1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack this log plz have a look

Discussion in 'Virus & Other Malware Removal' started by Fmode, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. Fmode

    Fmode Thread Starter

    Joined:
    Feb 2, 2004
    Messages:
    18
    Logfile of HijackThis v1.99.0
    Scan saved at 6:38:15 PM, on 2/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\WINDOWS\System32\DeltTray.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\phoownv.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\paqatson.exe
    C:\WINDOWS\System32\vmss\vmss.exe
    C:\WINDOWS\System32\Kflklf.exe
    C:\windows\system32\msnavc32.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\savcert6.exe
    C:\WINDOWS\System32\sysmonnt.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Promise\Utility\MsgAgt.exe
    C:\Program Files\Promise\Utility\MsgSvr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\System32\winbgjk32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Pop Blocker\updatedl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\AIM\aim.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] c:\program files\AsusProb.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [lT0eVi] C:\WINDOWS\phoownv.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\phoownv.exe
    O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]*ú"ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\phoownv.exe
    O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]*ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\phoownv.exe
    O4 - HKLM\..\Run: [2s4R32X] paqatson.exe
    O4 - HKLM\..\Run: [ntechin] C:\WINDOWS\system32\n20050308.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [mdupodgo] C:\Program Files\mdupodgo\mdupodgo.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Kflklf.exe
    O4 - HKLM\..\Run: [kkszru] c:\windows\system32\kkszru.exe
    O4 - HKLM\..\Run: [odsloc] C:\WINDOWS\System32\odsloc.exe
    O4 - HKLM\..\Run: [puzsfc] C:\WINDOWS\System32\puzsfc.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitemah32.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [JBv5RSb3g] savcert6.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Promise RAID message agent - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
    O23 - Service: Promise RAID message server - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,345
    First Name:
    Karen
    Click here: http://www.atribune.org/downloads/l2mfix.exe to download L2mfix.

    Save the file to your desktop and double click l2mfix.exe. Read and Accept the agreement. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329496

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice