Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pending Doom


  • Please log in to reply
2 replies to this topic

#1 quicksilver31

quicksilver31

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 02 July 2007 - 06:29 AM

Haven't looked at this for awhile, and i was shocked at the log......there's so many foreign entries I don't where to begin. I'd greatly appreciate if somebody with an experienced eye could get me going. Thanks.

Edited by quicksilver31, 02 July 2007 - 07:08 AM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:23 AM

Posted 02 July 2007 - 12:57 PM

Post your log to the HJT forum, and I'm sure someone will help you out.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 quicksilver31

quicksilver31
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 02 July 2007 - 01:35 PM

Ok, here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:30 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Catroot\aol.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\vpnpbmg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 5 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [sjwzpopubxt] C:\WINDOWS\system32\sjwzpopubxt.exe
O4 - HKLM\..\Run: [dp] C:\WINDOWS\system32\dp.exe
O4 - HKLM\..\Run: [aetqy] C:\WINDOWS\system32\aetqy.exe
O4 - HKLM\..\Run: [opetkrz] C:\WINDOWS\system32\opetkrz.exe
O4 - HKLM\..\Run: [tznzttili] C:\WINDOWS\system32\tznzttili.exe
O4 - HKLM\..\Run: [tykzdpqie] C:\WINDOWS\system32\tykzdpqie.exe
O4 - HKLM\..\Run: [ofdv] C:\WINDOWS\system32\ofdv.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\system32\s.exe
O4 - HKLM\..\Run: [sydr] C:\WINDOWS\system32\sydr.exe
O4 - HKLM\..\Run: [asjj] C:\WINDOWS\system32\asjj.exe
O4 - HKLM\..\Run: [azdhgce] C:\WINDOWS\system32\azdhgce.exe
O4 - HKLM\..\Run: [zqsnjwckqtml] C:\WINDOWS\system32\zqsnjwckqtml.exe
O4 - HKLM\..\Run: [vtcm] C:\WINDOWS\system32\vtcm.exe
O4 - HKLM\..\Run: [oculydm] C:\WINDOWS\system32\oculydm.exe
O4 - HKLM\..\Run: [pztqb] C:\WINDOWS\system32\pztqb.exe
O4 - HKLM\..\Run: [qqqa] C:\WINDOWS\system32\qqqa.exe
O4 - HKLM\..\Run: [boyyyfuszxj] C:\WINDOWS\system32\boyyyfuszxj.exe
O4 - HKLM\..\Run: [tt] C:\WINDOWS\system32\tt.exe
O4 - HKLM\..\Run: [aebj] C:\WINDOWS\system32\aebj.exe
O4 - HKLM\..\Run: [tj] C:\WINDOWS\system32\tj.exe
O4 - HKLM\..\Run: [afrqpntamxry] C:\WINDOWS\system32\afrqpntamxry.exe
O4 - HKLM\..\Run: [wy] C:\WINDOWS\system32\wy.exe
O4 - HKLM\..\Run: [mcfxzyziil] C:\WINDOWS\system32\mcfxzyziil.exe
O4 - HKLM\..\Run: [qnffp] C:\WINDOWS\system32\qnffp.exe
O4 - HKLM\..\Run: [bsiauzsduj] C:\WINDOWS\system32\bsiauzsduj.exe
O4 - HKLM\..\Run: [k] C:\WINDOWS\system32\k.exe
O4 - HKLM\..\Run: [fbyr] C:\WINDOWS\system32\fbyr.exe
O4 - HKLM\..\Run: [juxw] C:\WINDOWS\system32\juxw.exe
O4 - HKLM\..\Run: [yabm] C:\WINDOWS\system32\yabm.exe
O4 - HKLM\..\Run: [mw] C:\WINDOWS\system32\mw.exe
O4 - HKLM\..\Run: [ziaq] C:\WINDOWS\system32\ziaq.exe
O4 - HKLM\..\Run: [edmvwib] C:\WINDOWS\system32\edmvwib.exe
O4 - HKLM\..\Run: [exq] C:\WINDOWS\system32\exq.exe
O4 - HKLM\..\Run: [jb] C:\WINDOWS\system32\jb.exe
O4 - HKLM\..\Run: [vlpjxhnz] C:\WINDOWS\system32\vlpjxhnz.exe
O4 - HKLM\..\Run: [urhtv] C:\WINDOWS\system32\urhtv.exe
O4 - HKLM\..\Run: [ijsnfxpryb] C:\WINDOWS\system32\ijsnfxpryb.exe
O4 - HKLM\..\Run: [ocpocxa] C:\WINDOWS\system32\ocpocxa.exe
O4 - HKLM\..\Run: [oayunhk] C:\WINDOWS\system32\oayunhk.exe
O4 - HKLM\..\Run: [fhdefq] C:\WINDOWS\system32\fhdefq.exe
O4 - HKLM\..\Run: [kdhublxwablm] C:\WINDOWS\system32\kdhublxwablm.exe
O4 - HKLM\..\Run: [hkjqserr] C:\WINDOWS\system32\hkjqserr.exe
O4 - HKLM\..\Run: [ytbb] C:\WINDOWS\system32\ytbb.exe
O4 - HKLM\..\Run: [jzpr] C:\WINDOWS\system32\jzpr.exe
O4 - HKLM\..\Run: [jkwojuummxmq] C:\WINDOWS\system32\jkwojuummxmq.exe
O4 - HKLM\..\Run: [xf] C:\WINDOWS\system32\xf.exe
O4 - HKLM\..\Run: [ynuokmcvnk] C:\WINDOWS\system32\ynuokmcvnk.exe
O4 - HKLM\..\Run: [qyz] C:\WINDOWS\system32\qyz.exe
O4 - HKLM\..\Run: [oedwmlhj] C:\WINDOWS\system32\oedwmlhj.exe
O4 - HKLM\..\Run: [dvrkemcgl] C:\WINDOWS\system32\dvrkemcgl.exe
O4 - HKLM\..\Run: [jyehbsq] C:\WINDOWS\system32\jyehbsq.exe
O4 - HKLM\..\Run: [oghn] C:\WINDOWS\system32\oghn.exe
O4 - HKLM\..\Run: [cfgmtyjq] C:\WINDOWS\system32\cfgmtyjq.exe
O4 - HKLM\..\Run: [osxrtdkcor] C:\WINDOWS\system32\osxrtdkcor.exe
O4 - HKLM\..\Run: [qisqne] C:\WINDOWS\system32\qisqne.exe
O4 - HKLM\..\Run: [cucocosxikfe] C:\WINDOWS\system32\cucocosxikfe.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rqdc] C:\WINDOWS\system32\rqdc.exe
O4 - HKLM\..\Run: [ctecgmgffhoc] C:\WINDOWS\system32\ctecgmgffhoc.exe
O4 - HKLM\..\Run: [igfj] C:\WINDOWS\system32\igfj.exe
O4 - HKLM\..\Run: [tzjlqbov] C:\WINDOWS\system32\tzjlqbov.exe
O4 - HKLM\..\Run: [uje] C:\WINDOWS\system32\uje.exe
O4 - HKLM\..\Run: [vpnpbmg] C:\WINDOWS\system32\vpnpbmg.exe
O4 - HKLM\..\Run: [wbxuqxhpoke] C:\WINDOWS\system32\wbxuqxhpoke.exe
O4 - HKLM\..\Run: [gaioyc] C:\WINDOWS\system32\gaioyc.exe
O4 - HKLM\..\Run: [f] C:\WINDOWS\system32\f.exe
O4 - HKLM\..\Run: [nkvpbsqkr] C:\WINDOWS\system32\nkvpbsqkr.exe
O4 - HKLM\..\Run: [vfi] C:\WINDOWS\system32\vfi.exe
O4 - HKLM\..\Run: [cawnemzxhs] C:\WINDOWS\system32\cawnemzxhs.exe
O4 - HKLM\..\Run: [zmoykzimwv] C:\WINDOWS\system32\zmoykzimwv.exe
O4 - HKLM\..\Run: [pzitnbu] C:\WINDOWS\system32\pzitnbu.exe
O4 - HKLM\..\Run: [tyivzhikovo] C:\WINDOWS\system32\tyivzhikovo.exe
O4 - HKLM\..\Run: [cbtr] C:\WINDOWS\system32\cbtr.exe
O4 - HKLM\..\Run: [csci] C:\WINDOWS\system32\csci.exe
O4 - HKLM\..\Run: [ifoxuyskk] C:\WINDOWS\system32\ifoxuyskk.exe
O4 - HKLM\..\Run: [ootkqqkaetg] C:\WINDOWS\system32\ootkqqkaetg.exe
O4 - HKLM\..\Run: [jzeitlvh] C:\WINDOWS\system32\jzeitlvh.exe
O4 - HKLM\..\Run: [ajhxtyqgtze] C:\WINDOWS\system32\ajhxtyqgtze.exe
O4 - HKLM\..\Run: [lsdup] C:\WINDOWS\system32\lsdup.exe
O4 - HKLM\..\Run: [pkptw] C:\WINDOWS\system32\pkptw.exe
O4 - HKLM\..\Run: [qcjcyccmovo] C:\WINDOWS\system32\qcjcyccmovo.exe
O4 - HKLM\..\Run: [vuiuckl] C:\WINDOWS\system32\vuiuckl.exe
O4 - HKLM\..\Run: [ctpjhj] C:\WINDOWS\system32\ctpjhj.exe
O4 - HKLM\..\Run: [nliqtmxs] C:\WINDOWS\system32\nliqtmxs.exe
O4 - HKLM\..\Run: [rdpat] C:\WINDOWS\system32\rdpat.exe
O4 - HKLM\..\Run: [hx] C:\WINDOWS\system32\hx.exe
O4 - HKLM\..\Run: [yzdxm] C:\WINDOWS\system32\yzdxm.exe
O4 - HKLM\..\Run: [ymekeo] C:\WINDOWS\system32\ymekeo.exe
O4 - HKLM\..\Run: [wtl] C:\WINDOWS\system32\wtl.exe
O4 - HKLM\..\Run: [rmnrifg] C:\WINDOWS\system32\rmnrifg.exe
O4 - HKLM\..\Run: [gdj] C:\WINDOWS\system32\gdj.exe
O4 - HKLM\..\Run: [gztuibrrimm] C:\WINDOWS\system32\gztuibrrimm.exe
O4 - HKLM\..\Run: [veabri] C:\WINDOWS\system32\veabri.exe
O4 - HKLM\..\Run: [iadejg] C:\WINDOWS\system32\iadejg.exe
O4 - HKLM\..\Run: [skqruez] C:\WINDOWS\system32\skqruez.exe
O4 - HKLM\..\Run: [snvsoe] C:\WINDOWS\system32\snvsoe.exe
O4 - HKLM\..\Run: [qcwimselsery] C:\WINDOWS\system32\qcwimselsery.exe
O4 - HKLM\..\Run: [judpewimhe] C:\WINDOWS\system32\judpewimhe.exe
O4 - HKLM\..\Run: [yc] C:\WINDOWS\system32\yc.exe
O4 - HKLM\..\Run: [h] C:\WINDOWS\system32\h.exe
O4 - HKLM\..\Run: [lffnjzlhjmmd] C:\WINDOWS\system32\lffnjzlhjmmd.exe
O4 - HKLM\..\Run: [ssyaiazg] C:\WINDOWS\system32\ssyaiazg.exe
O4 - HKLM\..\Run: [adkmxbyqtteu] C:\WINDOWS\system32\adkmxbyqtteu.exe
O4 - HKLM\..\Run: [igtnldryehue] C:\WINDOWS\system32\igtnldryehue.exe
O4 - HKLM\..\Run: [xwzwprvhbcng] C:\WINDOWS\system32\xwzwprvhbcng.exe
O4 - HKLM\..\Run: [qr] C:\WINDOWS\system32\qr.exe
O4 - HKLM\..\Run: [svh] C:\WINDOWS\system32\svh.exe
O4 - HKLM\..\Run: [irpdgso] C:\WINDOWS\system32\irpdgso.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167144691937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Loading Service (AOL-MG_SV) - Unknown owner - C:\WINDOWS\System32\Catroot\aol.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Print Spooler Service (pfemzy5eme2ji) - Unknown owner - C:\WINDOWS\system32\mlbdada.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Thanks, whoever can take a peek at this.

Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users