Jump to content


Photo

please help!


  • Please log in to reply
3 replies to this topic

#1 v0lc0m_x

v0lc0m_x

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 02:00 PM

i've been having problems recently. i run xp home edition and my task manager and regedit has been "disallowed by administrator". other people have told me to run gpedit.msc, but i don't run xp professional. here's my log, please check it and reply with any suggestions, thank you very much.


Logfile of HijackThis v1.97.7
Scan saved at 2:17:36 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\sysnr.exe
C:\WINNT\system32\explorer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\program files\desksite\bin\cma.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINNT\system32\d3nw.exe
C:\WINNT\System32\mssrv.exe
C:\WINNT\system32\mod32.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
C:\Program Files\CallWave\IAM.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\Restore\rstrui.exe
C:\WINNT\ActiveXExe\VTTLLV.EXE
C:\Program Files\Remote Task Manager\RTMService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe
O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe
O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe
O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe
O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe
O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe
O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe
O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe
O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe
O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe
O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe
O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe
O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe
O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe
O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe
O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe
O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe
O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe
O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe
O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe
O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe
O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe
O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.s...yog/y/va1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7543.7603819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

#2 v0lc0m_x

v0lc0m_x

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 07:51 PM

hello, i am having several problems as of late. i run XP home edition. i cannot open task manager or regedit because they have been "disallowed by administrator". however, i am on an admin account. i am also getting many pop-ups. my homepage also changes every time i open my browser. i think that may be caused by CW, but the CWshredder failed to fix it. anyway, here is my HijackThis log. any help would be much appreciated. thank you.


Logfile of HijackThis v1.97.7
Scan saved at 2:17:36 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\sysnr.exe
C:\WINNT\system32\explorer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\program files\desksite\bin\cma.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINNT\system32\d3nw.exe
C:\WINNT\System32\mssrv.exe
C:\WINNT\system32\mod32.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
C:\Program Files\CallWave\IAM.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\Restore\rstrui.exe
C:\WINNT\ActiveXExe\VTTLLV.EXE
C:\Program Files\Remote Task Manager\RTMService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe
O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe
O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe
O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe
O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe
O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe
O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe
O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe
O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe
O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe
O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe
O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe
O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe
O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe
O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe
O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe
O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe
O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe
O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe
O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe
O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe
O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe
O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.s...yog/y/va1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7543.7603819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

#3 v0lc0m_x

v0lc0m_x

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 09:53 PM

i'm not exactly sure what kind of problem i have but no one is helping me in the other forums. please forgive a noob ig i am posing this in the wrong forum. anyway, i'm not sure of what's wrong with my computer (i run XP home edition, by the way). i just know that my task manager and regedit have been "disallowed by administrator". however, i'm on the admin account. anyway here is my HijackThis log. (any help would be greatly appreciated, thank you.)


Logfile of HijackThis v1.97.7
Scan saved at 2:17:36 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\sysnr.exe
C:\WINNT\system32\explorer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\program files\desksite\bin\cma.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINNT\system32\d3nw.exe
C:\WINNT\System32\mssrv.exe
C:\WINNT\system32\mod32.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
C:\Program Files\CallWave\IAM.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\Restore\rstrui.exe
C:\WINNT\ActiveXExe\VTTLLV.EXE
C:\Program Files\Remote Task Manager\RTMService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe
O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe
O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe
O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe
O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe
O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe
O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe
O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe
O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe
O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe
O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe
O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe
O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe
O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe
O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe
O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe
O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe
O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe
O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe
O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe
O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe
O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe
O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe
O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe
O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.s...yog/y/va1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7543.7603819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 July 2004 - 11:04 AM

SaTsuJiN,

Your posts moved to a thread of your own.
http://www.spywarein...topic=12910&hl=

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button