Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack this log


  • Please log in to reply

#1
cyndromeda

cyndromeda

    Member

  • Member
  • PipPip
  • 10 posts
:tazz:
this is my brother's computer and he has some nasty problems that won't even allow him to install antivirus programs.
i tried to do the items on the before you post list, but the computer kept freezing up. i did a hijack this log, hoping for some insight as to what could be going on.
any advice is welcome.

Logfile of HijackThis v1.99.1
Scan saved at 10:51:09 AM, on 9/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SDKZK32.EXE
C:\WINDOWS\SYSTEM\MSNE32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\APIFQ.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ABYVIVCX\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL (disabled by BHODemon)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {595B90B9-38BB-C2F8-70C3-46043FC5DD9D} - C:\WINDOWS\SYSTEM\D3GI.DLL
O2 - BHO: Class - {E5C5DA82-402A-1241-57E8-5AF52A729FEC} - C:\WINDOWS\SYSTEM\D3DR.DLL
O2 - BHO: Class - {EFEBB260-C21E-967D-CA15-0C1770C3C5C5} - C:\WINDOWS\ATLKH32.DLL
O2 - BHO: Class - {AEB90959-0093-AADA-C479-6B1F6B9B24D6} - C:\WINDOWS\WINOB.DLL
O2 - BHO: Class - {627F1F6D-12EC-627B-EB1C-13DD30B5432C} - C:\WINDOWS\SYSTEM\SYSXU32.DLL
O2 - BHO: Class - {21F544A8-869C-E661-F43F-4B58A9DA7A27} - C:\WINDOWS\WINZX32.DLL
O2 - BHO: Class - {B89CB79F-55FE-2C93-770E-299BEDA12117} - C:\WINDOWS\SYSTEM\NETPD.DLL
O2 - BHO: Class - {8C773956-6F83-D1E0-9AC4-EFF449FEFF4B} - C:\WINDOWS\SYSTEM\WINXJ32.DLL
O2 - BHO: Class - {26F824B1-3210-2E17-0339-3763F421ECEA} - C:\WINDOWS\D3QP.DLL
O2 - BHO: Class - {C517274B-EAF0-9359-4983-966F788D172B} - C:\WINDOWS\IPWH32.DLL
O2 - BHO: Class - {AB9FA8F5-6BFA-A465-AC13-2BF9ADC97E65} - C:\WINDOWS\ATLXQ32.DLL
O2 - BHO: Class - {A5FF8485-7410-8006-3E97-05C369AB07B3} - C:\WINDOWS\JAVAFQ32.DLL
O2 - BHO: Class - {C0815FF7-6991-1BCE-7F3F-9410C92B2AD0} - C:\WINDOWS\SYSTEM\SYSQY32.DLL
O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL
O2 - BHO: Class - {9AD05C3A-CC73-B83C-9965-1A6BED5208BB} - C:\WINDOWS\APPYT32.DLL
O2 - BHO: Class - {B6EE36B3-955D-C400-BD4A-895722D75AF0} - C:\WINDOWS\SYSTEM\WINAY32.DLL
O2 - BHO: Class - {BB6F388D-DCC6-C89B-AA43-4FA80F73987A} - C:\WINDOWS\APIZL32.DLL
O2 - BHO: Class - {49C4484A-E8A4-EFC7-8F1A-571F446C97C3} - C:\WINDOWS\SYSTEM\IETB.DLL
O2 - BHO: Class - {789E6ACA-7D9C-0143-CDA9-054F4543DB2C} - C:\WINDOWS\JAVABX.DLL
O2 - BHO: Class - {646E2E0B-4014-CADD-B572-242AA038B2F1} - C:\WINDOWS\SYSTEM\IEWA.DLL
O2 - BHO: Class - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - C:\WINDOWS\IEYH.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [APIFQ.EXE] C:\WINDOWS\SYSTEM\APIFQ.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [CRCX32.EXE] C:\WINDOWS\SYSTEM\CRCX32.EXE /s
O4 - HKLM\..\RunServices: [SDKZK32.EXE] C:\WINDOWS\SYSTEM\SDKZK32.EXE /s
O4 - HKLM\..\RunServices: [MSNE32.EXE] C:\WINDOWS\SYSTEM\MSNE32.EXE /s
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServices: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtange...soft/wtinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://i.grab.com/me...les/222/222.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.36/ttinst.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://i.grab.com/me...mjolauncher.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.co...gameloader6.cab
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP