Jump to content


Photo

Hijackthis log


  • This topic is locked This topic is locked
1 reply to this topic

#1 TonyK

TonyK

    Member

  • New Member
  • Pip
  • 1 posts

Posted 22 July 2004 - 09:07 PM

Can some one check this log for me and tell me what to do, please
Thank you

Logfile of HijackThis v1.97.7
Scan saved at 9:17:41 PM, on 7/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winoc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\inetdata\winlogon.exe
C:\WINDOWS\atlaw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Documents and Settings\georga\Application Data\dbar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\georga\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ozods.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ozods.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ozods.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ozods.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ozods.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ozods.dll/sp.html#96676
F1 - win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O2 - BHO: (no name) - {13174FBF-C2D3-05B9-004D-DE10AA0852D2} - C:\WINDOWS\d3fp32.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {D23F30D6-34EA-DD76-6BCB-3A5FEDE092E5} - C:\WINDOWS\system32\addnw.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [atlaw.exe] C:\WINDOWS\atlaw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKCU\..\Run: [Drwa] C:\Documents and Settings\georga\Application Data\dbar.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1018.dll,InstantAccess
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKLM\..\RunOnce: [appux32.exe] C:\WINDOWS\system32\appux32.exe
O4 - HKLM\..\RunOnce: [syskn32.exe] C:\WINDOWS\system32\syskn32.exe
O4 - HKLM\..\RunOnce: [mseo32.exe] C:\WINDOWS\mseo32.exe
O4 - HKLM\..\RunOnce: [apiss.exe] C:\WINDOWS\apiss.exe
O4 - HKLM\..\RunOnce: [sysyu.exe] C:\WINDOWS\system32\sysyu.exe
O4 - HKLM\..\RunOnce: [mfccw.exe] C:\WINDOWS\mfccw.exe
O4 - HKLM\..\RunOnce: [netcc.exe] C:\WINDOWS\system32\netcc.exe
O4 - HKLM\..\RunOnce: [mfcwm32.exe] C:\WINDOWS\system32\mfcwm32.exe
O4 - HKLM\..\RunOnce: [atlfi.exe] C:\WINDOWS\atlfi.exe
O4 - HKLM\..\RunOnce: [apipv32.exe] C:\WINDOWS\apipv32.exe
O4 - HKLM\..\RunOnce: [crhx.exe] C:\WINDOWS\system32\crhx.exe
O4 - HKLM\..\RunOnce: [sdkts32.exe] C:\WINDOWS\sdkts32.exe
O4 - HKLM\..\RunOnce: [atlks.exe] C:\WINDOWS\atlks.exe
O4 - HKLM\..\RunOnce: [netwo32.exe] C:\WINDOWS\netwo32.exe
O4 - HKLM\..\RunOnce: [msha.exe] C:\WINDOWS\system32\msha.exe
O4 - HKLM\..\RunOnce: [d3qe32.exe] C:\WINDOWS\d3qe32.exe
O4 - HKLM\..\RunOnce: [winrv.exe] C:\WINDOWS\system32\winrv.exe
O4 - HKLM\..\RunOnce: [mfckx.exe] C:\WINDOWS\mfckx.exe
O4 - HKLM\..\RunOnce: [netmk32.exe] C:\WINDOWS\netmk32.exe
O4 - HKLM\..\RunOnce: [ipah.exe] C:\WINDOWS\ipah.exe
O4 - HKLM\..\RunOnce: [atlen32.exe] C:\WINDOWS\atlen32.exe
O4 - HKLM\..\RunOnce: [iezh.exe] C:\WINDOWS\system32\iezh.exe
O4 - HKLM\..\RunOnce: [ipqv32.exe] C:\WINDOWS\system32\ipqv32.exe
O4 - HKLM\..\RunOnce: [winbi32.exe] C:\WINDOWS\system32\winbi32.exe
O4 - HKLM\..\RunOnce: [msjk.exe] C:\WINDOWS\msjk.exe
O4 - HKLM\..\RunOnce: [netgd32.exe] C:\WINDOWS\system32\netgd32.exe
O4 - HKLM\..\RunOnce: [winru32.exe] C:\WINDOWS\winru32.exe
O4 - HKLM\..\RunOnce: [syswu.exe] C:\WINDOWS\syswu.exe
O4 - HKLM\..\RunOnce: [iegq.exe] C:\WINDOWS\system32\iegq.exe
O4 - HKLM\..\RunOnce: [crwf32.exe] C:\WINDOWS\system32\crwf32.exe
O4 - HKLM\..\RunOnce: [atlvq.exe] C:\WINDOWS\atlvq.exe
O4 - HKLM\..\RunOnce: [ntpq.exe] C:\WINDOWS\ntpq.exe
O4 - HKLM\..\RunOnce: [ntuh.exe] C:\WINDOWS\ntuh.exe
O4 - HKLM\..\RunOnce: [syska.exe] C:\WINDOWS\system32\syska.exe
O4 - HKLM\..\RunOnce: [msfk32.exe] C:\WINDOWS\msfk32.exe
O4 - HKLM\..\RunOnce: [ipgv.exe] C:\WINDOWS\system32\ipgv.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [mfcyf32.exe] C:\WINDOWS\mfcyf32.exe
O4 - HKLM\..\RunOnce: [mfcun32.exe] C:\WINDOWS\mfcun32.exe
O4 - HKLM\..\RunOnce: [d3nl.exe] C:\WINDOWS\system32\d3nl.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\addrn.exe
O4 - HKLM\..\RunOnce: [apiiu32.exe] C:\WINDOWS\apiiu32.exe
O4 - HKLM\..\RunOnce: [syszu.exe] C:\WINDOWS\syszu.exe
O4 - HKLM\..\RunOnce: [ipgo32.exe] C:\WINDOWS\ipgo32.exe
O4 - HKLM\..\RunOnce: [mfctu32.exe] C:\WINDOWS\mfctu32.exe
O4 - HKLM\..\RunOnce: [iekb.exe] C:\WINDOWS\iekb.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\system32\apiry.exe
O4 - HKLM\..\RunOnce: [crte32.exe] C:\WINDOWS\crte32.exe
O4 - HKLM\..\RunOnce: [apism.exe] C:\WINDOWS\apism.exe
O4 - HKLM\..\RunOnce: [iedr.exe] C:\WINDOWS\system32\iedr.exe
O4 - HKLM\..\RunOnce: [sdkay.exe] C:\WINDOWS\system32\sdkay.exe
O4 - HKLM\..\RunOnce: [ierf.exe] C:\WINDOWS\system32\ierf.exe
O4 - HKLM\..\RunOnce: [msdl32.exe] C:\WINDOWS\msdl32.exe
O4 - HKLM\..\RunOnce: [appnb.exe] C:\WINDOWS\system32\appnb.exe
O4 - HKLM\..\RunOnce: [appdk32.exe] C:\WINDOWS\system32\appdk32.exe
O4 - HKLM\..\RunOnce: [addor32.exe] C:\WINDOWS\system32\addor32.exe
O4 - HKLM\..\RunOnce: [applc32.exe] C:\WINDOWS\system32\applc32.exe
O4 - HKLM\..\RunOnce: [addxi.exe] C:\WINDOWS\system32\addxi.exe
O4 - HKLM\..\RunOnce: [winoc32.exe] C:\WINDOWS\system32\winoc32.exe
O4 - HKLM\..\RunOnce: [appgj32.exe] C:\WINDOWS\appgj32.exe
O4 - HKLM\..\RunOnce: [sdkzj.exe] C:\WINDOWS\sdkzj.exe
O4 - HKLM\..\RunOnce: [winff.exe] C:\WINDOWS\system32\winff.exe
O4 - HKLM\..\RunOnce: [mfckh.exe] C:\WINDOWS\mfckh.exe
O4 - HKLM\..\RunOnce: [mfcpg.exe] C:\WINDOWS\system32\mfcpg.exe
O4 - HKLM\..\RunOnce: [ieee32.exe] C:\WINDOWS\ieee32.exe
O4 - HKLM\..\RunOnce: [syssa32.exe] C:\WINDOWS\system32\syssa32.exe
O4 - HKLM\..\RunOnce: [windv32.exe] C:\WINDOWS\system32\windv32.exe
O4 - HKLM\..\RunOnce: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\RunOnce: [syslr32.exe] C:\WINDOWS\system32\syslr32.exe
O4 - HKLM\..\RunOnce: [apiob32.exe] C:\WINDOWS\system32\apiob32.exe
O4 - HKLM\..\RunOnce: [apims32.exe] C:\WINDOWS\apims32.exe
O4 - HKLM\..\RunOnce: [syswi32.exe] C:\WINDOWS\system32\syswi32.exe
O4 - HKLM\..\RunOnce: [d3ry.exe] C:\WINDOWS\system32\d3ry.exe
O4 - HKLM\..\RunOnce: [netqg32.exe] C:\WINDOWS\system32\netqg32.exe
O4 - HKLM\..\RunOnce: [msye.exe] C:\WINDOWS\msye.exe
O4 - HKLM\..\RunOnce: [sdkae32.exe] C:\WINDOWS\sdkae32.exe
O4 - HKLM\..\RunOnce: [ntle32.exe] C:\WINDOWS\ntle32.exe
O4 - HKLM\..\RunOnce: [appkm.exe] C:\WINDOWS\system32\appkm.exe
O4 - HKLM\..\RunOnce: [apiau32.exe] C:\WINDOWS\system32\apiau32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [d3fc.exe] C:\WINDOWS\system32\d3fc.exe
O4 - HKLM\..\RunOnce: [ipor.exe] C:\WINDOWS\system32\ipor.exe
O4 - HKLM\..\RunOnce: [crnk.exe] C:\WINDOWS\system32\crnk.exe
O4 - HKLM\..\RunOnce: [netwj.exe] C:\WINDOWS\netwj.exe
O4 - HKLM\..\RunOnce: [appjb.exe] C:\WINDOWS\appjb.exe
O4 - HKLM\..\RunOnce: [apilw32.exe] C:\WINDOWS\apilw32.exe
O4 - HKLM\..\RunOnce: [sdksz32.exe] C:\WINDOWS\system32\sdksz32.exe
O4 - HKLM\..\RunOnce: [mssq.exe] C:\WINDOWS\mssq.exe
O4 - HKLM\..\RunOnce: [addgg.exe] C:\WINDOWS\system32\addgg.exe
O4 - HKLM\..\RunOnce: [mstz.exe] C:\WINDOWS\system32\mstz.exe
O4 - HKLM\..\RunOnce: [winfp.exe] C:\WINDOWS\system32\winfp.exe
O4 - HKLM\..\RunOnce: [mfcxg32.exe] C:\WINDOWS\mfcxg32.exe
O4 - HKLM\..\RunOnce: [apidy32.exe] C:\WINDOWS\system32\apidy32.exe
O4 - HKLM\..\RunOnce: [crwj32.exe] C:\WINDOWS\system32\crwj32.exe
O4 - HKLM\..\RunOnce: [d3xv.exe] C:\WINDOWS\d3xv.exe
O4 - HKLM\..\RunOnce: [appno.exe] C:\WINDOWS\system32\appno.exe
O4 - HKLM\..\RunOnce: [ienf.exe] C:\WINDOWS\system32\ienf.exe
O4 - HKLM\..\RunOnce: [cruy.exe] C:\WINDOWS\system32\cruy.exe
O4 - HKLM\..\RunOnce: [netrt32.exe] C:\WINDOWS\system32\netrt32.exe
O4 - HKLM\..\RunOnce: [sysnu.exe] C:\WINDOWS\sysnu.exe
O4 - HKLM\..\RunOnce: [ntmt.exe] C:\WINDOWS\ntmt.exe
O15 - Trusted Zone: www.mt-download.com
O15 - Trusted Zone: install.xxxtoolbar.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...379/mcfscan.cab

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 29 July 2004 - 03:48 PM

Sorry for the delay, if you still have problems download the latest version of Hijack this and post a fresh log please.
download version 1.98.0 from either of the following links:
LINK 1
or
LINK 2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button