|
Re: HijackThisLog Analysis - Jstanton
Date: Friday, 25 June, 2004 7:52 PM
Terminate these process as they may be active spywares:
C:\WINDOWS\apiqr.exe
Following are search overwrite, you may want to remove them:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res:??jjbkx.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:??www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res:??jjbkx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res:??jjbkx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http:??localhost
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {A006325B-CDDD-9214-0C39-240125681B78} - C:\WINDOWS\msnk32.dll
Remove the following Autoloading Program (O4), as I did a search apiqr and it fail to return any meanful results. Therefore it is highly suspious.
O4 - HKLM\..\Run: [apiqr.exe] C:\WINDOWS\apiqr.exe
Below the the original log but with private information removed.
----
Logfile of HijackThis v1.97.7
Scan saved at 7:48:13 AM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\addpf32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\apiqr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mark powell\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res:??jjbkx.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:??www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res:??jjbkx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res:??jjbkx.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res:??C:\WINDOWS\system32\jjbkx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http:??localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http:??www.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {A006325B-CDDD-9214-0C39-240125681B78} - C:\WINDOWS\msnk32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [apiqr.exe] C:\WINDOWS\apiqr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res:??C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res:??C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res:??C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res:??C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res:??C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http:??activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {11111111-2222-3333-4444-555555555555} - https:??www.taxsimple.com/citrix/federal.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http:??scpwia.ops.placeware.com/etc/place/INDIA/SCIpws-a2/5.1.2.150/lib/quicksilver.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http:??bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https:??webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http:??bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http:??download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http:??download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
|
Post your comment