Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Removing Inqwire


  • This topic is locked This topic is locked
2 replies to this topic

#1 Nautica

Nautica

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 29 November 2005 - 08:56 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:52:33 PM, on 11/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\exgaawh.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS1\eekgduq.exe
C:\PROGRA~1\COMMON~1\kwok\kwokm.exe
C:\PROGRA~1\COMMON~1\kwok\kwoka.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3352580E-BCEA-C765-E4A1-B459A281F9E9} - C:\WINDOWS1\System32\xdyeug.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS1\system32\zljaxe.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS1\System32\irasewhw.dll
O2 - BHO: (no name) - {96C9CC24-C3F0-AF69-6F31-7A1F148DC81C} - C:\WINDOWS1\hrxvvhab.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Search - {4D701E52-BC5E-F3DF-6312-2BEDCF5F7110} - C:\WINDOWS1\hrxvvhab.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [strtas] loc1.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eekgduq] C:\WINDOWS1\eekgduq.exe
O4 - HKLM\..\RunServices: [strtas] loc1.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunOnce: [9f9lu.exe] C:\WINDOWS1\System32\9f9lu.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [strtas] loc1.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS1\System32\irasyncd.exe
O4 - HKCU\..\Run: [kwok] C:\PROGRA~1\COMMON~1\kwok\kwokm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2E962-3C7D-4028-A3DE-ACD6F5A87C4E}: NameServer = 68.94.156.1 206.13.30.12
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS1\Tmljaw\command.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS1\exgaawh.exe

Moved from the Windows XP Home and Professional forum ~Joshuacat

Edited by Joshuacat, 29 November 2005 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:14 PM

Posted 03 December 2005 - 10:56 AM

Hello,

Your system is badly compromised and actually it doesn't surprise me at all, because you don't have an antivirus and firewall installed and your Windows is not up to date.
You are also dealing with some malware present which is a rootkit.

This worm spreads through network shares protected by weak passwords and through various operating system vulnerabilities.

Anyone may have had access to anything on your system or done whatever they want to it and hidden it from you. The rootkit makes it worse as your system is no longer trustworthy.

But that's not all... your passwords are collected etc..
AND there is a lot of other malware present as well.

You could prevent this all if you had a firewall and antivirus installed and if your windows was up to date. Unfortunately, it's already to late for that and cleaning such a badly compromised system is rather a waste of time now.

That's why I recommend you format your system and reinstall windows again and update to Service Pack2 immediately.
If you have an illegal version of XP, I recommend you buy a legal version, because illegal version won't update and you'll get reinfected again and again.
Also install an antivirus and firewall afterwards:

AVG, AntiVirŪ OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

This is the only and best solution.

Read here how to format and reinstall XP:
http://rcc.bgsu.edu/computing/xpformat/

Don't perform a Recover install, because the malware will still present, you really need to erase all data from your system!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:14 PM

Posted 13 December 2005 - 06:43 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users