir.CAB
O16 - DPF: {50640DA2-6367-400D-9B77-18F6969F1D47} (WebPriKTF Control) - http://www.ktfmember.../WebPri_KTF.cab
O16 - DPF: {5C899971-E9D6-4496-8077-98378408E340} (MPControl Control) - http://mplay.sbs.co....SiMPControl.cab
O16 - DPF: {5EC11B70-4EF8-4822-A4D6-5418C954594E} - http://khants.com/me...on/lovefree.CAB
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandor...e/SVPorsche.cab
O16 - DPF: {6AD54F1E-D241-48B4-ACFF-37BA1B1BF7AD} (SMInstallCom Class) - http://ax.spymedic.c...edicWebInst.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150086510222
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.p.../data/imweb.cab
O16 - DPF: {7BAE772F-FD08-48BB-A96B-63B3A5003C2F} (ezPay Control) - http://www.finger.co...ezpay/ezPay.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {871B98F4-FD46-4562-BF53-ABC4840C4582} (CWFSCtrl Class) - http://download5.ban...TW-sToolkit.cab
O16 - DPF: {9286CE38-DD84-4980-91A3-E0534F37362F} (dcinsidePhoto.Uploader) - http://www.dcinsidep...insidePhoto.CAB
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net...X/MapID_V10.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://pg.banktown....netizen/npv.cab
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://sso.ebs.co.kr...Login/eGEBS.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) - http://www.chzero.co...roMapUpdate.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachene...13/kdfense8.cab
O16 - DPF: {A56A1518-A259-4109-98B3-06A30F09AB1B} (JXMailViewer Control) - http://www.ktfmember...mailActiveX.cab
O16 - DPF: {A6961817-0A05-412F-BC05-9D84570E2400} (Icon0091 Control) - http://www.bestcode....91/icon0091.cab
O16 - DPF: {A78856A6-334B-43AF-96F5-58574005910D} (CEinstaller Object) - https://secure200.ip.../Einstaller.cab
O16 - DPF: {A8497454-CB7D-4877-A633-3932BF776A6A} (Webinstall Control) - http://211.214.161.1...58/OneSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {B5BFFF5D-CA0D-4593-AB84-7F8ACB2AC42A} (MAPntCtrl Class) - http://www.barota.co...MAOnFPS_PNT.cab
O16 - DPF: {BAE923B7-8344-485E-B82D-82402F30B019} (DaumImageCtl Class) - http://pimg.hanmail....abs/DaImage.cab
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - http://neis.dge.go.k...taller_full.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C5AA81DF-6853-4923-B6E9-0D29007D79CE} (ChatRef Control) - http://ifamily.kbs.c...own/KBSChat.cab
O16 - DPF: {C5BAFC64-419D-11D4-BE28-0050CE181ABE} (IssacWeb Class) - http://www.billkorea...st/ISSACWeb.cab
O16 - DPF: {CEB5C2A3-180A-4121-BDAC-B9B92859D652} (MaPrtRail Class) - http://www.barota.co...rtChk_KRAIL.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) -
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.yessign.o...rt/yessign3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...ccard/npkcx.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.co...test/Online.cab
O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprote...bccard/npx2.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprote...egubank/npz.cab
O16 - DPF: {DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF} (Imhtml Control) - http://activexdown.p...data/imhtml.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanma...ctivex/dmcm.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) -
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Open Search Keyword Services (ossvc) - Brainnames - C:\WINNT\system32\ossvc.exe
O23 - Service: RtKit - Ralink Technology Inc. - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Brainnames - C:\WINNT\system32\ieaus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\iVasion\WinPoET\WrOS.EXE

Edited by BuzzLightYear, 06 August 2006 - 06:57 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP