• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
devilman2646

hijack this log, i need help knowing what to fix

6 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 10:50:05 PM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\gearsec.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\2Wire\Gateway\2PortalMon.exe

C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe

C:\WINDOWS\MXOaldr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Broadband Wizard\bbwiz.exe

C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

I:\AssimilatedmIRC\AssimilatedmIRC\AssimilatedmIRC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\MMJB.EXE

C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe

C:\Documents and Settings\JJK Jr\Desktop\wombat.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://maaohy.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://maaohy.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://maaohy.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://maaohy.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://maaohy.outhost.info/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O1 - Hosts: 213.159.118.228 1-se.com

O1 - Hosts: 213.159.118.228 58q.com

O1 - Hosts: 213.159.118.228 aifind.cc

O1 - Hosts: 213.159.118.228 aifind.info

O1 - Hosts: 213.159.118.228 allneedsearch.com

O1 - Hosts: 213.159.118.228 approvedlinks.com

O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com

O1 - Hosts: 213.159.118.228 awebfind.biz

O1 - Hosts: 213.159.118.228 best.royalsearch.net

O1 - Hosts: 213.159.118.228 cracks.am

O1 - Hosts: 213.159.118.228 default-homepage-network.com

O1 - Hosts: 213.159.118.228 find.microgirls.com

O1 - Hosts: 213.159.118.228 find4u.net

O1 - Hosts: 213.159.118.228 freshvideogals.com

O1 - Hosts: 213.159.118.228 i-lookup.com

O1 - Hosts: 213.159.118.228 ie-search.com

O1 - Hosts: 213.159.118.228 in.webcounter.cc

O1 - Hosts: 213.159.118.228 itseasy.us

O1 - Hosts: 213.159.118.228 just.find-itnow.com

O1 - Hosts: 213.159.118.228 link.startmake.com

O1 - Hosts: 213.159.118.228 mysearchnow.com

O1 - Hosts: 213.159.118.228 nativehardcore.com

O1 - Hosts: 213.159.118.228 qwertysearch123.biz

O1 - Hosts: 213.159.118.228 search.ieplugin.com

O1 - Hosts: 213.159.118.228 search.psn.cn

O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com

O1 - Hosts: 213.159.118.228 searchcentrix.com

O1 - Hosts: 213.159.118.228 searchmyrequest.com

O1 - Hosts: 213.159.118.228 super-spider.com

O1 - Hosts: 213.159.118.228 t.rack.cc

O1 - Hosts: 213.159.118.228 teen-biz.com

O1 - Hosts: 213.159.118.228 teenhqpics.com

O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net

O1 - Hosts: 213.159.118.228 webcoolsearch.com

O1 - Hosts: 213.159.118.228 wmmse.com

O1 - Hosts: 213.159.118.228 www.008i.com

O1 - Hosts: 213.159.118.228 www.2fastsearch.net

O1 - Hosts: 213.159.118.228 www.8095.com

O1 - Hosts: 213.159.118.228 www.alfa-search.com

O1 - Hosts: 213.159.118.228 www.boredlife.com

O1 - Hosts: 213.159.118.228 www.couldnotfind.com

O1 - Hosts: 213.159.118.228 www.cracks.am

O1 - Hosts: 213.159.118.228 www.daum.net

O1 - Hosts: 213.159.118.228 www.dreamwiz.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find4u.net

O1 - Hosts: 213.159.118.228 www.firstbookmark.com

O1 - Hosts: 213.159.118.228 www.gajai.com

O1 - Hosts: 213.159.118.228 www.hand-book.com

O1 - Hosts: 213.159.118.228 www.hao123.com

O1 - Hosts: 213.159.118.228 www.hotsearchbox.com

O1 - Hosts: 213.159.118.228 www.hotwebsearch.com

O1 - Hosts: 213.159.118.228 www.hugesearch.net

O1 - Hosts: 213.159.118.228 www.iquicksearch.com

O1 - Hosts: 213.159.118.228 www.lookfor.cc

O1 - Hosts: 213.159.118.228 www.maxxxhosters.com

O1 - Hosts: 213.159.118.228 www.naver.com

O1 - Hosts: 213.159.118.228 www.nkvd.us

O1 - Hosts: 213.159.118.228 www.novafuck.com

O1 - Hosts: 213.159.118.228 www.ohcorea.com

O1 - Hosts: 213.159.118.228 www.omega-search.com

O1 - Hosts: 213.159.118.228 www.onet.pl

O1 - Hosts: 213.159.118.228 www.power-search.info

O1 - Hosts: 213.159.118.228 www.rightfinder.net

O1 - Hosts: 213.159.118.228 www.search-1.net

O1 - Hosts: 213.159.118.228 www.search-and-go.com

O1 - Hosts: 213.159.118.228 www.search-dot.com

O1 - Hosts: 213.159.118.228 www.search-space.com

O1 - Hosts: 213.159.118.228 www.searchforge.com

O1 - Hosts: 213.159.118.228 www.searching-the-net.com

O1 - Hosts: 213.159.118.228 www.searchv.com

O1 - Hosts: 213.159.118.228 www.searchxl.com

O1 - Hosts: 213.159.118.228 www.seznam.cz

O1 - Hosts: 213.159.118.228 www.slotch.com

O1 - Hosts: 213.159.118.228 www.spidersearch.com

O1 - Hosts: 213.159.118.228 www.startium.com

O1 - Hosts: 213.159.118.228 www.therealsearch.com

O1 - Hosts: 213.159.118.228 www.ttjj.com

O1 - Hosts: 213.159.118.228 www.viewpornkey.com

O1 - Hosts: 213.159.118.228 www.wazzupnet.com

O1 - Hosts: 213.159.118.228 www.websearch.com

O1 - Hosts: 213.159.118.228 www.windowws.cc

O1 - Hosts: 213.159.118.228 www.xgmm.com

O1 - Hosts: 213.159.118.228 xwebsearch.biz

O1 - Hosts: 213.159.118.228 yourbookmarks.ws

O1 - Hosts: 216.109.118.72 www.yahoo.com #Home Page

O1 - Hosts: 216.109.127.249 rd.yahoo.com #.url

O1 - Hosts: 67.18.103.163 www.reviewfreaks.com #.url

O1 - Hosts: 62.4.83.211 www.nakedcelebgalleries.com #.url

O1 - Hosts: 216.40.242.198 ybbot.chatcircuit.com #.url

O1 - Hosts: 66.17.140.17 www.dvdrhelp.com #.url

O1 - Hosts: 207.69.167.65 register.earthlink.net #.url

O1 - Hosts: 66.135.216.136 cgi.ebay.com #.url

O1 - Hosts: 216.127.73.12 www.funny-pics.net #.url

O1 - Hosts: 207.44.240.111 www.cheatplanet.com #.url

O1 - Hosts: 206.16.1.133 db.gamefaqs.com #.url

O1 - Hosts: 199.248.197.184 www4.sss.gov #.url

O1 - Hosts: 69.20.83.55 www.paintballkingdom.com #.url

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem216.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AlarmWorks] C:\Program Files\AlarmWorks\clockmstr.exe /SYSTRAY

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -0

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00015/chm.chm::/files/initial.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37874.855150463

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle...l/java/RntX.cab

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimi...DistIOcrack.CAB

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O19 - User stylesheet: C:\WINDOWS\system32\iepafk.jt7

 

 

 

any and all help is appreciated

Share this post


Link to post
Share on other sites

Devilman, If you havent already tried my previous response please ignore it for now and do the following.

 

Goto Start | Run (type) cmd (click Ok)

From The "Command Prompt" (type)

 

NET STOP HACKERDEFENDER100 (press Enter)

 

Note: (that's) NET<space>STOP<space>HACKERDEFENDER100

 

If successful you should see: (wait 30 sec.)

 

"The service is not responding to the control function."

 

 

See if "winunins.ini" exists and open in Notepad

Paste the contents of "winunins.ini".

Share this post


Link to post
Share on other sites

ok it took a little longer than i thought but here is the contents of that ini file

 

[Hidden Table]

inatjoy.dll

motkrtin.dll

witadr.dll

winunins.exe

winunins.ini

svhost.exe

CWShredder*

HijackThis*

ProceXP*

Spybot*

msconfig*

 

[Root Processes]

svhost.exe

trj4j6js.exe

winunins.exe

 

[Hidden Services]

HackerDefender*

 

[Hidden RegKeys]

HackerDefender100

LEGACY_HACKERDEFENDER100

HackerDefenderDrv100

LEGACY_HACKERDEFENDERDRV100

 

[Hidden RegValues]

 

[startup Run]

C:\WINDOWS\svhost.exe -sr -0

 

[Free Space]

 

[Hidden Ports]

 

[settings]

Password=qweqwe

BackdoorShell=ddd.exe

FileMappingName=_.-=[PokuS]=-._

ServiceName=HackerDefender100

ServiceDisplayName=Windows System Uninstaller

ServiceDescription=Microsoft System Service

DriverName=HackerDefenderDrv100

DriverFileName=hxdefdrv.sys

 

[Comments]

Share this post


Link to post
Share on other sites

Hi,

1) Restart in Safe Mode (see "How To:" below)

2) Enable Hidden Files (see "How To:" below)

 

Locate and delete the following:

 

hxdefdrv.sys

inatjoy.dll

motkrtin.dll

witadr.dll

winunins.exe

winunins.ini

svhost.exe (not "svchost.exe")

trj4j6js.exe

ddd.exe

 

Open Regedit and click Edit > Find

(enter) "HackerDefenderDrv100" (no quotes)

Click Find Now

 

Highlight and delete all references found.

Click "F3" to continue searching, repeat until you see the "Completed Search" message.

 

Next, do the same steps for each of the above files.

 

Note: If you cannot delete the registry keys (Access Denied) then Right-click key and click Permissions.. Set Full Control to Allow everyone rights

 

While still in Safe Mode: Run a full system scan with your antivirus

Restart normally and post a fresh HijackThis log.

 

Note: if for some reason "hxdefdrv.sys" seems to be running again in Safe Mode, repeat the "net stop" command again and then delete the files.

 

Link to show hidden files

hidden files

 

Link on how to boot to safe mode

Safe Mode and delete the following files and folders.

Edited by Atribune

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0