Results 1 to 3 of 3

Thread: Help with hijack log

  1. #1
    Junior Member eightisone's Avatar
    Join Date
    Jun 2004
    Location
    Spartanburg, SC
    Posts
    13

    Question Help with hijack log

    This log is from my plant managers computer at work. Any help would be appreciated.

    Terry



    Logfile of HijackThis v1.99.1
    Scan saved at 10:33:34 AM, on 3/9/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\CPQBIOS.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\system32\CPQAlert.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINNT\system32\sdkdv32.exe
    C:\WINNT\msve.exe
    C:\WINNT\Profiles\tcox\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {A89911A2-25C5-3720-FDF9-E21F3B788C8C} - C:\WINNT\system32\ipdm32.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
    O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [sdkdv32.exe] C:\WINNT\system32\sdkdv32.exe
    O4 - HKLM\..\RunOnce: [d3nv.exe] C:\WINNT\system32\d3nv.exe
    O4 - HKLM\..\RunOnce: [msve.exe] C:\WINNT\msve.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O13 - WWW. Prefix: http://
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\sofprcct.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5CD52330-6C40-48FB-831A-7A99528ACC5D}: NameServer = 207.230.75.34,207.230.75.50
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5CD52330-6C40-48FB-831A-7A99528ACC5D}: NameServer = 207.230.75.34,207.230.75.50
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5CD52330-6C40-48FB-831A-7A99528ACC5D}: NameServer = 207.230.75.34,207.230.75.50
    O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\SYSTEM32\CPQAlert.exe
    O23 - Service: Compaq BIOS (CPQBIOS) - Compaq Computer Corporation - C:\WINNT\SYSTEM32\CPQBIOS.exe
    O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
    O23 - Service: Remote Procedure Call (RPC) Helper ( 6Q'8) - Unknown owner - C:\WINNT\system32\mfchc32.exe (file missing)

  2. #2
    SG Elite
    Join Date
    Jun 2001
    Posts
    26,793
    Boot into safe mode and have hijack this fix the following. Delete any of those files as well after Hijack this fixes the problems.

    Quote Originally Posted by eightisone
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\pgakn.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\pgakn.dll/sp.html#28129

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\pgakn.dll/sp.html#28129

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {A89911A2-25C5-3720-FDF9-E21F3B788C8C} - C:\WINNT\system32\ipdm32.dll

    O4 - HKLM\..\Run: [sdkdv32.exe] C:\WINNT\system32\sdkdv32.exe
    O4 - HKLM\..\RunOnce: [d3nv.exe] C:\WINNT\system32\d3nv.exe
    O4 - HKLM\..\RunOnce: [msve.exe] C:\WINNT\msve.exe

    O13 - WWW. Prefix: http://

    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\sofprcct.exe

    O23 - Service: Remote Procedure Call (RPC) Helper ( 6Q'8) - Unknown owner - C:\WINNT\system32\mfchc32.exe (file missing)

  3. #3
    Junior Member eightisone's Avatar
    Join Date
    Jun 2004
    Location
    Spartanburg, SC
    Posts
    13

    Thumbs up

    Thanks Cabledude, that fixed him right up..

    Terry

Similar Threads

  1. Need help removing Coolweb trojan and reading Hijack log
    By jrmr2004 in forum Network Security
    Replies: 0
    Last Post: 08-16-04, 02:17 PM
  2. hijack this log
    By eightisone in forum Network Security
    Replies: 9
    Last Post: 07-12-04, 09:20 AM
  3. Hijack THis Log..
    By mmione in forum Network Security
    Replies: 4
    Last Post: 07-04-04, 12:11 PM
  4. Web Blog System
    By nagetech in forum General Discussion Board
    Replies: 6
    Last Post: 04-28-04, 09:21 AM
  5. my DEDICATED SERVER log...recent info.
    By mountainman in forum Gaming
    Replies: 14
    Last Post: 09-21-02, 12:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •