TheTechGuide Forum
General Category => Tech Clinic => Topic started by: don on June 08, 2005, 10:26:24 AM
-
I seen through this forum that you guys have help to resolve this problem with other members. Was hoping you guys can help me with this one too......
This is the info I got from the HJT
Logfile of HijackThis v1.99.1
Scan saved at 11:09:27 PM, on 6/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\Winkhy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Services\{C713642A-86D1-41A1-97FE-B6ADD51FCA23}\SVCHOST.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgsbej.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Documents and Settings\Don77\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=9 (http://\"http://www.clicksearchclick.com/index.php?aff=9\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://comcast.net (http://\"http://comcast.net\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net (http://\"http://comcast.net\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: WnBrowserHelperObj Class - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - C:\Program Files\AT&T\BBClient\Programs\SaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [yfonyt] C:\WINDOWS\yfonyt.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C713642A-86D1-41A1-97FE-B6ADD51FCA23}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{C713642A-86D1-41A1-97FE-B6ADD51FCA23}\SECURITY.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: strings.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\bre's folder\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\bre's folder\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\bre's folder\INETREPL.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {44F8F120-DC1E-4AD7-B8C9-C28111143C8F} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://comcast.net
O14 - IERESET.INF: MS_START_PAGE_URL=http://comcast.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094087945151 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094087945151\")
O20 - AppInit_DLLs:
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe (file missing)
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Winkhy - Unknown owner - C:\WINDOWS\System32\Winkhy.exe
O23 - Service: Winkjc - Unknown owner - C:\WINDOWS\System32\Winkjc.exe (file missing)
O23 - Service: Winkjj - Unknown owner - C:\WINDOWS\System32\Winkjj.exe (file missing)
O23 - Service: Winkjo - Unknown owner - C:\WINDOWS\System32\Winkjo.exe (file missing)
O23 - Service: Winkmib - Unknown owner - C:\WINDOWS\System32\Winkmib.exe (file missing)
O23 - Service: Winkql - Unknown owner - C:\WINDOWS\System32\Winkql.exe (file missing)
O23 - Service: Winkui - Unknown owner - C:\WINDOWS\System32\Winkui.exe (file missing)
O23 - Service: Winkxom - Unknown owner - C:\WINDOWS\System32\Winkxom.exe (file missing)
O23 - Service: Winkyo - Unknown owner - C:\WINDOWS\System32\Winkyo.exe (file missing)
O23 - Service: Winkzs - Unknown owner - C:\WINDOWS\System32\Winkzs.exe (file missing)
Thanks for your help