Jump to content


Photo

Please check HiJackThis logfile


  • Please log in to reply
1 reply to this topic

#1 furhog

furhog

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 July 2004 - 08:46 PM

Logfile of HijackThis v1.98.0
Scan saved at 1:20:48 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\CLOSESHIM\metaaceinfo.exe
C:\WINDOWS\vjzekhm.exe
C:\WINDOWS\cnqu.exe
C:\WINDOWS\qdbxjd.exe
C:\WINDOWS\flwzly.exe
C:\WINDOWS\ptqrn.exe
C:\WINDOWS\qqzlrkh.exe
C:\WINDOWS\atxdktquw.exe
C:\WINDOWS\plrdiius.exe
C:\WINDOWS\tkhuwhlh.exe
C:\WINDOWS\hplcpuq.exe
C:\WINDOWS\uhspkpme.exe
C:\WINDOWS\System32\nggtzh.exe
C:\WINDOWS\nxhh.exe
C:\WINDOWS\qlimk.exe
C:\WINDOWS\epnp.exe
C:\WINDOWS\lxhmv.exe
C:\WINDOWS\lkiwfnzb.exe
C:\WINDOWS\ovpiunmwy.exe
C:\WINDOWS\bdkqspbw.exe
C:\WINDOWS\nblyr.exe
C:\WINDOWS\zhxe.exe
C:\WINDOWS\hdbnhu.exe
C:\WINDOWS\swcxwayw.exe
C:\WINDOWS\hqadyjfcb.exe
C:\WINDOWS\iinak.exe
C:\WINDOWS\vhjk.exe
C:\WINDOWS\kciqo.exe
C:\WINDOWS\pxyoihasv.exe
C:\WINDOWS\crwzh.exe
C:\WINDOWS\ukbi.exe
C:\WINDOWS\dvmz.exe
C:\WINDOWS\pedtiqan.exe
C:\WINDOWS\sqim.exe
C:\WINDOWS\aijarapv.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\lwgw.exe
C:\WINDOWS\fmubqbpkw.exe
C:\WINDOWS\uhth.exe
C:\WINDOWS\uvqdqdg.exe
C:\WINDOWS\flxvjyzen.exe
C:\WINDOWS\ilbexrxh.exe
C:\WINDOWS\flzobukye.exe
C:\WINDOWS\ntgzc.exe
C:\WINDOWS\sswqrsks.exe
C:\WINDOWS\vhnnir.exe
C:\WINDOWS\nlgonjazm.exe
C:\WINDOWS\twsk.exe
C:\WINDOWS\ghjkqdlvn.exe
C:\WINDOWS\euieere.exe
C:\WINDOWS\gxcsdc.exe
C:\WINDOWS\mtqs.exe
C:\WINDOWS\rogpdbjac.exe
C:\WINDOWS\gviahr.exe
C:\WINDOWS\jvkpc.exe
C:\WINDOWS\awaifglr.exe
C:\WINDOWS\ddpp.exe
C:\WINDOWS\xtcahlnkk.exe
C:\WINDOWS\kymbpfdsv.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\wskm.exe
C:\WINDOWS\swwim.exe
C:\WINDOWS\vkvufch.exe
C:\WINDOWS\yidqeo.exe
C:\WINDOWS\lbeu.exe
C:\WINDOWS\swwiohd.exe
C:\WINDOWS\mago.exe
C:\WINDOWS\maii.exe
C:\Program Files\RSNet\RSEDNClient.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alexandre PloyeEvans\Desktop\HiJack This Folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webproxy.ucsd.edu/proxy.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {57CD6D2E-0291-488F-B846-AF101B367DD5} - C:\WINDOWS\SYSTEM32\j1ghdw.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\7984321258\iefwbar.dll
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A0E4-EA6FA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrscuz2.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [DOES PHONE] C:\PROGRA~1\CLOSESHIM\metaaceinfo.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pxsxxt] C:\WINDOWS\vjzekhm.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [bormvtubl] C:\WINDOWS\cnqu.exe
O4 - HKLM\..\Run: [ptvlrtke] C:\WINDOWS\qdbxjd.exe
O4 - HKLM\..\Run: [bsyw] C:\WINDOWS\flwzly.exe
O4 - HKLM\..\Run: [grzp] C:\WINDOWS\ptqrn.exe
O4 - HKLM\..\Run: [mohze] C:\WINDOWS\qqzlrkh.exe
O4 - HKLM\..\Run: [gakc] C:\WINDOWS\atxdktquw.exe
O4 - HKLM\..\Run: [bicd] C:\WINDOWS\plrdiius.exe
O4 - HKLM\..\Run: [kwzykigl] C:\WINDOWS\tkhuwhlh.exe
O4 - HKLM\..\Run: [excbmp] C:\WINDOWS\hplcpuq.exe
O4 - HKLM\..\Run: [kufh] C:\WINDOWS\uhspkpme.exe
O4 - HKLM\..\Run: [mvxqwagipzti] C:\WINDOWS\System32\nggtzh.exe
O4 - HKLM\..\Run: [bwthcthcn] C:\WINDOWS\nxhh.exe
O4 - HKLM\..\Run: [dfyzsr] C:\WINDOWS\qlimk.exe
O4 - HKLM\..\Run: [wtcamyvke] C:\WINDOWS\epnp.exe
O4 - HKLM\..\Run: [uemg] C:\WINDOWS\lxhmv.exe
O4 - HKLM\..\Run: [gtzbw] C:\WINDOWS\lkiwfnzb.exe
O4 - HKLM\..\Run: [rmoc] C:\WINDOWS\ovpiunmwy.exe
O4 - HKLM\..\Run: [pzjqslyn] C:\WINDOWS\bdkqspbw.exe
O4 - HKLM\..\Run: [osab] C:\WINDOWS\nblyr.exe
O4 - HKLM\..\Run: [pbwr] C:\WINDOWS\zhxe.exe
O4 - HKLM\..\Run: [zxizsk] C:\WINDOWS\hdbnhu.exe
O4 - HKLM\..\Run: [zgjdpkazy] C:\WINDOWS\swcxwayw.exe
O4 - HKLM\..\Run: [mszrnt] C:\WINDOWS\hqadyjfcb.exe
O4 - HKLM\..\Run: [qdbeouvz] C:\WINDOWS\iinak.exe
O4 - HKLM\..\Run: [alrqwe] C:\WINDOWS\vhjk.exe
O4 - HKLM\..\Run: [sxsflf] C:\WINDOWS\kciqo.exe
O4 - HKLM\..\Run: [uyxy] C:\WINDOWS\pxyoihasv.exe
O4 - HKLM\..\Run: [fjcpoxh] C:\WINDOWS\crwzh.exe
O4 - HKLM\..\Run: [ouozvgs] C:\WINDOWS\ukbi.exe
O4 - HKLM\..\Run: [igbplcbkb] C:\WINDOWS\dvmz.exe
O4 - HKLM\..\Run: [ylws] C:\WINDOWS\pedtiqan.exe
O4 - HKLM\..\Run: [udozu] C:\WINDOWS\sqim.exe
O4 - HKLM\..\Run: [pdpqp] C:\WINDOWS\aijarapv.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vziqtpfz] C:\WINDOWS\lwgw.exe
O4 - HKLM\..\Run: [fgfg] C:\WINDOWS\fmubqbpkw.exe
O4 - HKLM\..\Run: [kwqyjlpb] C:\WINDOWS\uhth.exe
O4 - HKLM\..\Run: [ljzntsgew] C:\WINDOWS\uvqdqdg.exe
O4 - HKLM\..\Run: [fhcq] C:\WINDOWS\flxvjyzen.exe
O4 - HKLM\..\Run: [xrtihtwb] C:\WINDOWS\ilbexrxh.exe
O4 - HKLM\..\Run: [eiza] C:\WINDOWS\flzobukye.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [bgmlgkcya] C:\WINDOWS\ntgzc.exe
O4 - HKLM\..\Run: [nlhwafl] C:\WINDOWS\sswqrsks.exe
O4 - HKLM\..\Run: [dtzmbzoaw] C:\WINDOWS\vhnnir.exe
O4 - HKLM\..\Run: [paiu] C:\WINDOWS\nlgonjazm.exe
O4 - HKLM\..\Run: [dkxhtzz] C:\WINDOWS\twsk.exe
O4 - HKLM\..\Run: [coha] C:\WINDOWS\ghjkqdlvn.exe
O4 - HKLM\..\Run: [wfdeky] C:\WINDOWS\euieere.exe
O4 - HKLM\..\Run: [prbr] C:\WINDOWS\gxcsdc.exe
O4 - HKLM\..\Run: [dafzun] C:\WINDOWS\mtqs.exe
O4 - HKLM\..\Run: [xdtduvsh] C:\WINDOWS\rogpdbjac.exe
O4 - HKLM\..\Run: [yrbqo] C:\WINDOWS\gviahr.exe
O4 - HKLM\..\Run: [shexcyf] C:\WINDOWS\jvkpc.exe
O4 - HKLM\..\Run: [isqlnl] C:\WINDOWS\awaifglr.exe
O4 - HKLM\..\Run: [bicw] C:\WINDOWS\ddpp.exe
O4 - HKLM\..\Run: [koxncwz] C:\WINDOWS\xtcahlnkk.exe
O4 - HKLM\..\Run: [xelo] C:\WINDOWS\kymbpfdsv.exe
O4 - HKLM\..\Run: [oikbqrd] C:\WINDOWS\wskm.exe
O4 - HKLM\..\Run: [kjpshmg] C:\WINDOWS\swwim.exe
O4 - HKLM\..\Run: [pphv] C:\WINDOWS\vkvufch.exe
O4 - HKLM\..\Run: [tbmsjgfru] C:\WINDOWS\yidqeo.exe
O4 - HKLM\..\Run: [nhbktdjlw] C:\WINDOWS\lbeu.exe
O4 - HKLM\..\Run: [anymg] C:\WINDOWS\swwiohd.exe
O4 - HKLM\..\Run: [jsvbtck] C:\WINDOWS\mago.exe
O4 - HKLM\..\Run: [gcqstc] C:\WINDOWS\maii.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\RunOnce: [1karbr.exe] C:\WINDOWS\System32\1karbr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SPYNUKER] C:\Program Files\Trek Blue\Spyware Nuker\SPYNUKER.exe /STARTUP
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\RunOnce: [1karbr.exe] C:\WINDOWS\System32\1karbr.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\Alexandre PloyeEvans\Desktop\PicGrabber\PICGRABBER.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\Alexandre PloyeEvans\Desktop\PicGrabber\PICGRABBER.EXE (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/Ud3rT0n5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/i...etup1.0.0.5.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} - file://C:\WINDOWS\SYSTEM32\SearchBar\zpprf1sh.exe
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.learn2typ...el091/setup.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13....ex/HMAtchmt.ocx
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.reds...rsinstaller.cab

#2 pomp

pomp

    Forum Deity

  • Helper
  • PipPipPipPipPip
  • 1,163 posts

Posted 11 July 2004 - 09:26 PM

Hey.

Looks like you have a bunch of trojan files. Please run the free online scanner at www.trendmicro.com .. delete everything it finds. Do you best to get it to delete/clean the bad files it finds. When it's done, restart your computer and then post a new log. Thanks.




PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button