Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
72 Posts
Discussion Starter · #1 ·
Logfile of HijackThis v1.99.0
Scan saved at 23:45:00, on 17/01/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CDPlayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\BZAXG9H5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\RAMfreer\RAMfreer.exe
C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINNT\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINNT\search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINNT\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\CDPlayer.exe -tray
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BZAXG9H5.exe] C:\WINNT\system32\BZAXG9H5.exe
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe" -win
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://irc.everywherechat.com:8000/Java/cfs40320.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-ie/iep/games24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} - http://www.worldwinner.com/games/shared/uninstall.cab
O19 - User stylesheet: C:\WINNT\default.css (file missing) (HKLM)
O23 - Service: AVG6 Service - Unknown - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Rgds

Andy :(
 

·
Retired Moderator
Joined
·
84,301 Posts
When those are done, download and run these:

Ad-Aware: http://www.lavasoftusa.com/support/download/

SpyBot: http://majorgeeks.com/download2471.html

Make sure you check for updates for both programs before running them.

Do a full system scan with Ad-Aware, delete whatever it finds.

And Fix any Problems SpyBot finds.

Post a new log afterwards.

Looks like a possible VX2 infection as well so we may need a Moderator to jump in.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top