Options
My Hijackthis log
Logfile of HijackThis v1.99.0
Scan saved at 5:22:35 PM, on 1/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
C:\documents and settings\wellcome's\local settings\temp\Z.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wcpsvcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WkmjJ60.exe
C:\WINDOWS\System32\Jot5gN9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wellcome's\Desktop\Amanda\programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Wellcome's\Local Settings\Temp\uKw.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [5PajeoO] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [2TSG@M434C@9@K] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [5PajeoO.exe] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [2z1du8W.exe] C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
O4 - HKLM\..\Run: [Z.exe] C:\documents and settings\wellcome's\local settings\temp\Z.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvcc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://infinity.n-case.com/captioncityreceiver/resources/nCaseInstaller.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
When I click on links to new pages, it always redirects me to some url starting with 'ads234.com', therefore failing to open my page. Any help would be greatly appreciated! I ran Ad-Aware, also.
Scan saved at 5:22:35 PM, on 1/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
C:\documents and settings\wellcome's\local settings\temp\Z.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wcpsvcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WkmjJ60.exe
C:\WINDOWS\System32\Jot5gN9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wellcome's\Desktop\Amanda\programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Wellcome's\Local Settings\Temp\uKw.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [5PajeoO] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [2TSG@M434C@9@K] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [5PajeoO.exe] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [2z1du8W.exe] C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
O4 - HKLM\..\Run: [Z.exe] C:\documents and settings\wellcome's\local settings\temp\Z.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvcc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://infinity.n-case.com/captioncityreceiver/resources/nCaseInstaller.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
When I click on links to new pages, it always redirects me to some url starting with 'ads234.com', therefore failing to open my page. Any help would be greatly appreciated! I ran Ad-Aware, also.
0
Comments
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Wellcome's\Local Settings\Temp\uKw.dll
O4 - HKLM\..\Run: [5PajeoO] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [2TSG@M434C@9@K] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKLM\..\Run: [5PajeoO.exe] C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [2z1du8W.exe] C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
O4 - HKLM\..\Run: [Z.exe] C:\documents and settings\wellcome's\local settings\temp\Z.exe
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvcc.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://infinity.n-case.com/captionc...seInstaller.cab
Fix those entries then find and delete the files listed above, reboot and post a new log.
Logfile of HijackThis v1.99.0
Scan saved at 7:48:35 PM, on 1/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\5PajeoO.exe
C:\documents and settings\wellcome's\local settings\temp\2z1du8W.exe
C:\documents and settings\wellcome's\local settings\temp\Z.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wcpsvcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WkmjJ60.exe
C:\WINDOWS\System32\Jot5gN9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wellcome's\Desktop\Amanda\programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2TSG@M434C@9@K] C:\WINDOWS\System32\Qxcn74j.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
Thank you!
Use those instructions to get rid of the Peper trojan, then reboot and post a new log.