Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt-azz


  • Please log in to reply
3 replies to this topic

#1 azz

azz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 03 February 2005 - 05:38 PM

Logfile of HijackThis v1.99.0
Scan saved at 5:23:33 PM, on 2/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\msupd4.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\6uggio72\6uggio72.exe
C:\windows\system32\jtinhua.exe
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\msnfts.exe
C:\windows\system32\packager.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\mqocz2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\aujee\Desktop\programs\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {426E5732-057F-474E-B2A5-5E9D4BB8484D} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {686F7C45-2335-4E9A-807C-D98C3B0FED72} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: SDWin32 Class - {750AC625-18DE-4E31-BABC-82A69915FD24} - C:\WINDOWS\System32\vrnuw.dll
O2 - BHO: SDWin32 Class - {75A2F84B-A7CD-408F-83AD-B310680ACD61} - C:\WINDOWS\System32\qqgto.dll
O2 - BHO: (no name) - {90A04E3F-BC94-4214-BBB0-F8533F35F894} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: (no name) - {AB9FE2A6-A798-95E6-C0A0-6EE2A77F26FA} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
O2 - BHO: (no name) - {E2D09CB0-45C5-4322-961D-0259B164D87B} - C:\Program Files\6uggio72\6uggio72.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [6uggio72] C:\Program Files\6uggio72\6uggio72.exe
O4 - HKLM\..\Run: [jtinhua] c:\windows\system32\jtinhua.exe
O4 - HKLM\..\Run: [vrnuwc] C:\WINDOWS\System32\vrnuwc.exe
O4 - HKLM\..\Run: [qqgtoc] C:\WINDOWS\System32\qqgtoc.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [0stk3mi] msnfts.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [udin] C:\WINDOWS\udin.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HB2qRgGpT] mqocz2.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\aujee\Application Data\DownloadPlus.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15ab7709034c0e292a05/...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...315/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN<a onMouseOver="window.status='' ; return true;" onMouseOut="window.status='';" oncontextmenu="window.status=''; return true;" onclick="location.href='http://www.enhancemysearch.com/admin/results.php?q=Chat&id=25';return false;" href="" TITLE="More Info..."><a onMouseOver="window.status='' ; return true;" onMouseOut="window.status='';" oncontextmenu="window.status=''; return true;" onclick="location.href='http://www.enhancemysearch.com/admin/results.php?q=Chat&id=25';return false;" href="" TITLE="More Info..."> Chat </a></a>Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi
I think my computer has a virus. I have basic knowledge of computers..I run ad-aware and mcafee about every week (my mcafee subscription expired a couple of weeks ago..so it hasnt been updated..) Last night, i started getting a series of popup adds..10 to 15 rapidly, my homepage was changed, and everytime i tried to do a search on google, another "my search" page would pop up and close the google window. If i try to acess any other webpage..it just freezes up or goes to another webpg..My computer is freezing up often also. Also, icons off my desktop are dissappear and then come back...I ran adaware and removed 300+ files, etc and ran spybot and removed 68 problems as well as mcafee. Since i do check regularly...these numbers are way more than usual...I dont know what to do! My friend referred me to this site and the program hijackthis. I'd appreciate any advice given!
Oh yeah, there were some problems/files that spybot could not remove..
THanks

Edited by azz, 03 February 2005 - 05:45 PM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 PM

Posted 04 February 2005 - 01:02 AM

Hello azz,

Let's start by running some scans and seeing what they come up with. They should take out some of the malware.

***************************************************

You did not say which versions of Adaware and Spybot you are running. If you are not using Spybot 1.3 and Adaware SE, then download, update and run (one at a time of course!)
Spybot 1.3 and Adaware SE

Fix whatever they suggest.

***************************************************

If you need help running these tools, here are some helpful tutorials.
Spybot 1.3 Tutorial
Adaware SE Tutorial


***************************************************

Be sure to run Adaware SE with a Full Scan in the Safe Mode.

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.



The following explains how to set Ad-aware's settings to perform a "Full Scan."

In Ad-aware click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:
Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected

Under the Advanced button, check ALL under Log detail level.

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile

In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion

Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom.



***************************************************


Please download, update and run the free A2 (A squared) anti-trojan

Let it fix whatever it wants to.

***************************************************


I know you may have anti-virus software, but sometimes its definitions are corrupted due to malware. Online scans are the best resort in this case.
Run this pc through the Panda Scan Online virus scanner
or Trend Micro Housecall Online virus scanner

Let me know the names and locations of the virus they cannot delete or quarentine

***************************************************

Next, reboot and post a fresh HijackThis log to this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 azz

azz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 05 February 2005 - 03:35 PM

Hi
I have spybot 1.3 and ran it. There were some files it could not clean. Some windows keep popping up from spybot S&D stating that it has detected an important registry that has been changed..and it asks me to allow or deny the change...but i cannot click on the deny button. The link that you gave me for adaware SE wasnt working..it was sending me to some other page but I downloaded it from download.com and ran it. I ran A2 but it kept freezing up after it found some files..A window would pop up saing that it encountered some problems and it had to close the program. I tried 4 times and this happened each time as soon it found some infected files. When I tried to run Panda scan it did the same thing. I ran Trend Micro Housecall and it found 6 infected files, 4 of which i cleaned and/or deleted. The scan result for the remaining two was "Can not access." They are:
Troj Agent.AAB C:\WINDOWS\system32\tinhua...
Troj ISTBAR.HE C:\WINDOWS\system32\kcxme...

Oh yeah, other thinngs i noticed are : that when I go to webpages, random words will be hyperlinked, theres an extra search toolbar, and pages like webct (stuff used for classroom) do not load.
Below is the log from hijack this.

Thank you so much SifuMike!! Sorry for my lack of techinical terms/proper description...Im not that familiar with computer lingo..
Azz

Logfile of HijackThis v1.99.0
Scan saved at 3:32:24 PM, on 2/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\6uggio72\6uggio72.exe
C:\windows\system32\jtinhua.exe
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\windows\system32\packager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {14397FB1-7E10-4BF6-903E-E45A46361EC2} - C:\WINDOWS\System32\vrnuw.dll
O2 - BHO: (no name) - {426E5732-057F-474E-B2A5-5E9D4BB8484D} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53FA0820-E21C-4F9B-9E4F-233F8FD6A98E} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: (no name) - {686F7C45-2335-4E9A-807C-D98C3B0FED72} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: SDWin32 Class - {75A2F84B-A7CD-408F-83AD-B310680ACD61} - C:\WINDOWS\System32\qqgto.dll
O2 - BHO: (no name) - {90A04E3F-BC94-4214-BBB0-F8533F35F894} - C:\Program Files\6uggio72\6uggio72.dll
O2 - BHO: (no name) - {E2D09CB0-45C5-4322-961D-0259B164D87B} - C:\Program Files\6uggio72\6uggio72.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [6uggio72] C:\Program Files\6uggio72\6uggio72.exe
O4 - HKLM\..\Run: [jtinhua] c:\windows\system32\jtinhua.exe
O4 - HKLM\..\Run: [vrnuwc] C:\WINDOWS\System32\vrnuwc.exe
O4 - HKLM\..\Run: [qqgtoc] C:\WINDOWS\System32\qqgtoc.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [udin] C:\WINDOWS\udin.exe
O4 - HKLM\..\Run: [0stk3mi] mdthupnp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HB2qRgGpT] mcdmontr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\aujee\Application Data\DownloadPlus.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15ab7709034c0e292a05/...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...315/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN<a onMouseOver="window.status='' ; return true;" onMouseOut="window.status='';" oncontextmenu="window.status=''; return true;" onclick="location.href='http://www.enhancemysearch.com/admin/results.php?q=Chat&id=25';return false;" href="" TITLE="More Info..."> Chat </a>Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 PM

Posted 05 February 2005 - 04:28 PM

Hello azz,

Are you running an anti-virus program? It looks like some viruses are on your system. You can download AVG (free)
at http://www.grisoft.com/us/us_dwnl_free.php

You have some suspicious file we need to check. Go to
Jotti's malware scan press the Browse button, and find put in the following files, then upload and scan it. Let me know the results. Copy and paste the output of each scan to this thead

C:\Program Files\6uggio72\6uggio72.exe
C:\windows\system32\jtinhua.exe
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\windows\system32\packager.exe
C:\WINDOWS\System32\qqgto.dll
C:\WINDOWS\udin.exe

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users