Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack this log

Started by cyndromeda , Sep 02 2005 05:23 PM

  • Please log in to reply

#1
cyndromeda
Posted 02 September 2005 - 05:23 PM

cyndromeda

    Member

  • Member
  • PipPip
  • 10 posts
:tazz:
this is my brother's computer and he has some nasty problems that won't even allow him to install antivirus programs.
i tried to do the items on the before you post list, but the computer kept freezing up. i did a hijack this log, hoping for some insight as to what could be going on.
any advice is welcome.

Logfile of HijackThis v1.99.1
Scan saved at 10:51:09 AM, on 9/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SDKZK32.EXE
C:\WINDOWS\SYSTEM\MSNE32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\APIFQ.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ABYVIVCX\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL (disabled by BHODemon)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {595B90B9-38BB-C2F8-70C3-46043FC5DD9D} - C:\WINDOWS\SYSTEM\D3GI.DLL
O2 - BHO: Class - {E5C5DA82-402A-1241-57E8-5AF52A729FEC} - C:\WINDOWS\SYSTEM\D3DR.DLL
O2 - BHO: Class - {EFEBB260-C21E-967D-CA15-0C1770C3C5C5} - C:\WINDOWS\ATLKH32.DLL
O2 - BHO: Class - {AEB90959-0093-AADA-C479-6B1F6B9B24D6} - C:\WINDOWS\WINOB.DLL
O2 - BHO: Class - {627F1F6D-12EC-627B-EB1C-13DD30B5432C} - C:\WINDOWS\SYSTEM\SYSXU32.DLL
O2 - BHO: Class - {21F544A8-869C-E661-F43F-4B58A9DA7A27} - C:\WINDOWS\WINZX32.DLL
O2 - BHO: Class - {B89CB79F-55FE-2C93-770E-299BEDA12117} - C:\WINDOWS\SYSTEM\NETPD.DLL
O2 - BHO: Class - {8C773956-6F83-D1E0-9AC4-EFF449FEFF4B} - C:\WINDOWS\SYSTEM\WINXJ32.DLL
O2 - BHO: Class - {26F824B1-3210-2E17-0339-3763F421ECEA} - C:\WINDOWS\D3QP.DLL
O2 - BHO: Class - {C517274B-EAF0-9359-4983-966F788D172B} - C:\WINDOWS\IPWH32.DLL
O2 - BHO: Class - {AB9FA8F5-6BFA-A465-AC13-2BF9ADC97E65} - C:\WINDOWS\ATLXQ32.DLL
O2 - BHO: Class - {A5FF8485-7410-8006-3E97-05C369AB07B3} - C:\WINDOWS\JAVAFQ32.DLL
O2 - BHO: Class - {C0815FF7-6991-1BCE-7F3F-9410C92B2AD0} - C:\WINDOWS\SYSTEM\SYSQY32.DLL
O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL
O2 - BHO: Class - {9AD05C3A-CC73-B83C-9965-1A6BED5208BB} - C:\WINDOWS\APPYT32.DLL
O2 - BHO: Class - {B6EE36B3-955D-C400-BD4A-895722D75AF0} - C:\WINDOWS\SYSTEM\WINAY32.DLL
O2 - BHO: Class - {BB6F388D-DCC6-C89B-AA43-4FA80F73987A} - C:\WINDOWS\APIZL32.DLL
O2 - BHO: Class - {49C4484A-E8A4-EFC7-8F1A-571F446C97C3} - C:\WINDOWS\SYSTEM\IETB.DLL
O2 - BHO: Class - {789E6ACA-7D9C-0143-CDA9-054F4543DB2C} - C:\WINDOWS\JAVABX.DLL
O2 - BHO: Class - {646E2E0B-4014-CADD-B572-242AA038B2F1} - C:\WINDOWS\SYSTEM\IEWA.DLL
O2 - BHO: Class - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - C:\WINDOWS\IEYH.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [APIFQ.EXE] C:\WINDOWS\SYSTEM\APIFQ.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [CRCX32.EXE] C:\WINDOWS\SYSTEM\CRCX32.EXE /s
O4 - HKLM\..\RunServices: [SDKZK32.EXE] C:\WINDOWS\SYSTEM\SDKZK32.EXE /s
O4 - HKLM\..\RunServices: [MSNE32.EXE] C:\WINDOWS\SYSTEM\MSNE32.EXE /s
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServices: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtange...soft/wtinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://i.grab.com/me...les/222/222.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.36/ttinst.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://i.grab.com/me...mjolauncher.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.co...gameloader6.cab
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP