Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wintools (at the very least), hijack log


  • Please log in to reply

#1
cunning_plan

cunning_plan

    New Member

  • Member
  • Pip
  • 1 posts
cannot remove any of this with adware or antivirus software.

hijack this log below

Logfile of HijackThis v1.99.1
Scan saved at 15:11:46, on 07/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\mcafe32.exe
C:\WINDOWS\seeve.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\CTSVCCD.EXE
C:\documents and settings\jacquie\local settings\temp\WLK.exe
C:\windows\system32\s.exe
C:\windows\system32\pgdpndUA.exe
C:\WINDOWS\System32\IEXwe.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\SCardClnt.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\WINDOWS\system32\pgdpndUA.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Documents and Settings\Jacquie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Windows Media Player] mcafe32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecln32.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [POjPV1YEB] C:\documents and settings\jacquie\local settings\temp\POjPV1YEB.exe
O4 - HKLM\..\Run: [rjZrWJhx.exe] c:\windows\system32\rjZrWJhx.exe
O4 - HKLM\..\Run: [MNvEi] C:\windows\system32\MNvEi.exe
O4 - HKLM\..\Run: [CT Control Settings] CTSVCCD.EXE
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WLK] C:\documents and settings\jacquie\local settings\temp\WLK.exe
O4 - HKLM\..\Run: [s] C:\windows\system32\s.exe
O4 - HKLM\..\Run: [pgdpndUA.exe] c:\windows\system32\pgdpndUA.exe
O4 - HKLM\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKLM\..\Run: [llgxjr] c:\windows\system32\mbsshzh.exe
O4 - HKLM\..\RunServices: [Windows Media Player] mcafe32.exe
O4 - HKLM\..\RunServices: [CT Control Settings] CTSVCCD.EXE
O4 - HKLM\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Media Player] mcafe32.exe
O4 - HKCU\..\Run: [CT Control Settings] CTSVCCD.EXE
O4 - HKCU\..\Run: [Microsoft Opeions] IEXwe.exe
O4 - HKCU\..\RunServices: [Microsoft Opeions] IEXwe.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115330159964
O17 - HKLM\System\CCS\Services\Tcpip\..\{58F10B0E-FD18-4987-BFB5-18D58F00E13B}: NameServer = 194.72.9.38 194.74.65.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2AE8CCC-1B8C-471C-AE79-A91746F27A88}: NameServer = 192.168.1.1,192.168.1.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{58F10B0E-FD18-4987-BFB5-18D58F00E13B}: NameServer = 194.72.9.38 194.74.65.69
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

Edited by cunning_plan, 07 May 2005 - 10:40 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP