Jump to content


Photo

Hijack This - Dump


  • Please log in to reply
2 replies to this topic

#1 Mars-Martian

Mars-Martian

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 06:24 PM

well, I normally run Ad-Aware just wondering if it doesn't pick up everything.

Attached Files



#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 June 2004 - 04:57 PM

It's a lot easier to deal with if the log is pasted into the message, rather than being attached.

Here it is:-

Logfile of HijackThis v1.97.7
Scan saved at 7:17:36 PM, on 6/23/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\cisvc.exe
F:\WINNT\System32\CTSvcCDA.exe
F:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0 EVAL\Bin\LPSVS03E.EXE
F:\WINNT\System32\svchost.exe
F:\PROGRA~1\Iomega\System32\AppServices.exe
F:\WINNT\System32\tcpsvcs.exe
F:\Program Files\MacOpener\FORMATM.EXE
F:\WINNT\system32\regsvc.exe
F:\WINNT\System32\locator.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\System32\Tablet.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\atiptaxx.exe
F:\WINNT\system32\starter.exe
F:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\labtec\lwbwheel.exe
F:\WINNT\loadqm.exe
L:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
F:\WINNT\System32\znusqr.exe
F:\Program Files\Internet Optimizer\optimize.exe
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\WINNT\System32\internat.exe
L:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\MacOpener\MacName.exe
L:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
F:\WINNT\System32\cidaemon.exe
C:\corel10\Programs\coreldrw.exe
F:\WINNT\System32\mdm.exe
D:\calypso\Traymon.exe
F:\Program Files\Quark\QuarkXPress\QuarkXPress.exe
C:\DC++\DCPlusPlus.exe
D:\firefox.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://google.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - F:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - F:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - F:\WINNT\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINNT\wsem218.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINNT\nem218.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] F:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Run32dll] f:\winnt\system32\taskmngr.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\labtec\lwbwheel.exe
O4 - HKLM\..\Run: [MacLicense] "F:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "L:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [ePrint 3.0 Service] F:\PROGRA~1\LEADTE~1\LEADTO~1.0EV\bin\EPRINT3E.EXE
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [OrbitUpdate] F:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] F:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [drgklqqikrr] F:\WINNT\System32\znusqr.exe
O4 - HKLM\..\Run: [alchem] F:\WINNT\alchem.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WindowBlinds] F:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WINT] F:\WINNT\System32\wcpcc.exe
O4 - Startup: Connection through Linksys LNE100TX(v5) Fast Ethernet Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = L:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Desktop Application Director 10.lnk = L:\Program Files\Corel\WordPerfect Office 2002\Programs\DAD10.exe
O4 - Global Startup: MacName.lnk = F:\Program Files\MacOpener\MacName.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = L:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O16 - DPF: {00000000-0000-0000-1234-012398761234} - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2B5EB099-EB46-435D-9089-23C0DE130704} (IAOCX.HOSTILESPACE) - https://www.hostiles...AHSOCX20013.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....l/ca/games1.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingsto...TInc/bridge.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.servi...StarInstall.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE04EA9-CACE-4900-9E1A-9E53816BBA79}: NameServer = 66.11.167.161 66.11.168.198
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 June 2004 - 05:00 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - F:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - F:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - F:\WINNT\twaintec.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINNT\wsem218.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINNT\nem218.dll

O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)

O4 - HKLM\..\Run: [OrbitUpdate] F:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] F:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [drgklqqikrr] F:\WINNT\System32\znusqr.exe
O4 - HKLM\..\Run: [alchem] F:\WINNT\alchem.exe
O4 - HKCU\..\Run: [WINT] F:\WINNT\System32\wcpcc.exe

O16 - DPF: {00000000-0000-0000-1234-012398761234} - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingsto...TInc/bridge.cab

Reboot and delete

files
F:\WINNT\System32\znusqr.exe
F:\WINNT\alchem.exe
F:\WINNT\System32\wcpcc.exe

folders
F:\Program Files\Orbit
F:\Program Files\ClearSearch
F:\Program Files\Lycos\Sidesearch

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button