HiJackThis Log Help please!!.

**djremix87** · 01-07-2004

Logfile of HijackThis v1.98.0
Scan saved at 2:36:31 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\sdknc32.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\Trirot.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\THKem.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Symbol Commander\Sensiva.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\pmktto.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\microsoft shared\ink\TPA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\apigq.exe
C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe
C:\Documents and Settings\NEO\Application Data\pwur.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\NEO\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rqtyz.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://rqtyz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rqtyz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rqtyz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rqtyz.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rqtyz.dll/index.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {058C410D-7FA2-8B13-FF31-393FF18E6171} - C:\WINDOWS\system32\crog.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [THKem] C:\WINDOWS\System32\THKem.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] TosHKCW.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpqcywgcsaoq] C:\WINDOWS\System32\pmktto.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [apigq.exe] C:\WINDOWS\system32\apigq.exe
O4 - HKLM\..\RunOnce: [sdknc32.exe] C:\WINDOWS\sdknc32.exe
O4 - HKLM\..\RunOnce: [addtm.exe] C:\WINDOWS\system32\addtm.exe
O4 - HKLM\..\RunOnce: [sdkmg.exe] C:\WINDOWS\sdkmg.exe
O4 - HKLM\..\RunOnce: [mfckd.exe] C:\WINDOWS\mfckd.exe
O4 - HKLM\..\RunOnce: [d3if32.exe] C:\WINDOWS\d3if32.exe
O4 - HKLM\..\RunOnce: [sdkid32.exe] C:\WINDOWS\system32\sdkid32.exe
O4 - HKLM\..\RunOnce: [sdkmy.exe] C:\WINDOWS\system32\sdkmy.exe
O4 - HKLM\..\RunOnce: [appme32.exe] C:\WINDOWS\appme32.exe
O4 - HKLM\..\RunOnce: [ntfa.exe] C:\WINDOWS\ntfa.exe
O4 - HKLM\..\RunOnce: [atlya32.exe] C:\WINDOWS\system32\atlya32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe -a
O4 - HKCU\..\Run: [Srse] C:\Documents and Settings\NEO\Application Data\pwur.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

**Nirvana** · 02-07-2004

Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':

O2 - BHO: (no name) - {058C410D-7FA2-8B13-FF31-393FF18E6171} - C:\WINDOWS\system32\crog.dll

O4 - HKLM\..\Run: [apigq.exe] C:\WINDOWS\system32\apigq.exe
O4 - HKLM\..\RunOnce: [sdknc32.exe] C:\WINDOWS\sdknc32.exe
O4 - HKLM\..\RunOnce: [addtm.exe] C:\WINDOWS\system32\addtm.exe
O4 - HKLM\..\RunOnce: [sdkmg.exe] C:\WINDOWS\sdkmg.exe
O4 - HKLM\..\RunOnce: [mfckd.exe] C:\WINDOWS\mfckd.exe
O4 - HKLM\..\RunOnce: [d3if32.exe] C:\WINDOWS\d3if32.exe
O4 - HKLM\..\RunOnce: [sdkid32.exe] C:\WINDOWS\system32\sdkid32.exe
O4 - HKLM\..\RunOnce: [sdkmy.exe] C:\WINDOWS\system32\sdkmy.exe
O4 - HKLM\..\RunOnce: [appme32.exe] C:\WINDOWS\appme32.exe
O4 - HKLM\..\RunOnce: [ntfa.exe] C:\WINDOWS\ntfa.exe
O4 - HKLM\..\RunOnce: [atlya32.exe] C:\WINDOWS\system32\atlya32.exe

Download About:Buster from either of the following locations:

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

Make sure you have closed ALL Internet Explorer windows. This
is a very important step!!

Run AboutBuster.exe, click ok, then start, then
OK. This will scan your computer for the files responsible for
hijacking your home and/or search settings/page. Copy the results.

Reboot and post a new HijackThis log along with the report from About:Buster.

HiJackThis Log Help please!!.

HiJackThis Log Help please!!.

Similar Threads

HijackThis Log

HiJackThis Log (obviously;)

hijackthis log

HijackThis Log

Hijackthis- log