Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log / dewlover


  • Please log in to reply
1 reply to this topic

#1 dewlover80

dewlover80

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 31 August 2005 - 06:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:59:16 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\dlkfud.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\SYSTEM32\w?nlogon.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\RUNDLL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [epx30105] C:\WINDOWS\System32\epx30105.exe
O4 - HKLM\..\Run: [svuow] C:\WINDOWS\System32\svuow.exe
O4 - HKLM\..\Run: [aco] C:\WINDOWS\System32\aco.exe
O4 - HKLM\..\Run: [lnpiv] C:\WINDOWS\System32\lnpiv.exe
O4 - HKLM\..\Run: [mnf] C:\WINDOWS\System32\mnf.exe
O4 - HKLM\..\Run: [rfhv] C:\WINDOWS\System32\rfhv.exe
O4 - HKLM\..\Run: [hdhifl] C:\WINDOWS\System32\hdhifl.exe
O4 - HKLM\..\Run: [gcfanlp] C:\WINDOWS\System32\gcfanlp.exe
O4 - HKLM\..\Run: [jthban] C:\WINDOWS\System32\jthban.exe
O4 - HKLM\..\Run: [wgcuzxh] C:\WINDOWS\System32\wgcuzxh.exe
O4 - HKLM\..\Run: [bkxsj] C:\WINDOWS\System32\bkxsj.exe
O4 - HKLM\..\Run: [fzqvbcp] C:\WINDOWS\System32\fzqvbcp.exe
O4 - HKLM\..\Run: [rqur] C:\WINDOWS\System32\rqur.exe
O4 - HKLM\..\Run: [khd] C:\WINDOWS\System32\khd.exe
O4 - HKLM\..\Run: [tdsnn] C:\WINDOWS\System32\tdsnn.exe
O4 - HKLM\..\Run: [ijqagkd] C:\WINDOWS\System32\ijqagkd.exe
O4 - HKLM\..\Run: [xwh] C:\WINDOWS\System32\xwh.exe
O4 - HKLM\..\Run: [kryu] C:\WINDOWS\System32\kryu.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [qhzg] C:\WINDOWS\System32\qhzg.exe
O4 - HKLM\..\Run: [dpgh] C:\WINDOWS\System32\dpgh.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kdd44g.exe reg_run
O4 - HKLM\..\Run: [gff5mliu] C:\WINDOWS\System32\gff5mliu.exe
O4 - HKLM\..\Run: [exs] C:\WINDOWS\System32\exs.exe
O4 - HKLM\..\Run: [kiw] C:\WINDOWS\System32\kiw.exe
O4 - HKLM\..\Run: [czbp] C:\WINDOWS\System32\czbp.exe
O4 - HKLM\..\Run: [Nqsieepk] C:\Program Files\Lkhpeo\Ofpkjbk.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [jqvjp] C:\WINDOWS\System32\jqvjp.exe
O4 - HKLM\..\Run: [ipkkjfj] C:\WINDOWS\System32\ipkkjfj.exe
O4 - HKLM\..\Run: [khn] C:\WINDOWS\System32\khn.exe
O4 - HKLM\..\Run: [eojgvj] c:\windows\system32\dlkfud.exe r
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [Psaev] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nosunex.mht!http://daemonlinks.net/script/ys.chm::/ysb_regular.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\IQAAPI.DLL
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWRtaW5pc3RyYXRvcgAA\command.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:17 PM

Posted 01 September 2005 - 03:17 AM

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users