Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HighjackThis Log: Please help Diagnose


  • Please log in to reply
1 reply to this topic

#1 danadzadony

danadzadony

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 February 2005 - 04:52 PM

Logfile of HijackThis v1.99.0
Scan saved at 4:12:32 PM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\dana\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.a....1.5&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dana\Application Data\Mozilla\Profiles\default\jsizl178.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {1A8174A7-2C20-9413-5044-14D764ADF31F} - C:\WINDOWS\System32\sjeleent\seetggqr.dll
O2 - BHO: (no name) - {31FF3071-E143-25EA-8604-66550AF4794E} - (no file)
O2 - BHO: (no name) - {4B68A18B-7DF0-951B-EAEA-EA1497EE3E12} - C:\WINDOWS\System32\eahdcaga\gkjvnrlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: ServerSide - {7FC56022-4EDA-472E-8830-7CA92CCBD025} - C:\Program Files\NetMeeting\SS\ServerSide.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: KGhost - {968BC8A3-7660-4B12-B2BF-3334775835E1} - C:\Program Files\NetMeeting\KG\KGhost.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {AB561F65-8DF4-D055-D41C-8D1D85171893} - C:\WINDOWS\System32\ielvi.dll
O2 - BHO: (no name) - {AEF38DC0-89D6-BD86-A7B4-EFD5525C297C} - C:\WINDOWS\mfthedktrx.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\dana\Local Settings\Temp\WgbJ15ld.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\System32\LzioMediaUpdater.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\pfbbprf.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QBRSR] C:\WINDOWS\QuickBrowser.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [rvzkpju] C:\WINDOWS\System32\amjqpp.exe
O4 - HKLM\..\Run: [djizg] C:\WINDOWS\System32\aeme.exe
O4 - HKLM\..\Run: [nofg] C:\WINDOWS\System32\kjwuny.exe
O4 - HKLM\..\Run: [rhqwggd] C:\WINDOWS\System32\ryamiwe.exe
O4 - HKLM\..\Run: [ahdvqlv] C:\WINDOWS\System32\uyqhu.exe
O4 - HKLM\..\Run: [diqf] C:\WINDOWS\System32\eadsvwki.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ckowy] C:\WINDOWS\System32\oaavrp.exe
O4 - HKLM\..\Run: [ehqb] C:\WINDOWS\System32\ixtglagx.exe
O4 - HKLM\..\Run: [bUpGQ1ov] C:\PROGRA~1\tsusxxts\ecQACkxM.exe
O4 - HKLM\..\Run: [tqao] C:\WINDOWS\System32\mwgmg.exe
O4 - HKLM\..\Run: [mcesnipm] C:\WINDOWS\System32\zsrxzb.exe
O4 - HKLM\..\Run: [XtTb.exe] C:\WINDOWS\XtTb.exe
O4 - HKLM\..\Run: [knpjmso] C:\WINDOWS\System32\iree.exe
O4 - HKLM\..\Run: [klccyhpj] C:\WINDOWS\System32\voxhfn.exe
O4 - HKLM\..\Run: [tqns] C:\WINDOWS\System32\aeuipte.exe
O4 - HKLM\..\Run: [ezsyrbe] C:\WINDOWS\System32\ooool.exe
O4 - HKLM\..\Run: [upbog] C:\WINDOWS\System32\yqtg.exe
O4 - HKLM\..\Run: [dwzmrvy] C:\WINDOWS\System32\ullbiw.exe
O4 - HKLM\..\Run: [SStb.exe] C:\WINDOWS\SStb.exe
O4 - HKLM\..\Run: [ivceubqs] C:\WINDOWS\System32\ezqvp.exe
O4 - HKLM\..\Run: [ldzk] C:\WINDOWS\System32\ndnz.exe
O4 - HKLM\..\Run: [oqwo] C:\WINDOWS\System32\pwszic.exe
O4 - HKLM\..\Run: [xxwcle] C:\WINDOWS\System32\ixgweep.exe
O4 - HKLM\..\Run: [nvyzifpu] C:\WINDOWS\System32\fneshhv.exe
O4 - HKLM\..\Run: [kchq] C:\WINDOWS\System32\fifm.exe
O4 - HKLM\..\Run: [dglcr] C:\WINDOWS\System32\tooc.exe
O4 - HKLM\..\Run: [riea] C:\WINDOWS\System32\haiepl.exe
O4 - HKLM\..\Run: [eclwmsbl] C:\WINDOWS\System32\junx.exe
O4 - HKLM\..\Run: [ujswbcx] C:\WINDOWS\System32\kmoi.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [oacgrv] C:\WINDOWS\System32\ynjsrkyf.exe
O4 - HKLM\..\Run: [kjeofeu] C:\WINDOWS\System32\itycdmok.exe
O4 - HKLM\..\Run: [acqego] C:\WINDOWS\System32\plcqfa.exe
O4 - HKLM\..\Run: [bdqzldgm] C:\WINDOWS\System32\dwtqe.exe
O4 - HKLM\..\Run: [cjcznqxa] C:\WINDOWS\System32\zljnzed.exe
O4 - HKLM\..\Run: [okqrueqe] C:\WINDOWS\System32\jfwga.exe
O4 - HKLM\..\Run: [tewu] C:\WINDOWS\System32\ermfpp.exe
O4 - HKLM\..\Run: [ladudcf] C:\WINDOWS\System32\dlimf\ladudcf.exe
O4 - HKLM\..\Run: [tvtqe] C:\WINDOWS\System32\sfxh\tvtqe.exe
O4 - HKLM\..\Run: [unamlp] C:\WINDOWS\System32\jamwd\unamlp.exe
O4 - HKLM\..\Run: [axdrhyt] C:\WINDOWS\System32\imymwpbr\axdrhyt.exe
O4 - HKLM\..\Run: [jtlv] C:\WINDOWS\System32\dlpdh.exe
O4 - HKLM\..\Run: [bxlupzzc] C:\WINDOWS\System32\curepc.exe
O4 - HKLM\..\Run: [lvltmu] C:\WINDOWS\System32\npwxi.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\dealhelper.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [yhexb] C:\WINDOWS\System32\qpiw.exe
O4 - HKLM\..\Run: [zzjirks] C:\WINDOWS\System32\bcepgdxo.exe
O4 - HKLM\..\Run: [fqaaj] C:\WINDOWS\System32\tatqzt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [eoyjjg] C:\WINDOWS\System32\smetr.exe
O4 - HKLM\..\Run: [pxlccbb] C:\WINDOWS\System32\awpvbfu.exe
O4 - HKLM\..\Run: [kltdfech] C:\WINDOWS\System32\zpsbw.exe
O4 - HKLM\..\Run: [zdfmjtcc] C:\WINDOWS\System32\bewzcbfl.exe
O4 - HKLM\..\Run: [tubke] C:\WINDOWS\System32\blbce.exe
O4 - HKLM\..\Run: [gmvbua] C:\WINDOWS\System32\tqvjue.exe
O4 - HKLM\..\Run: [St2GfPqxc.exe] C:\documents and settings\dana\local settings\temp\St2GfPqxc.exe
O4 - HKLM\..\Run: [nUx.exe] C:\documents and settings\dana\local settings\temp\nUx.exe
O4 - HKLM\..\Run: [lndunxw] C:\WINDOWS\System32\tensorvx.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\dana\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [ynxnskw] C:\WINDOWS\System32\oadpvu.exe
O4 - HKLM\..\Run: [zabfffu] C:\WINDOWS\System32\qcizo.exe
O4 - HKLM\..\Run: [jhxqmh] C:\WINDOWS\System32\uthf.exe
O4 - HKLM\..\Run: [d3tBZf7d.exe] c:\documents and settings\dana\local settings\temp\d3tBZf7d.exe
O4 - HKLM\..\Run: [HvX.exe] C:\documents and settings\dana\local settings\temp\HvX.exe
O4 - HKLM\..\Run: [kRQbN3xmc.exe] C:\documents and settings\dana\local settings\temp\kRQbN3xmc.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [uffxjh] C:\WINDOWS\System32\qhhepnk\uffxjh.exe
O4 - HKLM\..\Run: [dolhcix] C:\WINDOWS\System32\aswkxd\dolhcix.exe
O4 - HKLM\..\Run: [apvk] C:\WINDOWS\System32\gqbfi\apvk.exe
O4 - HKLM\..\Run: [ttyv] C:\WINDOWS\System32\fymeqd\ttyv.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\dadjjol.exe] C:\WINDOWS\dadjjol.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [RUFGXkUw] C:\PROGRA~1\tsusxxts\REACCkRN.exe
O4 - HKLM\..\Run: [pbdaceej] C:\WINDOWS\System32\gjuih\pbdaceej.exe
O4 - HKLM\..\Run: [774X3FX] falearts.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Mwv7RPb4X] ez0fnet.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\mviaaty.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\dana\Application Data\eetu.exe
O4 - HKCU\..\Run: [Vvesbrwz] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Startup: Registration The Secret of the Silver Earring.LNK = F:\support\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 PM

Posted 07 February 2005 - 06:09 PM

Please download and run Trojan Hunter.
http://www.trojanhunter.com/products/TrojanHunter.exe


Please run these two online scans.
Make sure they are set to clean automatically:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/co...n_principal.htm

If there are files that can not be removed by the scans please include that information in your next post.


Download, run, and configure Adaware

Download Ad-aware SE from: http://www.majorgeeks.com/download506.html

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.


Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

* Automatically save log-file
* Automatically quarantine objects prior to removal
* Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

* Scan Within Archives
* Scan Active Processes
* Scan Registry
* Deep Scan Registry
* Scan my IE favorites for banned URL’s
* Scan my Hosts file
* Under Click here to select drives + folders, choose:
* All of your hard drives

Click on the Advanced button on the left and select:

* Include additional process information
* Include additional file information
* Include environment information

Click the Tweak button and select:

* Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
* Under the Cleaning Engine:
o Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

* Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users