Jump to content


Photo

noobie hijacked, need help please


  • Please log in to reply
1 reply to this topic

#1 relapse808

relapse808

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 July 2004 - 10:50 AM

here is my log, thanks for helping

Logfile of HijackThis v1.97.7
Scan saved at 9:59:07 AM, on 7/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\LDClient\LOCALSCH.EXE
C:\WINNT\system32\cba\pds.exe
C:\LDClient\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\LDCLIENT\SDISTHK.EXE
C:\LDClient\SOFTMON.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Interwise\Student\pull.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\regedit.exe
E:\CSA FOLDERS\lwchance\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by University of Phoenix Online
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\LDCLIENT\SDISTHK.EXE,C:\LDClient\SOFTMON.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s /bw=LAN
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Push Client.LNK = C:\Interwise\Student\pull.exe
O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://oweb
O15 - Trusted Zone: *.apollogrp.edu
O15 - Trusted Zone: http://*.oweb
O15 - Trusted Zone: *.phoenix.edu
O15 - Trusted Zone: http://*.source
O15 - Trusted Zone: http://*.uoponline.com
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8090.5554513889
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/p...r/v5/ticker.cab
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://activex.micro...eb/ikcntrls.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://uoponlweb/vie...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = apollogrp.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = apollogrp.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = apollogrp.edu

#2 relapse808

relapse808

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 July 2004 - 10:57 AM

BUMPAGE!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button