Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wudstock's HJT log


  • Please log in to reply
2 replies to this topic

#1 Wudstock

Wudstock

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 26 July 2007 - 11:38 PM

Mod Edit: This log was split, from this thread:
I Get A Dls0524pmw.exe Error & More Problem

I did dowload HIJack.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:57 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ECURIT~1\rundll.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\owner\My Documents\??mbols\j?vaw.exe
C:\WINDOWS\explorer.exe
c:\1A7.tmp
c:\1AE.tmp
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [{D8-8B-BC-CA-ZN}] C:\windows\system32\modsregm.exe SKY009
O4 - HKLM\..\Run: [clcl14] C:\WINDOWS\system32\clcl14.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F516CAC59B6
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\asfmonif.dll",forkonce
O4 - HKLM\..\Run: [epzjufvA] C:\WINDOWS\epzjufvA.exe
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKCU\..\Run: [Toaa] "C:\PROGRA~1\ECURIT~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [Yxkkm] "C:\Program Files\Common Files\M?crosoft.NET\u?erinit.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Pdsgghj] "C:\Documents and Settings\owner\My Documents\??mbols\j?vaw.exe"
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kzceexbnnjx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\prohdyzeprok.html

--
End of file - 5325 bytes

Edited by tg1911, 27 July 2007 - 12:16 AM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 27 July 2007 - 04:40 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Wudstock :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

-----------------------------------------

Download LSPFix from:
http://www.bleepingcomputer.com/files/spyware/lspfix.zip
Once LSP-Fix is downloaded, extract it to your desktop.
Close all windows on your computer.
Launch/start lspfix.
Put a checkmark in the 'I know what I'm doing' checkbox.
Now move any instances of "c:\windows\system32\kzceexbnnjx.dll" into the remove box using the >> button.
Press the finish button.
Then restart your pc.

-----------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Wudstock

Wudstock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 27 July 2007 - 05:53 AM

alright....i'm going to do now.

right now i download AVG7 Free Edition Antivirus:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users