Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack log


  • Please log in to reply

#1
Tfischetti

Tfischetti

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.98.2
Scan saved at 12:40:55 AM, on 12/8/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
T:\WTSRV\System32\smss.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\system32\services.exe
T:\WTSRV\system32\lsass.exe
T:\WTSRV\system32\spoolss.exe
T:\WTSRV\system32\RpcSs.exe
T:\WTSRV\System32\msdtc.exe
T:\WTSRV\System32\cdmsvc.exe
T:\WTSRV\System32\ctxxmlss.exe
T:\Program Files\Executive Software\DiskeeperServer\DKService.exe
T:\WTSRV\System32\encsvc.exe
T:\WTSRV\System32\esserver.exe
T:\WTSRV\System32\router.exe
T:\WTSRV\System32\llssrv.exe
T:\MSSQL7\binn\sqlservr.exe
T:\WTSRV\System32\pstores.exe
T:\Program Files\Protector Plus\PPAVMon.exe
T:\Program Files\Protector Plus\PPServ.exe
T:\WTSRV\System32\LOCATOR.EXE
T:\WTSRV\system32\MSTask.exe
T:\WTSRV\System32\SENS.EXE
T:\WTSRV\system32\tcpsvcs.exe
T:\WTSRV\System32\termsrv.exe
T:\WTSRV\System32\ibrowser.exe
T:\WTSRV\system32\pnsvc.exe
T:\MSSQL7\binn\sqlagent.exe
T:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
T:\WTSRV\Explorer.exe
T:\WTSRV\System32\SysTray.Exe
T:\WTSRV\System32\icabar.exe
U:\Program Files\Winamp\Winampa.exe
T:\WTSRV\System32\atiptaxx.exe
T:\PROGRA~1\PROTEC~1\PPTbc.EXE
T:\PROGRA~1\PROTEC~1\PPInupdt.exe
T:\WTSRV\System32\HPJETDSC.EXE
U:\Program Files\Microsoft Office\Office\OSA.EXE
T:\MSSQL7\Binn\sqlmangr.exe
T:\WTSRV\system32\tapisrv.exe
T:\WTSRV\system32\rasman.exe
T:\WTSRV\System32\ddhelp.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\System32\taskmgr.exe
T:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
T:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
T:\WTSRV\system32\rundll32.exe
R:\Admin2\SpywareScanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://martfinder.com/dpindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192
F2 - REG:system.ini: UserInit=T:\WTSRV\System32\userinit.exe,T:\WTSRV\System32\svcpack.exe
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - T:\WTSRV\bi.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - U:\PROGRA~1\CLEARS~1.TJF\IE_ClrSch.DLL
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - T:\Program Files\Network Essentials\v11\NE.DLL (file missing)
O2 - BHO: IEBho Class - {D8E25C53-9508-4f5c-9249-D98D438891D5} - T:\WTSRV\System32\ssurf022.dll (file missing)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - T:\WTSRV\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [WinampAgent] "U:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Win Server Updt] rem T:\WTSRV\Profiles\tjf\Windows\wupdt.exe
O4 - HKLM\..\Run: [PP2000 Taskbar Control] T:\PROGRA~1\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] T:\PROGRA~1\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [ISUSPM Startup] T:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "T:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - Global Startup: Microsoft Office.lnk = U:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = U:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = T:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: Web Savings - file://T:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - T:\WTSRV\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - T:\WTSRV\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - T:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - T:\WTSRV\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - T:\WTSRV\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - T:\WTSRV\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - T:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - T:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: T:\PROGRA~1\Plus!\MICROS~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.iesweb.co.../va51/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O20 - AppInit_DLLs: msconfd.dll
  • 0

Advertisements


#2
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Could you scan again and close all other programs and make sure your not connected to the internet. wink.gif
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP