Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 06-03-2004, 03:18 PM   #1
Beta Member
Join Date: Jun 2004
Posts: 1
Default hijack this log... help :(

Hey guys. Ok my computer is running REALLY slow and I keep getting all these pop-ups and I had a huge problem with worms a few weeks ago but we thought we got them all. Apparently we didn't but I don't know what to do. Here's my hijack this log. Someone please help. Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 4:09:48 PM, on 6/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Kazaa Lite\kazaalite.kpp
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\DIRECWAY\BIN\dpcnav.exe
C:\Program Files\aim\aim.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Meghan Owens\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: desktop.kazaa.com
O1 - Hosts: alpha.kazaa.com
O1 - Hosts: shop.kazaa.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {D59D2FF2-5D65-FBE0-C563-D744607410C7} - C:\WINDOWS\System32\eosozcrv.dll
O2 - BHO: (no name) - {EE92D6D9-8CF7-BE52-9B4D-8357277CF86E} - C:\WINDOWS\System32\lotglxbr.dll
O2 - BHO: (no name) - {F6D7E87E-F01D-7ABA-B676-96E079B470AC} - C:\WINDOWS\System32\bnmnwkrz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0 .dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\KaZaA Lite\kpp.exe" "C:\Program Files\Kazaa Lite\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [yfeveokl] C:\WINDOWS\xxockmfn.exe
O4 - HKLM\..\Run: [bplxhafc] C:\WINDOWS\dggfthqf.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [update.exe] C:\WINDOWS\System32\update.exe
O4 - HKLM\..\Run: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKLM\..\Run: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKLM\..\Run: [lmp] C:\WINDOWS\lmp.exe
O4 - HKLM\..\RunServices: [update.exe] C:\WINDOWS\System32\update.exe
O4 - HKLM\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKCU\..\RunServices: [update.exe] C:\WINDOWS\System32\update.exe
O4 - HKCU\..\RunServices: [nowupdate.exe] C:\WINDOWS\System32\nowupdate.exe
O4 - HKCU\..\RunServices: [rundl.exe] C:\WINDOWS\System32\rundl.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MEGHAN~1\LOCALS~1\Temp\DELDIR0.EX E" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Meghan Owens\Application Data\DownloadPlus.exe
O4 - Startup: Shortcut to dpcnav.lnk = C:\Program Files\DIRECWAY\BIN\dpcnav.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.6520833333
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...of5_3_12_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E513631-D50B-4E87-9F53-0ADA5821D9B7}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E513631-D50B-4E87-9F53-0ADA5821D9B7}: NameServer =
megster257 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 07:09 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0