Tech Support Forum - View Single Post - My hijack log

Vikesrock8411 · 08-07-2006, 08:22 PM

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O4 - HKLM\..\Run: [newname] C:\\nwnmff_7.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\vuipxspx.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\wunnls.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files (x86)\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
Please remember to close all other windows, including browsers then click Fix checked.

Launch KillBox.exe & select the following options:

delete on Reboot

Select all the filenames below & then right-click & select Copy

C:\WINDOWS\system32\byxwutt.dll
C:\WINDOWS\system32\byxwxvs.dll
C:\WINDOWS\system32\cbxwwvt.dll
C:\WINDOWS\system32\ddcbbyv.dll
C:\WINDOWS\system32\ddcyvsp.dll
C:\WINDOWS\system32\hggecaw.dll
C:\WINDOWS\system32\hgggffc.dll
C:\WINDOWS\system32\jkkjijh.dll
C:\WINDOWS\system32\jkkllmj.dll
C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\ljjghgd.dll
C:\WINDOWS\system32\ljjhgdc.dll
C:\WINDOWS\system32\nnnkjgg.dll
C:\WINDOWS\system32\nnnkkhh.dll
C:\WINDOWS\system32\opnkige.dll
C:\WINDOWS\system32\opnnnmk.dll
C:\WINDOWS\system32\opnonmj.dll
C:\WINDOWS\system32\pmnklkl.dll
C:\WINDOWS\system32\qommmlk.dll
C:\WINDOWS\system32\ssqnmmk.dll
C:\WINDOWS\system32\tuvvwvs.dll
C:\WINDOWS\system32\urqronm.dll
C:\WINDOWS\system32\wvutqrs.dll
C:\WINDOWS\system32\wvuuuvw.dll
C:\WINDOWS\system32\xxyvtur.dll
C:\WINDOWS\system32\xxywwxu.dll
C:\WINDOWS\system32\yaywurp.dll
C:\WINDOWS\system32\yayxuro.dll
C:\WINDOWS\SysWOW64\byxwutt.dll
C:\WINDOWS\SysWOW64\byxwxvs.dll
C:\WINDOWS\SysWOW64\cbxwwvt.dll
C:\WINDOWS\SysWOW64\ddcbbyv.dll
C:\WINDOWS\SysWOW64\ddcyvsp.dll
C:\WINDOWS\SysWOW64\hggecaw.dll
C:\WINDOWS\SysWOW64\hgggffc.dll
C:\WINDOWS\SysWOW64\jkkjijh.dll
C:\WINDOWS\SysWOW64\jkkllmj.dll
C:\WINDOWS\SysWOW64\khfcdbc.dll
C:\WINDOWS\SysWOW64\ljjghgd.dll
C:\WINDOWS\SysWOW64\ljjhgdc.dll
C:\WINDOWS\SysWOW64\nnnkjgg.dll
C:\WINDOWS\SysWOW64\nnnkkhh.dll
C:\WINDOWS\SysWOW64\opnkige.dll
C:\WINDOWS\SysWOW64\opnnnmk.dll
C:\WINDOWS\SysWOW64\opnonmj.dll
C:\WINDOWS\SysWOW64\pmnklkl.dll
C:\WINDOWS\SysWOW64\qommmlk.dll
C:\WINDOWS\SysWOW64\ssqnmmk.dll
C:\WINDOWS\SysWOW64\tuvvwvs.dll
C:\WINDOWS\SysWOW64\urqronm.dll
C:\WINDOWS\SysWOW64\wvutqrs.dll
C:\WINDOWS\SysWOW64\wvuuuvw.dll
C:\WINDOWS\SysWOW64\xxyvtur.dll
C:\WINDOWS\SysWOW64\xxywwxu.dll
C:\WINDOWS\SysWOW64\yaywurp.dll
C:\WINDOWS\SysWOW64\yayxuro.dll
C:\WINDOWS\RW5naW5lZXJpbmc\command.exe
C:\WINDOWS\SYSTEM32\CONFIG\DRXVP.EXE
C:\PROGRAM FILES (X86)\NETWORK MONITOR\NETMON.EXE

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

Run a new scan with Hijackthis and post the log here.

08-07-2006, 08:22 PM	#13 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [newname] C:\\nwnmff_7.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_7.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\vuipxspx.dll (file missing) O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\wunnls.dll (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files (x86)\Network Monitor\netmon.exe (file missing) O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. Launch KillBox.exe & select the following options: delete on Reboot Select all the filenames below & then right-click & select Copy C:\WINDOWS\system32\byxwutt.dll C:\WINDOWS\system32\byxwxvs.dll C:\WINDOWS\system32\cbxwwvt.dll C:\WINDOWS\system32\ddcbbyv.dll C:\WINDOWS\system32\ddcyvsp.dll C:\WINDOWS\system32\hggecaw.dll C:\WINDOWS\system32\hgggffc.dll C:\WINDOWS\system32\jkkjijh.dll C:\WINDOWS\system32\jkkllmj.dll C:\WINDOWS\system32\khfcdbc.dll C:\WINDOWS\system32\ljjghgd.dll C:\WINDOWS\system32\ljjhgdc.dll C:\WINDOWS\system32\nnnkjgg.dll C:\WINDOWS\system32\nnnkkhh.dll C:\WINDOWS\system32\opnkige.dll C:\WINDOWS\system32\opnnnmk.dll C:\WINDOWS\system32\opnonmj.dll C:\WINDOWS\system32\pmnklkl.dll C:\WINDOWS\system32\qommmlk.dll C:\WINDOWS\system32\ssqnmmk.dll C:\WINDOWS\system32\tuvvwvs.dll C:\WINDOWS\system32\urqronm.dll C:\WINDOWS\system32\wvutqrs.dll C:\WINDOWS\system32\wvuuuvw.dll C:\WINDOWS\system32\xxyvtur.dll C:\WINDOWS\system32\xxywwxu.dll C:\WINDOWS\system32\yaywurp.dll C:\WINDOWS\system32\yayxuro.dll C:\WINDOWS\SysWOW64\byxwutt.dll C:\WINDOWS\SysWOW64\byxwxvs.dll C:\WINDOWS\SysWOW64\cbxwwvt.dll C:\WINDOWS\SysWOW64\ddcbbyv.dll C:\WINDOWS\SysWOW64\ddcyvsp.dll C:\WINDOWS\SysWOW64\hggecaw.dll C:\WINDOWS\SysWOW64\hgggffc.dll C:\WINDOWS\SysWOW64\jkkjijh.dll C:\WINDOWS\SysWOW64\jkkllmj.dll C:\WINDOWS\SysWOW64\khfcdbc.dll C:\WINDOWS\SysWOW64\ljjghgd.dll C:\WINDOWS\SysWOW64\ljjhgdc.dll C:\WINDOWS\SysWOW64\nnnkjgg.dll C:\WINDOWS\SysWOW64\nnnkkhh.dll C:\WINDOWS\SysWOW64\opnkige.dll C:\WINDOWS\SysWOW64\opnnnmk.dll C:\WINDOWS\SysWOW64\opnonmj.dll C:\WINDOWS\SysWOW64\pmnklkl.dll C:\WINDOWS\SysWOW64\qommmlk.dll C:\WINDOWS\SysWOW64\ssqnmmk.dll C:\WINDOWS\SysWOW64\tuvvwvs.dll C:\WINDOWS\SysWOW64\urqronm.dll C:\WINDOWS\SysWOW64\wvutqrs.dll C:\WINDOWS\SysWOW64\wvuuuvw.dll C:\WINDOWS\SysWOW64\xxyvtur.dll C:\WINDOWS\SysWOW64\xxywwxu.dll C:\WINDOWS\SysWOW64\yaywurp.dll C:\WINDOWS\SysWOW64\yayxuro.dll C:\WINDOWS\RW5naW5lZXJpbmc\command.exe C:\WINDOWS\SYSTEM32\CONFIG\DRXVP.EXE C:\PROGRAM FILES (X86)\NETWORK MONITOR\NETMON.EXE * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. Run a new scan with Hijackthis and post the log here. __________________