Options
Home search assisant help
hello and thanks for reading..
i ran adaware and spybot before running hjt.
this is the log i got:
Logfile of HijackThis v1.99.0
Scan saved at 22:58:48, on 23/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ieoj.exe
C:\WINDOWS\system32\ntpt.exe
C:\WINDOWS\System32\conime.exe
C:\hijack\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\kmvmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [73.tmp] C:\DOCUME~1\koh\LOCALS~1\Temp\73.tmp.exe 0 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvxy32.exe
O4 - HKLM\..\Run: [ntpt.exe] C:\WINDOWS\system32\ntpt.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKLM\..\RunOnce: [ieoj.exe] C:\WINDOWS\system32\ieoj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0798656faab389898d03/netzip/RdxIE601.cab
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\netbs.exe (file missing)
and the link to downloading about:buster is somehow broken...
i ran hjt again on step 7 and the log was the same.
help appreciated. thank you!
i ran adaware and spybot before running hjt.
this is the log i got:
Logfile of HijackThis v1.99.0
Scan saved at 22:58:48, on 23/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ieoj.exe
C:\WINDOWS\system32\ntpt.exe
C:\WINDOWS\System32\conime.exe
C:\hijack\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\kmvmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [73.tmp] C:\DOCUME~1\koh\LOCALS~1\Temp\73.tmp.exe 0 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvxy32.exe
O4 - HKLM\..\Run: [ntpt.exe] C:\WINDOWS\system32\ntpt.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKLM\..\RunOnce: [ieoj.exe] C:\WINDOWS\system32\ieoj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0798656faab389898d03/netzip/RdxIE601.cab
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\netbs.exe (file missing)
and the link to downloading about:buster is somehow broken...
i ran hjt again on step 7 and the log was the same.
help appreciated. thank you!
0
Comments
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\kmvmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [73.tmp] C:\DOCUME~1\koh\LOCALS~1\Temp\73.tmp.exe 0 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvxy32.exe
O4 - HKLM\..\Run: [ntpt.exe] C:\WINDOWS\system32\ntpt.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
O4 - HKLM\..\RunOnce: [ieoj.exe] C:\WINDOWS\system32\ieoj.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0798656...ip/RdxIE601.cab
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\netbs.exe (file missing)
Fix those entries then find and delete the files listed above, reboot and post a new log.
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\kmvmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [73.tmp] C:\DOCUME~1\koh\LOCALS~1\Temp\73.tmp.exe 0 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvxy32.exe
O4 - HKLM\..\RunServices: [Intrenat] C:\WINDOWS\intrenat.exe
while i cant find these files:
O4 - HKLM\..\Run: [ntpt.exe] C:\WINDOWS\system32\ntpt.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\netbs.exe (file missing)
and i cant delete this file:
O4 - HKLM\..\RunOnce: [ieoj.exe] C:\WINDOWS\system32\ieoj.exe
when i try to delete there is a message saying: (Cannot delete ieoj:Access is denied. Make sure the disk is not full or write-protected and the file is currently not in use.)
i was not opening anything except the folder when i tried to delete it.
thank you..