Jump to content


Photo

Hijack Log -- Please Help!!


  • Please log in to reply
1 reply to this topic

#1 chrisborgia

chrisborgia

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 07 July 2004 - 02:27 PM

Thank you for helping!
- Chris


Logfile of HijackThis v1.97.7
Scan saved at 12:00:39 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Dell\EUSW\Support.exe
C:\PROGRA~1\Real\REALPL~1\RealPlay.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\DOCUME~1\CHRISB~1\LOCALS~1\temp\1TWF6R~1.EXE
C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE
C:\DOCUME~1\CHRISB~1\LOCALS~1\temp\1TWF6R~1.EXE
C:\WINDOWS\System32\kdlfrm.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\DOCUME~1\CHRISB~1\APPLIC~1\ttuh.exe
C:\PROGRA~1\MPROCE~1\MPROCE~1.EXE
C:\WINDOWS\System32\wkkwt.exe
C:\PROGRA~1\BHODEM~1.0\BHODemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\amnenk.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Borgia\My Documents\Chris\hjtlog.exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://education.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30F04009-E232-0AC4-8751-6D550BA02F19} - C:\WINDOWS\SYSTEM32\bkv.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll (disabled by BHODemon)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [1TWf6rqJM] C:\documents and settings\chris borgia\local settings\temp\1TWf6rqJM.exe
O4 - HKLM\..\Run: [1TWF6R~1] C:\DOCUME~1\CHRISB~1\LOCALS~1\temp\1TWF6R~1.EXE
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Jufta7y.exe
O4 - HKLM\..\Run: [fehajievvd] C:\WINDOWS\System32\kdlfrm.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [xsFO34S] bsekui.exe
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [gBwERQenQ] CAMBCO~1.EXE
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Chris Borgia\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Axnsh] C:\WINDOWS\System32\wkkwt.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.skoobidoo.com

#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 07 July 2004 - 08:09 PM

Hi there chrisborgia,


First, run this Peper trojan uninstaller,
Download it Here Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one entry to be cleaned up with Hijack this.


Next,


Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button