943,972 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Hijack THis Log READ ASAP!
Ad:
Permalink
Sep 5th, 2005
0

Hijack THis Log READ ASAP!

Expand Post »
Logfile of HijackThis v1.99.0
Scan saved at 9:35:07 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Sm9zaHVh\command.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\qxiqvj\duvrmcq.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
C:\WINDOWS\system32\htpscmj\ioqkjchy.exe
C:\WINDOWS\system32\mrqj\nnxd.exe
C:\WINDOWS\system32\agrtpu.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\aim\aim.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Joshua\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ezwebsearching.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59451870-D63A-348A-EA32-4CCCAAF5D1B0} - C:\WINDOWS\system32\jotlsyel\hjcpnmyk.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Penny\My Documents\My Music\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\ghfsysi6.exe lee0105
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\system32\newexp
O4 - HKLM\..\Run: [Iexplorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [utxryr] C:\WINDOWS\system32\rtoubgt\utxryr.exe
O4 - HKLM\..\Run: [eewjmt] C:\WINDOWS\system32\ymgkyn\eewjmt.exe
O4 - HKLM\..\Run: [ylieuscr] C:\WINDOWS\system32\jabtgkiv\ylieuscr.exe
O4 - HKLM\..\Run: [hrrdnb] C:\WINDOWS\system32\tjkywbj\hrrdnb.exe
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [nkmg] C:\WINDOWS\system32\qeyt\nkmg.exe
O4 - HKLM\..\Run: [onpj] C:\WINDOWS\system32\plwbal\onpj.exe
O4 - HKLM\..\Run: [iohdlw] C:\WINDOWS\system32\gtbpid\iohdlw.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Joshua\LOCALS~1\Temp\qutk.exe
O4 - HKLM\..\Run: [WindowsAds] C:\DOCUME~1\Penny\LOCALS~1\Temp\AdNW.exe
O4 - HKLM\..\Run: [gyjcoy] C:\WINDOWS\system32\ftrfh\gyjcoy.exe
O4 - HKLM\..\Run: [duvrmcq] C:\WINDOWS\system32\qxiqvj\duvrmcq.exe
O4 - HKLM\..\Run: [wrnhdl] C:\WINDOWS\system32\qorjcr\wrnhdl.exe
O4 - HKLM\..\Run: [amphh] C:\WINDOWS\system32\slwbt\amphh.exe
O4 - HKLM\..\Run: [ioqkjchy] C:\WINDOWS\system32\htpscmj\ioqkjchy.exe
O4 - HKLM\..\Run: [arcycpi] C:\WINDOWS\system32\voagxaf\arcycpi.exe
O4 - HKLM\..\Run: [nnxd] C:\WINDOWS\system32\mrqj\nnxd.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\agrtpu.exe reg_run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AssignmentBerlinSetup.exe] C:\MYDOWN~1\ASSIGN~1.EXE /r
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [f0t3RPYmg] iesap.exe
O4 - HKCU\..\Run: [Min] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [SAFESAVE] C:\DOCUME~1\Joshua\APPLIC~1\ACEFLA~1\Warn gpl coal.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Global Startup: nupa.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\aim\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...71/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/Wi...nerInstall.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O19 - User stylesheet: (file missing)
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - blank (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service - Unknown - C:\WINDOWS\Sm9zaHVh\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: duvrmcqqxiqvj - Unknown - C:\WINDOWS\system32\qxiqvj\duvrmcq.exe
O23 - Service: greenstdsystem32 - Unknown - C:\WINDOWS\system32\greenstd.exe (file missing)
O23 - Service: hrrdnbtjkywbj - Unknown - C:\WINDOWS\system32\tjkywbj\hrrdnb.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: utxryrrtoubgt - Unknown - C:\WINDOWS\system32\rtoubgt\utxryr.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
idRATHERgoHUNT is offline Offline
23 posts
since Aug 2005
Permalink
Sep 5th, 2005
0

Re: Hijack THis Log READ ASAP!

idRATHERgoHUNT,

Please download, run, and post a log from the newset verision: HijackThis 1.99.1

J_
Reputation Points: 27
Solved Threads: 6
Posting Whiz in Training
J_Search is offline Offline
284 posts
since Aug 2005
Permalink
Sep 5th, 2005
0

Re: Hijack THis Log READ ASAP!

Hi IdRatherGoHunt, Welcome to DaniWeb

You have quite a few things to fix there. Please follow the suggestions and instructions in the links below to begin the cleanup process.

When you finish the last one -- Specific infections -- follow the instructions in post #14 and then post a new log please.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 5th, 2005
0

Re: Hijack THis Log READ ASAP!

alright i fixed it by using the thingy on winfixes website :cheesy:
Reputation Points: 10
Solved Threads: 0
Newbie Poster
idRATHERgoHUNT is offline Offline
23 posts
since Aug 2005

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: HELP! computer infected with Dialer.Dialplatform!!
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: sys_slow_internet_not_accessible_server_damn_slow





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC