Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help


  • Please log in to reply

#1
rthornii

rthornii

    Member

  • Member
  • PipPip
  • 14 posts
Could someone please take a look at this and let me know what to get rid of i'm sure there's more than one malware in here

Logfile of HijackThis v1.98.2
Scan saved at 12:47:47 PM, on 1/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Rodger\LOCALS~1\Temp\bundle.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\System32\eoacwmi.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rodger\Desktop\New Folder (4)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aotdyyuxn...6siNLA03hfY.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.sayyphytp...Y3fPZS6hHYQ.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.gonnasear...arch.php?ref=sb
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.gonnasear...arch.php?ref=sb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.196.132.106 :8080
O1 - Hosts: 206.230.228.10 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Rodger\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\System32\ezsb.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Rodger\dp-b23011805.exe
O4 - HKLM\..\Run: [saSyncMgr] rundll32.exe sasync.dll,SyncWait app=SearchAnt wait=10
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\tktnnbmd.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ocyapvg.exe
O4 - HKLM\..\Run: [mrdjxctpzyd] C:\WINDOWS\System32\eoacwmi.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [SpyBan] "C:\Program Files\SpyBan\SpyBan.exe" /s
O4 - HKCU\..\Run: [9joh2y58.exe] C:\WINDOWS\9joh2y58.exe /dk
O4 - HKCU\..\Run: [start tons] C:\DOCUME~1\Rodger\APPLIC~1\MPEGHO~1\Stop flaw.exe
O4 - HKCU\..\Run: [Advanced Privacy Protector] C:\Documents and Settings\Rodger\app.exe
O4 - Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe
O4 - Global Startup: 9joh2y58.lnk = C:\WINDOWS\9joh2y58.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105462719325


Thanks :tazz:
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Please stick to one topic:
http://www.geekstogo...?showtopic=7242

Regards,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP