Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 1814

Page 1
2
Next

You are currently viewing page 1 of this multi-page discussion thread

Apr 3rd, 2008

HJT log

Expand Post »

My friend has been expierencing some small problems on his computer, you guys have been extermely helpful in the past and if someone could help me claen up this HJT log that would be great! Thank you in advance!

C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\brvrav32.exe
O4 - HKLM\..\Run: [7090a8c9] rundll32.exe "C:\WINDOWS\system32\scurhsrb.dll",b
O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\mgybmtfn.dll",s
O4 - HKLM\..\RunServices: [SystemTools32] C:\WINDOWS\system32\inet.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\brvrav32.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\WINDOWS\system32\brvrav32.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7269 bytes

Similar Threads

my HJT log, 2 of them for 2 comp in Viruses, Spyware and other Nasties
help i've got a HJT log! in Viruses, Spyware and other Nasties
another hjt log for jkl in Viruses, Spyware and other Nasties
please review hjt log in Viruses, Spyware and other Nasties
can somebody pls. help me out with my HJT log.. in Viruses, Spyware and other Nasties

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Apr 4th, 2008

Re: HJT log

You have posted enough logs to know that that one is incomplete. Please post the complete log.
Also, you have a history here of not seeing your threads out to the end. http://www.daniweb.com/forums/search2764611.html If you want help, then you must follow through and not waste all our helpers time.

============

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

==

Post your SDFix within code tags please.

Last edited by crunchie; Apr 4th, 2008 at 7:09 am.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Apr 8th, 2008

Re: HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:12 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:..WINDOWS..System32..smss.exe
C:..WINDOWS..system32..winlogon.exe
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..System32..svchost.exe
C:..WINDOWS..system32..svchost.exe
C:..Program Files..Common Files..iS3..Anti-Spyware..SZServer.exe
C:..WINDOWS..Explorer.EXE
C:..WINDOWS..system32..spoolsv.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..Program Files..Bonjour..mDNSResponder.exe
C:..Program Files..Common Files..New Boundary..PrismXL..PRISMXL.SYS
C:..WINDOWS..system32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WLService.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WUSB54Gv2.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..STOPzilla!..STOPzilla.exe
C:..Program Files..Digital Media Reader..shwiconem.exe
C:..WINDOWS..system32..spool..drivers..w32x86..3..hpztsb09.e
xe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe
C:..Program Files..BroadJump..Client Foundation..CFD.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..InfoMyCa.exe
C:..Program Files..Java..jre1.5.0_03..bin..jucheck.exe
C:..Program Files..Uniblue..RegistryBooster 2..RegistryBooster.exe
C:..Program Files..Mozilla Firefox..firefox.exe
C:..Documents and Settings..Owner..Desktop..HijackThis.exe

R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www. myspace. com/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go. microsoft. com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go. microsoft. com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Bar = http://red. clientapps. yahoo. com/customize/ie/defaults/sb/sbcydsl. r{}*http://yahoo. sbc. com/dsl
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Local Page = C:..WINDOWS..about.htm
R1 - HKCU..Software..Microsoft..Windows..CurrentVersion..Internet
Settings,ProxyOverride = 127. 0. 0. 1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:..Program Files..STOPzilla!..SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:..Program Files..STOPzilla!..SZSG.dll
O4 - HKLM......Run: [SunKistEM] C:..Program Files..Digital Media Reader..shwiconem.exe
O4 - HKLM......Run: [HPDJ Taskbar Utility] C:..WINDOWS..system32..spool..drivers..w32x86..3..hpztsb09.e
xe
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKLM......Run: [SunJavaUpdateSched] C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe
O4 - HKLM......Run: [BJCFD] C:..Program Files..BroadJump..Client Foundation..CFD.exe
O4 - HKLM......Run: [WUSB54Gv2] C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..InvokeSvc3.exe
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [BM73a39b55] Rundll32.exe "C:..WINDOWS..system32..euotbymp.dll",s
O4 - HKCU......Run: [Uniblue RegistryBooster 2] C:..Program Files..Uniblue..RegistryBooster 2..RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:..PROGRA~1..MICROS~4..OFFICE11..EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..WINDOWS..system32..msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..WINDOWS..system32..msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:..PROGRA~1..MICROS~4..OFFICE11..REFIEBAR.DLL
O9 - Extra button: Real. com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:..WINDOWS..system32..Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go. microsoft. com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads. myspace. com/upload/MySpaceUploader1006. cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www. sibelius. com/download/software/win/ActiveXPlugin. cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn. digitalcity. com/radio/ampx/ampx2. 6. 1. 11_en_dl. cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl. stream. aol. com/downloads/aol/unagi/ampx_en_dl. cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:..WINDOWS..system32..buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762&#0
35;# (Bonjour Service) - Apple Computer, Inc. - C:..Program Files..Bonjour..mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:..Program Files..Common Files..Macrovision Shared..FLEXnet Publisher..FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:..Program Files..Intel..NCS..Sync..NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:..Program Files..Common Files..New Boundary..PrismXL..PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:..Program Files..Common Files..iS3..Anti-Spyware..SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WLService.exe

--
End of file - 6657 bytes

(Toggle Plain Text)

SDFix: Version 1.167 
Run by Owner on Tue 04/08/2008 at 06:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix

Checking Services :

Name:
mqzprwe

Path:
..??..C:..WINDOWS..mqzprwe.log 

mqzprwe - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service 

Rebooting


Checking Files : 

Trojan Files Found:

C:..WINDOWS..SYSTEM32..CP.EXE - Deleted
C:..188852~1 - Deleted
C:..ILRIUPF.EXE - Deleted
C:..d.exe - Deleted
C:..WINDOWS..browser.exe - Deleted
C:..WINDOWS..system32..brvrav32.exe - Deleted
C:..WINDOWS..system32..web.dat - Deleted
C:..WINDOWS..mqzprwe.log - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www. gmer. net
Rootkit scan 2008-04-08 19:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E965-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E967-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E968-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E969-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E96A-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E97B-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E980-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..Services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..ControlSet004..services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..CurrentControlSet..services..MR
xDAV..EncryptedDirectories]
@=""

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..standardprofile..authorizedapp
lications..list]
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:....Program Files....Bonjour....mDNSResponder.exe"="C:....Program Files....Bonjour....mDNSResponder.exe:*:Enabled:Bonjour"
"C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....HLSW....hlsw.exe"="C:....Program Files....HLSW....hlsw.exe:*:Enabled:hlsw"
"C:....Program Files....mIRC....mirc.exe"="C:....Program Files....mIRC....mirc.exe:*:Enabled:mIRC"
"C:....Program Files....LimeWire....LimeWire.exe"="C:....Program Files....LimeWire....LimeWire.exe:*:Enabled:LimeWire"
"C:....Program Files....AIM6....aim6.exe"="C:....Program Files....AIM6....aim6.exe:*:Enabled:AIM"
"C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe"="C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Pando Networks....Pando....pando.exe"="C:....Program Files....Pando Networks....Pando....pando.exe:*:Enabled:Pando Application"
"C:....Program Files....Warcraft III Demo....War3Demo.exe"="C:....Program Files....Warcraft III Demo....War3Demo.exe:*:Enabled:Warcraft III Demo"
"C:....Program Files....Warcraft III....Warcraft III.exe"="C:....Program Files....Warcraft III....Warcraft III.exe:*:Enabled:Warcraft III"
"C:....Program Files....uTorrent....uTorrent.exe"="C:....Program Files....uTorrent....uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..domainprofile..authorizedappli
cations..list]
"C:....Program Files....MSN Messenger....msnmsgr.exe"="C:....Program Files....MSN Messenger....msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:....Program Files....MSN Messenger....livecall.exe"="C:....Program Files....MSN Messenger....livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix..backu
ps..backups.zip

Files with Hidden Attributes :

Thu 28 Apr 2005 442,942 ..SH. --- "C:..WINDOWS..system..tenipxe.tmp"
Wed 27 Apr 2005 60,619 ..SH. --- "C:..WINDOWS..system..tenipxe.bak1"
Fri 29 Apr 2005 442,795 ..SH. --- "C:..WINDOWS..system..tenipxe.bak2"
Sat 4 Jun 2005 56 A.SHR --- "C:..WINDOWS..system32..1C86978378.sys"
Wed 4 Jul 2007 1,851,383 ..SH. --- "C:..WINDOWS..system32..nnnmp.bak1"
Fri 11 Nov 2005 352,372 A. SH. --- "C:..WINDOWS..system32..oqtwa.tmp"
Wed 30 Nov 2005 422,746 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak1"
Tue 29 Nov 2005 411,930 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak2"
Thu 27 Oct 2005 159,927 A. SH. --- "C:..WINDOWS..system32..vycdd.tmp"
Sun 23 Oct 2005 141,320 A. SH. --- "C:..WINDOWS..system32..vycdd.bak1"
Fri 28 Oct 2005 162,642 A. SH. --- "C:..WINDOWS..system32..vycdd.bak2"
Wed 31 Aug 2005 179,187 A. SH. --- "C:..WINDOWS..Web..ksidnib.tmp"
Sun 9 Oct 2005 339,283 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak1"
Wed 12 Oct 2005 354,419 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak2"
Sun 22 May 2005 4,348 A. SH. --- "C:..Documents and Settings..All Users..DRM..DRMv1.bak"
Sun 13 Jan 2008 0 A. SH. --- "C:..Documents and Settings..All Users..DRM..Cache..Indiv02.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:..Documents and Settings..Owner..Application Data..U3..temp..Launchpad Removal.exe"

Finished!

SDFix: Version 1.167 
Run by Owner on Tue 04/08/2008 at 06:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix

Checking Services :

Name:
mqzprwe

Path:
..??..C:..WINDOWS..mqzprwe.log 

mqzprwe - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service 

Rebooting


Checking Files : 

Trojan Files Found:

C:..WINDOWS..SYSTEM32..CP.EXE - Deleted
C:..188852~1 - Deleted
C:..ILRIUPF.EXE - Deleted
C:..d.exe - Deleted
C:..WINDOWS..browser.exe - Deleted
C:..WINDOWS..system32..brvrav32.exe - Deleted
C:..WINDOWS..system32..web.dat - Deleted
C:..WINDOWS..mqzprwe.log - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www. gmer. net
Rootkit scan 2008-04-08 19:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E965-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E967-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E968-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E969-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E96A-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E97B-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E980-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..Services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..ControlSet004..services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..CurrentControlSet..services..MR
xDAV..EncryptedDirectories]
@=""

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..standardprofile..authorizedapp
lications..list]
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:....Program Files....Bonjour....mDNSResponder.exe"="C:....Program Files....Bonjour....mDNSResponder.exe:*:Enabled:Bonjour"
"C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....HLSW....hlsw.exe"="C:....Program Files....HLSW....hlsw.exe:*:Enabled:hlsw"
"C:....Program Files....mIRC....mirc.exe"="C:....Program Files....mIRC....mirc.exe:*:Enabled:mIRC"
"C:....Program Files....LimeWire....LimeWire.exe"="C:....Program Files....LimeWire....LimeWire.exe:*:Enabled:LimeWire"
"C:....Program Files....AIM6....aim6.exe"="C:....Program Files....AIM6....aim6.exe:*:Enabled:AIM"
"C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe"="C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Pando Networks....Pando....pando.exe"="C:....Program Files....Pando Networks....Pando....pando.exe:*:Enabled:Pando Application"
"C:....Program Files....Warcraft III Demo....War3Demo.exe"="C:....Program Files....Warcraft III Demo....War3Demo.exe:*:Enabled:Warcraft III Demo"
"C:....Program Files....Warcraft III....Warcraft III.exe"="C:....Program Files....Warcraft III....Warcraft III.exe:*:Enabled:Warcraft III"
"C:....Program Files....uTorrent....uTorrent.exe"="C:....Program Files....uTorrent....uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..domainprofile..authorizedappli
cations..list]
"C:....Program Files....MSN Messenger....msnmsgr.exe"="C:....Program Files....MSN Messenger....msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:....Program Files....MSN Messenger....livecall.exe"="C:....Program Files....MSN Messenger....livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix..backu
ps..backups.zip

Files with Hidden Attributes :

Thu 28 Apr 2005 442,942 ..SH. --- "C:..WINDOWS..system..tenipxe.tmp"
Wed 27 Apr 2005 60,619 ..SH. --- "C:..WINDOWS..system..tenipxe.bak1"
Fri 29 Apr 2005 442,795 ..SH. --- "C:..WINDOWS..system..tenipxe.bak2"
Sat 4 Jun 2005 56 A.SHR --- "C:..WINDOWS..system32..1C86978378.sys"
Wed 4 Jul 2007 1,851,383 ..SH. --- "C:..WINDOWS..system32..nnnmp.bak1"
Fri 11 Nov 2005 352,372 A. SH. --- "C:..WINDOWS..system32..oqtwa.tmp"
Wed 30 Nov 2005 422,746 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak1"
Tue 29 Nov 2005 411,930 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak2"
Thu 27 Oct 2005 159,927 A. SH. --- "C:..WINDOWS..system32..vycdd.tmp"
Sun 23 Oct 2005 141,320 A. SH. --- "C:..WINDOWS..system32..vycdd.bak1"
Fri 28 Oct 2005 162,642 A. SH. --- "C:..WINDOWS..system32..vycdd.bak2"
Wed 31 Aug 2005 179,187 A. SH. --- "C:..WINDOWS..Web..ksidnib.tmp"
Sun 9 Oct 2005 339,283 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak1"
Wed 12 Oct 2005 354,419 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak2"
Sun 22 May 2005 4,348 A. SH. --- "C:..Documents and Settings..All Users..DRM..DRMv1.bak"
Sun 13 Jan 2008 0 A. SH. --- "C:..Documents and Settings..All Users..DRM..Cache..Indiv02.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:..Documents and Settings..Owner..Application Data..U3..temp..Launchpad Removal.exe"

Finished!

Last edited by ownedswax; Apr 8th, 2008 at 9:17 pm.

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Apr 9th, 2008

Re: HJT log

Tell me something. Why is it that your hijackthis logs always look different to every one else's?
Take a look at your first post, then your second and spot the difference. Who is doing all that pointless editing of the log? All it means is that now you will have to wait until you have posted a log in the correct format.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Apr 9th, 2008

Re: HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:56 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\euotbymp.dll",s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6778 bytes

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Apr 9th, 2008

Re: HJT log

Much better.

Can you please do the following.

===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\euotbymp.dll",s

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

files...

C:\WINDOWS\system32\euotbymp.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Apr 9th, 2008

Re: HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:10 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5980 bytes

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Apr 9th, 2008

Re: HJT log

sorry for the double post, the computer is running much faster. He said surfing the internet is very much faster and online games are running at higher FPS.

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Apr 13th, 2008

Re: HJT log

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

Quote ...

@echo off
sc stop fqllbfjmzuak
sc delete fqllbfjmzuak

Restart your PC. Post another log please.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Apr 15th, 2008

Re: HJT log

Are you still there?

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Page 1
2
Next

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Can't get rid of virus! Help please!!!

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: I keep getting application error messages

DaniWeb Message

Cancel Changes

User Name
Password