Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis log HELP!


  • Please log in to reply
1 reply to this topic

#1 O_Wut!!!

O_Wut!!!

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 December 2004 - 02:06 PM

Logfile of HijackThis v1.98.2
Scan saved at 10:36:30 AM, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mrhjcxvd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\rundll32.exe
C:\documents and settings\ulises\local settings\temp\XrN0dq.exe
C:\documents and settings\ulises\local settings\temp\W6N.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\documents and settings\ulises\local settings\temp\hEwLlK.exe
C:\program files\valve\steam\steam.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\Documents and Settings\Ulises\Application Data\itut.exe
C:\WINDOWS\system32\d?dplay.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LpeSwe.exe
C:\WINDOWS\system32\SxuAU.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qznya.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AF3169DB-2E08-04D2-5B82-55A94CC3EAEB} - C:\WINDOWS\system32\javaic32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sqiorcszoca] C:\WINDOWS\system32\mrhjcxvd.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [crfk32.exe] C:\WINDOWS\crfk32.exe
O4 - HKLM\..\Run: [XrN0dq.exe] C:\documents and settings\ulises\local settings\temp\XrN0dq.exe
O4 - HKLM\..\Run: [W6N.exe] C:\documents and settings\ulises\local settings\temp\W6N.exe
O4 - HKLM\..\Run: [hEwLlK.exe] C:\documents and settings\ulises\local settings\temp\hEwLlK.exe
O4 - HKLM\..\Run: [3DAMYCL3T5623R] C:\WINDOWS\system32\Arai0h6.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\Run: [rx] C:\documents and settings\mom\local settings\temp\rx.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Aowl] C:\Documents and Settings\Ulises\Application Data\itut.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Blzvfb] C:\WINDOWS\system32\ddplay.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {12345678-1234-1234-1234-123456789123} - http://www.allyoursearch.com/Allyoursearch.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096245751468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846} - http://www.allyoursearch.com/Allyoursearch2.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - http://fad-1112.nyc1.targetnet.com/ad/id=i...mviewer_101.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53224FA7-52C3-46F7-8187-2E8FAE7695D5}: NameServer = 206.13.28.12 206.13.29.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F4943AF-516B-4EB2-B658-0223C5DCB407}: NameServer = 151.164.1.8,206.13.28.12

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:22 PM

Posted 10 December 2004 - 02:31 PM

No anti-virus.
---------------------------
Go here to download the free version of Grisoft's AVG AntiVirus program.

Install the program, check for updates and scan your system allowing it to remove whatever it finds.
---------------------------
Please download a-squared
http://www.emsisoft.com/en/software/free/
The program is free, but you will need to register.
Let it scan and remove all trojans.

Then post a new log.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users