[If anyone has a chance can you please help me out with this hijack this log i have..] - Computer Technology Forums

WE HAVE MOVED. Please see our NEW Computer Forums
Technology Forums | Technology Careers

11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !!
See you there,
Larry



If anyone has a chance can you please help me out with this hijack this log i have..

Go to the Tech-Forums Discussion Home Page


Posted by: allison87

My computer is a complete mess so I've finally done a hijack this log but I have no idea how to even go about fixing anything, so if anyone could please help me with this that would be great. thanks.

By the way I used the hijack this analyzer also.

==================================================
==================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at [url]http://www.greyknight17.com/download.htm#programs[/url]

***Security Programs Detected***

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:16:52 PM, on 3/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSCHECKBOP32.EXE
C:\WINDOWS\VZKPVI.EXE
C:\WINDOWS\SYS01076136941.EXE
C:\WINDOWS\SYSTEM\UGWDRHL.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*[url]http://www.yahoo.com/search/ie.html[/url][/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*[url]http://my.yahoo.com[/url][/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*[url]http://www.yahoo.com[/url][/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_6_0_0.DLL
O2 - BHO: (no name) - {D67DB14F-0F8A-4254-879E-76A2D8A06995} - C:\WINDOWS\SYSTEM\QHJ.DLL
O2 - BHO: (no name) - {336C3AC0-9702-11D9-9F0B-004005827A28} - C:\PROGRAM FILES\1JQ7C2GY\1JQ7C2GY.dll (file missing)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL
O2 - BHO: ohb Class - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\RTNEG2.DLL (file missing)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL (file missing)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\SASETUP.DLL
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SYSCHECKBOP32
O4 - HKLM\..\Run: [win3206694107613] C:\WINDOWS\win3206694107613.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\vzkpvi.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [sys01076136941] C:\WINDOWS\sys01076136941.exe
O4 - HKLM\..\Run: [p54k37g] WUVLIBLEAD.EXE
O4 - HKCU\..\Run: [Y2vqRXMph] WSOTCPLC.EXE
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\SYSTEM\WMPLAYER.EXE
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
O4 - Startup: FOLDER.HTT
O4 - Startup: naik.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - [url]http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab[/url]
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url]
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potc_x.cab[/url]
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll[/url]
O16 - DPF: JT's Blocks - [url]http://download.games.yahoo.com/games/clients/y/blt1_x.cab[/url]
O16 - DPF: Yahoo! Word Racer - [url]http://download.games.yahoo.com/games/clients/y/wt0_x.cab[/url]
O16 - DPF: Yahoo! Spelldown - [url]http://download.games.yahoo.com/games/clients/y/sdt1_x.cab[/url]
O16 - DPF: Yahoo! Graffiti - [url]http://download.games.yahoo.com/games/clients/y/grt5_x.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: Yahoo! MahJong - [url]http://download.games.yahoo.com/games/clients/y/ot0_x.cab[/url]
O16 - DPF: Yahoo! MahJong Solitaire - [url]http://download.games.yahoo.com/games/clients/y/mjst3_x.cab[/url]
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab[/url]
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/url]


End of KRC HijackThis Analyzer Log.
==================================================
==================


Posted by: Warez Monster

Remove entries at your own risk

C:\WINDOWS\SYSCHECKBOP32.EXE running process. (SYSCHECKBOP32.EXE)
Malware This is a nasty process! You should fix it and try to delete it manually!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm This entry should be fixed by HijackThis!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm This page could possibly be nasty. If you do not know the entry 'C:\WINDOWS\about.htm', delete it.

O2 - BHO: (no name) - {D67DB14F-0F8A-4254-879E-76A2D8A06995} - C:\WINDOWS\SYSTEM\QHJ.DLL Entries found in this registry zone are potentially nasty. This application ([D67DB14F-0F8A-4254-879E-76A2D8A06995] - Result: ) has been checked.

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\SYSTEM\RSYNCMON.DLL Entries found in this registry zone are potentially nasty. This application ([16B238D5-80DE-47CE-8F17-B3ECE2C2248D] - Result: ) has been checked. Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: ohb Class - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\RTNEG2.DLL (file missing) Entries found in this registry zone are potentially nasty. This application ([999A06FF-10EF-4A29-8640-69E99882C26B] - Result: ) has been checked Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL (file missing) Entries found in this registry zone are potentially nasty. This application ([0F9561D0-03B2-44a3-89A6-E95E417CBA25] - Result: ) has been checked Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll (file missing) Entries found in this registry zone are potentially nasty. This application ([B75F75B8-93F3-429D-FF34-660B206D897A] - Result: ) has been checked. Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/...all/xscan53.cab[/url] This entry is possibly nasty. Should be fixed.

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab This entry is possibly nasty. Should be fixed



Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site