Options
HJT Log-JGK150
Heya, it's me again, JGK150. I just remembered that on another computer, I've been having a similar problem like the omegasearch crap. Except, it calls itself Amazingautosearch.
Here's a log:
Logfile of HijackThis v1.97.7
Scan saved at 09:11:47 PM, on 6/14/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
U:\WINNT\System32\smss.exe
U:\WINNT\system32\winlogon.exe
U:\WINNT\system32\services.exe
U:\WINNT\system32\lsass.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\system32\spoolsv.exe
U:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
U:\WINNT\System32\svchost.exe
U:\Program Files\BANetDSL\Inverse IP Insight\ARMon32a.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
U:\WINNT\system32\regsvc.exe
U:\WINNT\system32\MSTask.exe
D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
U:\WINNT\system32\stisvc.exe
U:\WINNT\system32\ZONELABS\vsmon.exe
U:\WINNT\System32\WBEM\WinMgmt.exe
d:\BANetDSL\WinPoET\WrOS.EXE
U:\WINNT\System32\mspmspsv.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\System32\inetsrv\inetinfo.exe
U:\WINNT\Explorer.EXE
U:\Program Files\Common Files\Symantec Shared\SymTray.exe
U:\WINNT\System32\qttask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
U:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
U:\WINNT\tppaldr.exe
U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
U:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
U:\PROGRA~1\mcafee.com\agent\mcagent.exe
u:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
U:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
U:\Program Files\VitalSigns\Net.Medic\Program\syshook.exe
u:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
U:\WINNT\system32\wuauclt.exe
Q:\Program Files\Microsoft Office\Office\POWERPNT.EXE
U:\Program Files\Internet Explorer\iexplore.exe
U:\WINNT\explorer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=litleozy.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://banet.nbci.com/?tt.banet.fd.0.fd"); (E:\Program Files\Netscape\Users\kwakj\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - U:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - u:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {FC983786-F4CD-469B-8F22-94A9B5D1FE3D} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] d:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] U:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] U:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] U:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] U:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Print Screen Deluxe] F:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe /m
O4 - HKLM\..\Run: [Zone Labs Client] U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [P2P Networking] U:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] S:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [VSOCheckTask] "u:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "u:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] u:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] U:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Propel Accelerator] "U:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [CleanUp] U:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [McRegWiz] u:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] E:\WINDOWS\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] S:\Program Files\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] F:\Valve\Condition Zero\Steam.exe -silent
O4 - HKCU\..\Run: [WAPI] U:\WINNT\System32\wtssvcc.exe
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Microsoft Office.lnk = Q:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net.Medic.lnk = U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
O8 - Extra context menu item: &Download with &DAP - S:\PROGRAM\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - S:\PROGRAM\DAP\dapextie2.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: U:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37457.1656481481
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: Domain = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 204.74.114.93
Some of these stuff I can already recognize and figured I should get rid of. But, just wanted to be on the safe side. Help me out?
NOTE: I already ran Ad-Aware and Spybot before I ran a scan with HJT. I also ran a norton system doctor run. And don't mind the JNKCTI stuff, thats just the name of my dad's Network and company.
Here's a log:
Logfile of HijackThis v1.97.7
Scan saved at 09:11:47 PM, on 6/14/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
U:\WINNT\System32\smss.exe
U:\WINNT\system32\winlogon.exe
U:\WINNT\system32\services.exe
U:\WINNT\system32\lsass.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\system32\spoolsv.exe
U:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
U:\WINNT\System32\svchost.exe
U:\Program Files\BANetDSL\Inverse IP Insight\ARMon32a.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
U:\WINNT\system32\regsvc.exe
U:\WINNT\system32\MSTask.exe
D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
U:\WINNT\system32\stisvc.exe
U:\WINNT\system32\ZONELABS\vsmon.exe
U:\WINNT\System32\WBEM\WinMgmt.exe
d:\BANetDSL\WinPoET\WrOS.EXE
U:\WINNT\System32\mspmspsv.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\System32\inetsrv\inetinfo.exe
U:\WINNT\Explorer.EXE
U:\Program Files\Common Files\Symantec Shared\SymTray.exe
U:\WINNT\System32\qttask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
U:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
U:\WINNT\tppaldr.exe
U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
U:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
U:\PROGRA~1\mcafee.com\agent\mcagent.exe
u:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
U:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
U:\Program Files\VitalSigns\Net.Medic\Program\syshook.exe
u:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
U:\WINNT\system32\wuauclt.exe
Q:\Program Files\Microsoft Office\Office\POWERPNT.EXE
U:\Program Files\Internet Explorer\iexplore.exe
U:\WINNT\explorer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=litleozy.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://banet.nbci.com/?tt.banet.fd.0.fd"); (E:\Program Files\Netscape\Users\kwakj\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - U:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - u:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {FC983786-F4CD-469B-8F22-94A9B5D1FE3D} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] d:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] U:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] U:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] U:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] U:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Print Screen Deluxe] F:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe /m
O4 - HKLM\..\Run: [Zone Labs Client] U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [P2P Networking] U:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] S:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [VSOCheckTask] "u:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "u:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] u:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] U:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Propel Accelerator] "U:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [CleanUp] U:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [McRegWiz] u:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] E:\WINDOWS\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] S:\Program Files\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] F:\Valve\Condition Zero\Steam.exe -silent
O4 - HKCU\..\Run: [WAPI] U:\WINNT\System32\wtssvcc.exe
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Microsoft Office.lnk = Q:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net.Medic.lnk = U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
O8 - Extra context menu item: &Download with &DAP - S:\PROGRAM\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - S:\PROGRAM\DAP\dapextie2.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: U:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37457.1656481481
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: Domain = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 204.74.114.93
Some of these stuff I can already recognize and figured I should get rid of. But, just wanted to be on the safe side. Help me out?
NOTE: I already ran Ad-Aware and Spybot before I ran a scan with HJT. I also ran a norton system doctor run. And don't mind the JNKCTI stuff, thats just the name of my dad's Network and company.
0
Comments
Home page hijacks/etc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
Browser hijacks and toolbars
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=litleozy.exe
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {FC983786-F4CD-469B-8F22-94A9B5D1FE3D} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - U:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Resource hogs
O4 - HKLM\..\Run: [QuickTime Task] U:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] U:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
spyware stuff
O4 - HKLM\..\Run: [P2P Networking] U:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
kazaa = lose! I guess you could keep it if you want
O4 - HKLM\..\Run: [KAZAA] S:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
Adware related
O4 - HKCU\..\Run: [WAPI] U:\WINNT\System32\wtssvcc.exe
Some consider DAP to be spyware, I think it's questionable. Up to you
O8 - Extra context menu item: &Download with &DAP - S:\PROGRAM\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - S:\PROGRAM\DAP\dapextie2.htm
Downloaded program files. The others look good. Not sure about the second, but if you need it, it'll be downloaded again when you go back to the site
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
Ahh, thanks man. Will get right on it and report with a new log.
Scan saved at 12:43:24 AM, on 6/15/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
U:\WINNT\System32\smss.exe
U:\WINNT\system32\winlogon.exe
U:\WINNT\system32\services.exe
U:\WINNT\system32\lsass.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\system32\spoolsv.exe
U:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
U:\WINNT\System32\svchost.exe
U:\Program Files\BANetDSL\Inverse IP Insight\ARMon32a.exe
u:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
U:\WINNT\system32\regsvc.exe
U:\WINNT\system32\MSTask.exe
D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
U:\WINNT\system32\stisvc.exe
U:\WINNT\system32\ZONELABS\vsmon.exe
U:\WINNT\System32\WBEM\WinMgmt.exe
d:\BANetDSL\WinPoET\WrOS.EXE
U:\WINNT\System32\mspmspsv.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\System32\inetsrv\inetinfo.exe
D:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
U:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
U:\WINNT\tppaldr.exe
F:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
U:\WINNT\system32\mobsync.exe
U:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
U:\PROGRA~1\mcafee.com\agent\mcagent.exe
u:\progra~1\mcafee.com\vso\mcvsescn.exe
U:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
U:\Program Files\VitalSigns\Net.Medic\Program\syshook.exe
U:\WINNT\system32\wuauclt.exe
U:\WINNT\explorer.exe
u:\PROGRA~1\mcafee.com\vso\mcshield.exe
U:\WINNT\system32\svchost.exe
U:\WINNT\explorer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://banet.nbci.com/?tt.banet.fd.0.fd"); (E:\Program Files\Netscape\Users\kwakj\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - U:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - u:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - U:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] d:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] U:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TPP Auto Loader] U:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Print Screen Deluxe] F:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe /m
O4 - HKLM\..\Run: [Zone Labs Client] U:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [VSOCheckTask] "u:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "u:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] u:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] U:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Propel Accelerator] "U:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKCU\..\Run: [Yahoo! Pager] E:\WINDOWS\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] S:\Program Files\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] F:\Valve\Condition Zero\Steam.exe -silent
O4 - HKCU\..\Run: [WAPI] U:\WINNT\System32\wtssvcc.exe
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Microsoft Office.lnk = Q:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net.Medic.lnk = U:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - U:\Program Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - U:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: U:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37457.1656481481
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: Domain = JNKCTI
O17 - HKLM\System\CCS\Services\Tcpip\..\{9994E43A-6CAC-4DCD-B4C1-BAEC2EAD8F39}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 204.74.114.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = jnkcti
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 204.74.114.93
Looking good to me :P
No more amazingautosearch and the darn liteozy.exe message stopped appearing. (Warning message of somesort that was telling me a file was missing.)
Thanks guys (erm.. Shwaip) :P
hey...I'm a guy too