1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HiJack This Log info....

Discussion in 'Virus & Other Malware Removal' started by BradN10, Sep 1, 2004.

Thread Status:
Not open for further replies.
  1. BradN10

    BradN10 Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    135
    Logfile of HijackThis v1.98.2
    Scan saved at 9:26:27 PM, on 9/1/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
    C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
    C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HIJACKTHIS1982.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kkdsu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kkdsu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kkdsu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kkdsu.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O2 - BHO: Class - {8A512041-7085-7C2F-ABCB-5C2E0FF49B4E} - C:\WINDOWS\SYSTEM\JAVAEQ.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [xmxwebim] C:\WINDOWS\SYSTEM\kxfvvvm.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [APIIP32.EXE] C:\WINDOWS\APIIP32.EXE
    O4 - HKLM\..\RunServices: [ATLRU32.EXE] C:\WINDOWS\SYSTEM\ATLRU32.EXE
    O4 - HKLM\..\RunServices: [WINWR.EXE] C:\WINDOWS\SYSTEM\WINWR.EXE
    O4 - HKLM\..\RunServices: [NETPZ.EXE] C:\WINDOWS\SYSTEM\NETPZ.EXE
    O4 - HKLM\..\RunServices: [MFCSD32.EXE] C:\WINDOWS\MFCSD32.EXE
    O4 - HKLM\..\RunServices: [SDKCB.EXE] C:\WINDOWS\SDKCB.EXE
    O4 - HKLM\..\RunServices: [D3EQ.EXE] C:\WINDOWS\D3EQ.EXE
    O4 - HKLM\..\RunServices: [IPBS.EXE] C:\WINDOWS\SYSTEM\IPBS.EXE
    O4 - HKLM\..\RunServices: [JAVALF32.EXE] C:\WINDOWS\JAVALF32.EXE
    O4 - HKLM\..\RunServices: [SYSWB.EXE] C:\WINDOWS\SYSTEM\SYSWB.EXE
    O4 - HKLM\..\RunServices: [CRTT32.EXE] C:\WINDOWS\CRTT32.EXE
    O4 - HKLM\..\RunServices: [NETEK32.EXE] C:\WINDOWS\SYSTEM\NETEK32.EXE
    O4 - HKLM\..\RunServices: [MFCGK.EXE] C:\WINDOWS\SYSTEM\MFCGK.EXE
    O4 - HKLM\..\RunServices: [NTAC32.EXE] C:\WINDOWS\NTAC32.EXE
    O4 - HKLM\..\RunServices: [NETAJ.EXE] C:\WINDOWS\SYSTEM\NETAJ.EXE
    O4 - HKLM\..\RunServices: [D3KF32.EXE] C:\WINDOWS\D3KF32.EXE
    O4 - HKLM\..\RunServices: [SDKYL.EXE] C:\WINDOWS\SYSTEM\SDKYL.EXE
    O4 - HKLM\..\RunServices: [APIOQ32.EXE] C:\WINDOWS\SYSTEM\APIOQ32.EXE
    O4 - HKLM\..\RunServices: [JAVAVB.EXE] C:\WINDOWS\JAVAVB.EXE
    O4 - HKLM\..\RunServices: [IPKL.EXE] C:\WINDOWS\IPKL.EXE
    O4 - HKLM\..\RunServices: [SYSWU.EXE] C:\WINDOWS\SYSTEM\SYSWU.EXE
    O4 - HKLM\..\RunServices: [MFCWL32.EXE] C:\WINDOWS\SYSTEM\MFCWL32.EXE
    O4 - HKLM\..\RunServices: [APPBY32.EXE] C:\WINDOWS\APPBY32.EXE
    O4 - HKLM\..\RunServices: [MFCNX32.EXE] C:\WINDOWS\SYSTEM\MFCNX32.EXE
    O4 - HKLM\..\RunServices: [APPNR32.EXE] C:\WINDOWS\APPNR32.EXE
    O4 - HKLM\..\RunServices: [ATLOX32.EXE] C:\WINDOWS\ATLOX32.EXE
    O4 - HKLM\..\RunServices: [APIGV32.EXE] C:\WINDOWS\APIGV32.EXE
    O4 - HKLM\..\RunServices: [NETCN32.EXE] C:\WINDOWS\NETCN32.EXE
    O4 - HKLM\..\RunServices: [MFCZP.EXE] C:\WINDOWS\MFCZP.EXE
    O4 - HKLM\..\RunServices: [WINMP.EXE] C:\WINDOWS\WINMP.EXE
    O4 - HKLM\..\RunServices: [WINOQ.EXE] C:\WINDOWS\WINOQ.EXE
    O4 - HKLM\..\RunServices: [WINKY.EXE] C:\WINDOWS\WINKY.EXE
    O4 - HKLM\..\RunServices: [APIBQ.EXE] C:\WINDOWS\SYSTEM\APIBQ.EXE
    O4 - HKLM\..\RunServices: [WINPW.EXE] C:\WINDOWS\SYSTEM\WINPW.EXE
    O4 - HKLM\..\RunServices: [ADDZG.EXE] C:\WINDOWS\ADDZG.EXE
    O4 - HKLM\..\RunServices: [ATLJY32.EXE] C:\WINDOWS\SYSTEM\ATLJY32.EXE
    O4 - HKLM\..\RunServices: [ADDNF32.EXE] C:\WINDOWS\SYSTEM\ADDNF32.EXE
    O4 - HKLM\..\RunServices: [APIUQ32.EXE] C:\WINDOWS\APIUQ32.EXE
    O4 - HKLM\..\RunServices: [NTDE.EXE] C:\WINDOWS\SYSTEM\NTDE.EXE
    O4 - HKLM\..\RunServices: [CRXQ32.EXE] C:\WINDOWS\SYSTEM\CRXQ32.EXE
    O4 - HKLM\..\RunServices: [IETQ32.EXE] C:\WINDOWS\IETQ32.EXE
    O4 - HKLM\..\RunServices: [MFCTT32.EXE] C:\WINDOWS\MFCTT32.EXE
    O4 - HKLM\..\RunServices: [SDKIW.EXE] C:\WINDOWS\SYSTEM\SDKIW.EXE
    O4 - HKLM\..\RunServices: [NETTQ32.EXE] C:\WINDOWS\SYSTEM\NETTQ32.EXE
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Jhmunae] C:\WINDOWS\SYSTEM\aktkx.exe
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Already taken care of please and only one post per topic. It gets quite buisy and your thread will be looked at in time.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269217

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice