Jump to content


Photo

Please Read and Review my Hijackthis log.


  • Please log in to reply
5 replies to this topic

#1 surfincali999

surfincali999

    Member

  • New Member
  • Pip
  • 3 posts

Posted 30 July 2004 - 01:03 AM

Logfile of HijackThis v1.98.0
Scan saved at 11:00:52 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ntjl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\ACER\Launch Manager\Wbutton.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ACER\Launch Manager\PowerKey.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ACER\Launch Manager\LaunchAp.exe
C:\Program Files\InvilinkControl\invilink630.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
C:\Program Files\ACER\Launch Manager\CtrlVol.exe
C:\WINDOWS\system32\netiu32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\akantor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqmzb.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yqmzb.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqmzb.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {CBD49121-A8EF-D345-CCFF-038BD5FDDEA9} - C:\WINDOWS\winfw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [InviLinkControl] "C:\Program Files\InvilinkControl\invilink.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [netiu32.exe] C:\WINDOWS\system32\netiu32.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [ntjl.exe] C:\WINDOWS\system32\ntjl.exe
O4 - HKLM\..\RunOnce: [appwi.exe] C:\WINDOWS\appwi.exe
O4 - HKLM\..\RunOnce: [sdkyg32.exe] C:\WINDOWS\system32\sdkyg32.exe
O4 - HKLM\..\RunOnce: [ntix32.exe] C:\WINDOWS\ntix32.exe
O4 - HKLM\..\RunOnce: [msoo.exe] C:\WINDOWS\system32\msoo.exe
O4 - HKLM\..\RunOnce: [apiaw.exe] C:\WINDOWS\apiaw.exe
O4 - HKLM\..\RunOnce: [sdkrp.exe] C:\WINDOWS\system32\sdkrp.exe
O4 - HKLM\..\RunOnce: [addwd.exe] C:\WINDOWS\addwd.exe
O4 - HKLM\..\RunOnce: [addno32.exe] C:\WINDOWS\system32\addno32.exe
O4 - HKLM\..\RunOnce: [appfz32.exe] C:\WINDOWS\system32\appfz32.exe
O4 - HKLM\..\RunOnce: [netes.exe] C:\WINDOWS\system32\netes.exe
O4 - HKLM\..\RunOnce: [sdkhl32.exe] C:\WINDOWS\sdkhl32.exe
O4 - HKLM\..\RunOnce: [appuz.exe] C:\WINDOWS\system32\appuz.exe
O4 - HKLM\..\RunOnce: [crjy.exe] C:\WINDOWS\crjy.exe
O4 - HKLM\..\RunOnce: [javadf32.exe] C:\WINDOWS\javadf32.exe
O4 - HKLM\..\RunOnce: [appfb.exe] C:\WINDOWS\system32\appfb.exe
O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\system32\sdkuq.exe
O4 - HKLM\..\RunOnce: [atlrm.exe] C:\WINDOWS\system32\atlrm.exe
O4 - HKLM\..\RunOnce: [javast.exe] C:\WINDOWS\system32\javast.exe
O4 - HKLM\..\RunOnce: [winqt32.exe] C:\WINDOWS\winqt32.exe
O4 - HKLM\..\RunOnce: [ntjj32.exe] C:\WINDOWS\ntjj32.exe
O4 - HKLM\..\RunOnce: [addsr.exe] C:\WINDOWS\addsr.exe
O4 - HKLM\..\RunOnce: [appix32.exe] C:\WINDOWS\system32\appix32.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apitr.exe] C:\WINDOWS\system32\apitr.exe
O4 - HKLM\..\RunOnce: [ieif.exe] C:\WINDOWS\system32\ieif.exe
O4 - HKLM\..\RunOnce: [appse32.exe] C:\WINDOWS\appse32.exe
O4 - HKLM\..\RunOnce: [applg.exe] C:\WINDOWS\system32\applg.exe
O4 - Global Startup: SmartEnforcer.lnk = C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\Software\..\Telephony: DomainName = stevenson.pirates
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stevenson.pirates

#2 daveai

daveai

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,214 posts

Posted 02 September 2004 - 10:56 PM

Thanks for sending your HijackThis logfile. We apologize for the delay in responding. The volunteers working here are swamped, and unfortunately some requests don't get ansered in a timely manner.

If you still need some help with your problem, please respond to this with a fresh HijackThis log.

I will be notified automatically when that happens.

Thanks
daveai
If you found our service worthwhile, and want to help keep SpwareInfo running please consider donating here.

"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#3 surfincali999

surfincali999

    Member

  • New Member
  • Pip
  • 3 posts

Posted 04 September 2004 - 11:55 PM

Here is my latest HijackThis log. Sorry it took so long to re post it, ive been busy this summer and havent been reading email, please help and review the log.


Logfile of HijackThis v1.98.0
Scan saved at 9:57:15 PM, on 9/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\addno32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\ACER\Launch Manager\Wbutton.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ACER\Launch Manager\PowerKey.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ACER\Launch Manager\LaunchAp.exe
C:\Program Files\InvilinkControl\invilink630.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
C:\Program Files\ACER\Launch Manager\CtrlVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\akantor\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqmzb.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {CBD49121-A8EF-D345-CCFF-038BD5FDDEA9} - C:\WINDOWS\winfw.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [InviLinkControl] "C:\Program Files\InvilinkControl\invilink.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [appfz32.exe] C:\WINDOWS\system32\appfz32.exe
O4 - HKLM\..\RunOnce: [netes.exe] C:\WINDOWS\system32\netes.exe
O4 - HKLM\..\RunOnce: [sdkhl32.exe] C:\WINDOWS\sdkhl32.exe
O4 - HKLM\..\RunOnce: [javadf32.exe] C:\WINDOWS\javadf32.exe
O4 - HKLM\..\RunOnce: [atlrm.exe] C:\WINDOWS\system32\atlrm.exe
O4 - HKLM\..\RunOnce: [javast.exe] C:\WINDOWS\system32\javast.exe
O4 - HKLM\..\RunOnce: [winqt32.exe] C:\WINDOWS\winqt32.exe
O4 - HKLM\..\RunOnce: [ntjj32.exe] C:\WINDOWS\ntjj32.exe
O4 - HKLM\..\RunOnce: [addsr.exe] C:\WINDOWS\addsr.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apitr.exe] C:\WINDOWS\system32\apitr.exe
O4 - HKLM\..\RunOnce: [ieif.exe] C:\WINDOWS\system32\ieif.exe
O4 - HKLM\..\RunOnce: [appse32.exe] C:\WINDOWS\appse32.exe
O4 - HKLM\..\RunOnce: [applg.exe] C:\WINDOWS\system32\applg.exe
O4 - HKLM\..\RunOnce: [mfcpf.exe] C:\WINDOWS\mfcpf.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Kazaa Lite Resurrection\ProtoWall\ProtoWall.exe
O4 - Global Startup: SmartEnforcer.lnk = C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\Software\..\Telephony: DomainName = stevenson.pirates
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stevenson.pirates

#4 daveai

daveai

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,214 posts

Posted 05 September 2004 - 12:27 PM

surfincali999 -- Thanks for sending in your HijackThis log.

You have a CoolWebSearch infection (among other problems) that will take two or three posts to fix. We'll use the template for this problem developed by PGP Phantom.

Once we start, IT'S IMPORTANT that you not reboot between the first reply to me and my response with the main body of the fix. I will be online during the evening of 9/5/04 in the Pacific time zone, so if convenient you may time your first reply for around then.


The first post is to collect some information:
  • ActiveServices ...
  • Please download GetService.zip
  • Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
  • getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work


Thanks
daveai
If you found our service worthwhile, and want to help keep SpwareInfo running please consider donating here.

"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#5 surfincali999

surfincali999

    Member

  • New Member
  • Pip
  • 3 posts

Posted 07 September 2004 - 11:33 AM

Here it is daveai, thanks for helping me out


Logfile of HijackThis v1.98.0
Scan saved at 9:57:15 PM, on 9/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\addno32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\ACER\Launch Manager\Wbutton.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ACER\Launch Manager\PowerKey.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\ACER\Launch Manager\LaunchAp.exe
C:\Program Files\InvilinkControl\invilink630.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
C:\Program Files\ACER\Launch Manager\CtrlVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\akantor\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqmzb.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {CBD49121-A8EF-D345-CCFF-038BD5FDDEA9} - C:\WINDOWS\winfw.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [InviLinkControl] "C:\Program Files\InvilinkControl\invilink.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [appfz32.exe] C:\WINDOWS\system32\appfz32.exe
O4 - HKLM\..\RunOnce: [netes.exe] C:\WINDOWS\system32\netes.exe
O4 - HKLM\..\RunOnce: [sdkhl32.exe] C:\WINDOWS\sdkhl32.exe
O4 - HKLM\..\RunOnce: [javadf32.exe] C:\WINDOWS\javadf32.exe
O4 - HKLM\..\RunOnce: [atlrm.exe] C:\WINDOWS\system32\atlrm.exe
O4 - HKLM\..\RunOnce: [javast.exe] C:\WINDOWS\system32\javast.exe
O4 - HKLM\..\RunOnce: [winqt32.exe] C:\WINDOWS\winqt32.exe
O4 - HKLM\..\RunOnce: [ntjj32.exe] C:\WINDOWS\ntjj32.exe
O4 - HKLM\..\RunOnce: [addsr.exe] C:\WINDOWS\addsr.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apitr.exe] C:\WINDOWS\system32\apitr.exe
O4 - HKLM\..\RunOnce: [ieif.exe] C:\WINDOWS\system32\ieif.exe
O4 - HKLM\..\RunOnce: [appse32.exe] C:\WINDOWS\appse32.exe
O4 - HKLM\..\RunOnce: [applg.exe] C:\WINDOWS\system32\applg.exe
O4 - HKLM\..\RunOnce: [mfcpf.exe] C:\WINDOWS\mfcpf.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Kazaa Lite Resurrection\ProtoWall\ProtoWall.exe
O4 - Global Startup: SmartEnforcer.lnk = C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\Software\..\Telephony: DomainName = stevenson.pirates
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stevenson.pirates
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stevenson.pirates

#6 daveai

daveai

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,214 posts

Posted 07 September 2004 - 05:12 PM

surfincali999 -- Glad to help :)

You didn't send the "getservice.txt " file as requested. So, let's start again.



You have a CoolWebSearch infection (among other problems) that will take two or three posts to fix. We'll use the template for this problem developed by PGP Phantom.

Once we start, IT'S IMPORTANT that you not reboot between the first reply to me (with the "getservice.txt" log mentioned below), and my response with the main body of the fix.

The first post is to collect some information that is required to fix the CWS infection:
  • ActiveServices ...
  • Please download GetService.zip
  • Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
  • getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here, along with a current HijackThis log.
From the moment you post your list, until you see a detailed fix written up in the next post from me, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work


Thanks
daveai
If you found our service worthwhile, and want to help keep SpwareInfo running please consider donating here.

"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button