Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - xrayted

Pages: [1]
1
Tech Clinic / Hijack Log *Computer is Infested"
« on: December 31, 2004, 12:18:28 PM »
Logfile of HijackThis v1.99.0
Scan saved at 10:07:34 PM, on 12/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Darryl\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [Windows Dialup Service] dialup.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] Win32l.exe
O4 - HKLM\..\Run: [MSN Start] msnmsgr7.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Printer] C:\windows\win32sys.exe
O4 - HKLM\..\Run: [Win Users2] uvnczr.exe
O4 - HKLM\..\Run: [Microsoft InstallPatch] ccrs32.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\TEMP\activex.exe
O4 - HKLM\..\Run: [Win32] C:\windows\system32\dk.exe
O4 - HKLM\..\Run: [Microsoft Disk Scanner] scansdisk.exe
O4 - HKLM\..\Run: [Winamp media player] winapa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\mspaint.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\taskmsg.exe
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\msdos.exe
O4 - HKLM\..\Run: [Spool] C:\windrar.exe
O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\dllmanger.exe
O4 - HKLM\..\Run: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [3eduSR] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [blah service] win32exec.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\suploads.exe
O4 - HKLM\..\Run: [Microsoft Ansti Update] msie.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [ÏòõC<ðË‚ïÁzî[8Ü•C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [Ïò˜¿ÇÏÔ@ÔÁß]­ú"ü‰üžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [Ïò˜¿ÇÏÔÁß]­ú"ü‰üžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [ur key] sys32pwn.exe
O4 - HKLM\..\Run: [SygateX Personal Firewall] syshdd.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\sdklor.exe
O4 - HKLM\..\Run: [Start Upping] iexplorerupdt.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\RunServices: [msnmgre] pwned.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [blah service] win32exec.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [MSNMaSRR5] MSNMaSGRS.exe
O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss32.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Microsoft InstallPatch] ccrs32.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [Windows Dialup Service] dialup.exe
O4 - HKLM\..\RunServices: [windows update] Isass.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] Win32l.exe
O4 - HKLM\..\RunServices: [MSN Start] msnmsgr7.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Win Users2] uvnczr.exe
O4 - HKLM\..\RunServices: [Microsoft Disk Scanner] scansdisk.exe
O4 - HKLM\..\RunServices: [Winamp media player] winapa.exe
O4 - HKLM\..\RunServices: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunServices: [Microsoft Ansti Update] msie.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [ur key] sys32pwn.exe
O4 - HKLM\..\RunServices: [SygateX Personal Firewall] syshdd.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [Start Upping] iexplorerupdt.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunOnce: [Winamp media player] winapa.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Windows Dialup Service] dialup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sygate Personal Firewall] Win32l.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [msdev] msconfig.exe
O4 - HKCU\..\Run: [Microsoft Disk Scanner] scansdisk.exe
O4 - HKCU\..\Run: [Winamp media player] winapa.exe
O4 - HKCU\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\Run: [blah service] win32exec.exe
O4 - HKCU\..\Run: [Microsoft Ansti Update] msie.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Ycahoua] C:\WINDOWS\System32\??rss.exe
O4 - HKCU\..\Run: [ur key] sys32pwn.exe
O4 - HKCU\..\Run: [SygateX Personal Firewall] syshdd.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\Run: [prutdct] C:\WINDOWS\System32\prutdct.exe
O4 - HKCU\..\Run: [Start Upping] iexplorerupdt.exe
O4 - HKCU\..\RunServices: [blah service] win32exec.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\RunOnce: [Winamp media player] winapa.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {B1B7606A-D7B9-42A8-AFA2-476308413211} (VacPro.canada_ver4) - http://advnt01.com/dialer/canada_ver4.CAB
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Microsoft Disk Scanner - Unknown - C:\WINDOWS\System32\scansdisk.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Windows Dialup Service - Unknown - C:\WINDOWS\System32\dialup.exe (file missing)

Pages: [1]