Annoyances.org
Home » Windows 2000 Discussion Forum » Message 1115038556 Search | Help | Home
  
re: Intenet Explorer Hack
Monday, May 2, 2005 at 5:55 am
Windows 2000 Annoyances Discussion Forum
Posted by Abu Bakar (2 messages posted) 

The log is as under:
Logfile of HijackThis v1.99.1
Scan saved at 10:52:53 PM, on 02/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
C:\WINNT\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dfsnpksrvbpocsnwotdi.com/_Dnsn7B06fTpOcrVunPsp4iQo96361rESB9DlaitUStPBWYhtuXm9hLulf9rlMRF.html
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} 
- C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 
 -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 
12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110804 
serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 
  15 16 17 
O4 - HKCU\..\Run: [Showknob] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCLIV~1\gram blah.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows 
Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 
- C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program 
Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} 
- C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - 
C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/292e63ea6075c3671d05/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) 
- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) 
- 
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager 
Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC9F286-50EE-46B2-A84F-122A725757BD}: NameServer 
= 203.2.75.132 198.142.0.51
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program 
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" 
/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" 
/service (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software 
Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. 
- C:\Program Files\Sygate\SPF\smc.exe









On Sunday, April 10, 2005 at 4:39 am, MrCharlie wrote:

>

>

>Lets see what's on the system.

>

>  Can you please post a HiJackThis scan of your system. Download HJT into its own 

>folder, double click on the HJT.exe, scan and  save log, note or word pad will open 

>and the log will be saved. Copy and paste that log into your reply. Please make 
sure 

>you check the "preserve spacing button" on the bottom of the posting page.

>Download HJT.exe

>

>MrC

>

>

>

>



Written in response to:
re: Intenet Explorer Hack (MrCharlie: Sunday, April 10, 2005 at 4:39 am)

Responses to this message:
*re: Intenet Explorer Hack (DEX: Monday, May 2, 2005 at 7:12 am)
*re: Intenet Explorer Hack (MrCharlie: Monday, May 2, 2005 at 4:49 pm)

All messages in this thread [show all]
-Intenet Explorer Hack (Abu Bakar: Sun, Apr 10, 2005, 4:00 am)
-re: Intenet Explorer Hack (MrCharlie: Sun, Apr 10, 2005, 4:39 am)
-re: Intenet Explorer Hack (Abu Bakar: Mon, May 2, 2005, 5:55 am)
*re: Intenet Explorer Hack (DEX: Mon, May 2, 2005, 7:12 am)
*re: Intenet Explorer Hack (MrCharlie: Mon, May 2, 2005, 4:49 pm)
-re: Intenet Explorer Hack (DEX: Sun, Apr 10, 2005, 7:54 am)
*re: Intenet Explorer Hack (werner: Mon, Apr 11, 2005, 9:47 am)
Return to the Windows 2000 Discussion Forum

All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.