Results 1 to 2 of 2

Thread: Hello all...Please Help - Hijackthis log included

  1. #1
    wavethewheat
    Guest

    Hello all...Please Help - Hijackthis log included

    This from my sisters computer...big trouble...yech...

    Logfile of HijackThis v1.97.7
    Scan saved at 12:02:44 PM, on 9/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SYSTEM32\qttask.exe
    C:\WINDOWS\wdskctl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINDOWS\System32\ureueng.exe
    C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\PreferredCustomer\Application Data\oalh.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\PreferredCustomer\Local Settings\Temporary Internet Files\Content.IE5\7GN4NM15\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50171
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\EliteBar version 46.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\PreferredCustomer\Local Settings\Temp\xIb8GQd.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\EliteBar version 46.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [hTh.exe] C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    O4 - HKLM\..\Run: [eT2W.exe] C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [p4mX37T] ureueng.exe
    O4 - HKLM\..\Run: [Sys] C:\windows\system32\winwdl32.exe
    O4 - HKLM\..\Run: [KnXmKb.exe] C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    O4 - HKLM\..\Run: [hTh] C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    O4 - HKLM\..\Run: [eT2W] C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    O4 - HKLM\..\Run: [KnXmKb] C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    O4 - HKLM\..\Run: [SysA] C:\windows\system32\winiuy32.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Tuos] C:\Documents and Settings\PreferredCustomer\Application Data\oalh.exe
    O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O16 - DPF: Win32 Classes -
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minib...ginstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...021.3809027778
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab


  2. #2
    P/T Pagan God thepieman's Avatar
    Join Date
    Nov 2003
    Location
    Brooklyn , New York
    Posts
    13,400
    Quote Originally Posted by wavethewheat
    This from my sisters computer...big trouble...yech...

    Logfile of HijackThis v1.97.7
    Scan saved at 12:02:44 PM, on 9/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\wdskctl.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINDOWS\System32\ureueng.exe
    C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\Documents and Settings\PreferredCustomer\Application Data\oalh.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\WINDOWS\System32\HPZipm12.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50171
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\EliteBar version 46.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\PreferredCustomer\Local Settings\Temp\xIb8GQd.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\EliteBar version 46.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [hTh.exe] C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    O4 - HKLM\..\Run: [eT2W.exe] C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [p4mX37T] ureueng.exe
    O4 - HKLM\..\Run: [Sys] C:\windows\system32\winwdl32.exe
    O4 - HKLM\..\Run: [KnXmKb.exe] C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    O4 - HKLM\..\Run: [hTh] C:\documents and settings\preferredcustomer\local settings\temp\hTh.exe
    O4 - HKLM\..\Run: [eT2W] C:\documents and settings\preferredcustomer\local settings\temp\eT2W.exe
    O4 - HKLM\..\Run: [KnXmKb] C:\documents and settings\preferredcustomer\local settings\temp\KnXmKb.exe
    O4 - HKLM\..\Run: [SysA] C:\windows\system32\winiuy32.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Tuos] C:\Documents and Settings\PreferredCustomer\Application Data\oalh.exe
    O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O16 - DPF: Win32 Classes -
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minib...ginstaller.cab
    oK you are infected with wintools which is pretty nasty and a few others...Id use spysweeper first, then ad-aware then follow up with spybot ...must be sure to Update all the softwares 100%. Id install a copy of AVAST anti-Virus too and after installation let it schedule a Boot-time scan , don't let it resatrt the system and then do an update on that and then reboot. It will go through your system and remove a lot of junk.

    Pie
    SG Pimp Name : *Treacherous P. Shizzle*
    *
    The fight for our way of life needs to be fought on our own soil, for our own people and because of our own interests.
    *
    Hey, If Me & My Buddies Were Making Billions of Dollars I'd Tell Ya What Ya Wanted To Hear Too!

Similar Threads

  1. Rejoice automated HijackThis log file analysis
    By alexf in forum Network Security
    Replies: 1
    Last Post: 07-23-04, 04:59 AM
  2. can someone help me about my hijackthis log?
    By rookie_11 in forum General Discussion Board
    Replies: 4
    Last Post: 07-05-04, 12:59 PM
  3. could not log in (JSP code)
    By jilshi in forum Programming Forum
    Replies: 0
    Last Post: 05-10-04, 02:55 AM
  4. Web Blog System
    By nagetech in forum General Discussion Board
    Replies: 6
    Last Post: 04-28-04, 08:21 AM
  5. my DEDICATED SERVER log...recent info.
    By mountainman in forum Gaming
    Replies: 14
    Last Post: 09-20-02, 11:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •