Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Please look at my Hijack Log if you can Please look at my Hijack Log if you can
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 12-31-2004, 06:41 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 4
OS: Win XP Professional


Please look at my Hijack Log if you can
Hello....
I have run Cleanup and ad aware

here's my hijack log....

Anything look awry???
I have had a few viruses and a TON of spyware I've been removing.

Thanks
Kathy

Logfile of HijackThis v1.99.0
Scan saved at 9:37:20 PM, on 12/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\110288~1\EE\AOLHOS~1.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\COMMON~1\AOL\110288~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\system32\ykpdyd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Kathy\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ntnyproxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [yzwjspii] C:\WINDOWS\System32\cxkeqaax.exe
O4 - HKLM\..\Run: [yxuzn] C:\WINDOWS\System32\btxiai.exe
O4 - HKLM\..\Run: [yvvxz] C:\WINDOWS\System32\lohyturj.exe
O4 - HKLM\..\Run: [yslnqw] C:\WINDOWS\System32\ylxc.exe
O4 - HKLM\..\Run: [yifnuus] C:\WINDOWS\System32\vrwjqzc.exe
O4 - HKLM\..\Run: [xoll] C:\WINDOWS\System32\hnjs.exe
O4 - HKLM\..\Run: [vvmlayro] C:\WINDOWS\System32\jlxilsjf.exe
O4 - HKLM\..\Run: [vhyhwt] C:\WINDOWS\System32\xfkl.exe
O4 - HKLM\..\Run: [uvdimaz] C:\WINDOWS\System32\viainq.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [sqgj] C:\WINDOWS\System32\fgiyja.exe
O4 - HKLM\..\Run: [rziejjqc] C:\WINDOWS\System32\nrssmf.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qjdddexf] C:\WINDOWS\System32\ecmrd.exe
O4 - HKLM\..\Run: [qaux] C:\WINDOWS\System32\efpixaju.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [pvlrnq] C:\WINDOWS\System32\uzhycwf.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [pdogolx] C:\WINDOWS\System32\cmjiespm.exe
O4 - HKLM\..\Run: [ognahfc] C:\WINDOWS\System32\wqmjumc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nkgen] C:\WINDOWS\System32\qvznisvy.exe
O4 - HKLM\..\Run: [nbocxx] C:\WINDOWS\System32\comgcd.exe
O4 - HKLM\..\Run: [lanqnei] C:\WINDOWS\System32\wasmrjn.exe
O4 - HKLM\..\Run: [jypm] C:\WINDOWS\System32\uzqpumt.exe
O4 - HKLM\..\Run: [jbqo] C:\WINDOWS\System32\dseppmez.exe
O4 - HKLM\..\Run: [higmya] C:\WINDOWS\System32\qnfpvd.exe
O4 - HKLM\..\Run: [evot] C:\WINDOWS\System32\kfuo.exe
O4 - HKLM\..\Run: [EPAKUCMZ] C:\WINDOWS\EPAKUCMZ.exe
O4 - HKLM\..\Run: [ekkhl] C:\WINDOWS\System32\rkexd.exe
O4 - HKLM\..\Run: [dvxao] C:\WINDOWS\System32\eyokph.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [cmzqchn] C:\WINDOWS\System32\drumu.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [buhvopu] C:\WINDOWS\System32\rjrj.exe
O4 - HKLM\..\Run: [atvclo] C:\WINDOWS\System32\bxegjk.exe
O4 - HKLM\..\Run: [aorlcr] C:\WINDOWS\System32\lvds.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [xirygdo] C:\WINDOWS\System32\xcrmy.exe
O4 - HKLM\..\Run: [dtoqvb] C:\WINDOWS\System32\kzcxzo.exe
O4 - HKLM\..\Run: [kwxmwhzt] C:\WINDOWS\System32\ioihehh.exe
O4 - HKLM\..\Run: [mgepqyn] C:\WINDOWS\System32\tqosez.exe
O4 - HKLM\..\Run: [scoun] C:\WINDOWS\System32\dktl.exe
O4 - HKLM\..\Run: [ljedmpx] C:\WINDOWS\System32\zppmavij.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [psmzjtgm] C:\WINDOWS\System32\emtvmno.exe
O4 - HKLM\..\Run: [xfogec] C:\WINDOWS\System32\rmrn.exe
O4 - HKLM\..\Run: [slwscjd] C:\WINDOWS\System32\yeubvtw.exe
O4 - HKLM\..\Run: [hggt] C:\WINDOWS\System32\byamo.exe
O4 - HKLM\..\Run: [kfeqncwj] C:\WINDOWS\System32\cqnbed.exe
O4 - HKLM\..\Run: [wwea] C:\WINDOWS\System32\nktu.exe
O4 - HKLM\..\Run: [uaeprt] C:\WINDOWS\System32\pmymfohg.exe
O4 - HKLM\..\Run: [nhpgwn] C:\WINDOWS\System32\fkli.exe
O4 - HKLM\..\Run: [fluvgexr] C:\WINDOWS\System32\ehsz.exe
O4 - HKLM\..\Run: [rowc] C:\WINDOWS\System32\ojfspxd.exe
O4 - HKLM\..\Run: [qyqt] C:\WINDOWS\System32\duojvl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102880353\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [hahdnnbe] C:\WINDOWS\System32\ynttlxl.exe
O4 - HKLM\..\Run: [oyhvjgb] C:\WINDOWS\System32\rqhmixf.exe
O4 - HKLM\..\Run: [ibry] C:\WINDOWS\System32\emrp.exe
O4 - HKLM\..\Run: [kulovhg] C:\WINDOWS\System32\lfuenws.exe
O4 - HKLM\..\Run: [csvi] C:\WINDOWS\System32\iocf.exe
O4 - HKLM\..\Run: [werljwcb] C:\WINDOWS\System32\sihyuud.exe
O4 - HKLM\..\Run: [fillvi] C:\WINDOWS\System32\absmxi.exe
O4 - HKLM\..\Run: [pwukyp] C:\WINDOWS\System32\ftluth.exe
O4 - HKLM\..\Run: [eusm] C:\WINDOWS\System32\cjjxwk.exe
O4 - HKLM\..\Run: [bkror] C:\WINDOWS\System32\ziytyo.exe
O4 - HKLM\..\Run: [hokygedy] C:\WINDOWS\System32\smbatrsx.exe
O4 - HKLM\..\Run: [cosl] C:\WINDOWS\System32\eild.exe
O4 - HKLM\..\Run: [onnilx] C:\WINDOWS\System32\reeooe.exe
O4 - HKLM\..\Run: [ksil] C:\WINDOWS\System32\lykjakp.exe
O4 - HKLM\..\Run: [nldmisvq] C:\WINDOWS\System32\yuum.exe
O4 - HKLM\..\Run: [qvmobnbe] C:\WINDOWS\System32\dewwym.exe
O4 - HKLM\..\Run: [quaff] C:\WINDOWS\System32\bavknxu.exe
O4 - HKLM\..\Run: [fmecs] C:\WINDOWS\System32\duado.exe
O4 - HKLM\..\Run: [fcny] C:\WINDOWS\system32\etdiaeyt.exe
O4 - HKLM\..\Run: [mfmwld] C:\WINDOWS\system32\qolvvnt.exe
O4 - HKLM\..\Run: [yzbrpx] C:\WINDOWS\system32\lvhmrl.exe
O4 - HKLM\..\Run: [cdxsz] C:\WINDOWS\system32\lcvc.exe
O4 - HKLM\..\Run: [scpn] C:\WINDOWS\system32\yyffon.exe
O4 - HKLM\..\Run: [sqrkm] C:\WINDOWS\system32\gcbb.exe
O4 - HKLM\..\Run: [yuxxr] C:\WINDOWS\system32\reotulj.exe
O4 - HKLM\..\Run: [mmcpc] C:\WINDOWS\system32\tzumvv.exe
O4 - HKLM\..\Run: [rmcllw] C:\WINDOWS\system32\qpkjojo.exe
O4 - HKLM\..\Run: [bfsdtdot] C:\WINDOWS\system32\zixp.exe
O4 - HKLM\..\Run: [hcchpc] C:\WINDOWS\system32\jvgwu.exe
O4 - HKLM\..\Run: [nzafrzsm] C:\WINDOWS\system32\gmesx.exe
O4 - HKLM\..\Run: [yjitnzpo] C:\WINDOWS\system32\wrjnb.exe
O4 - HKLM\..\Run: [xjxdv] C:\WINDOWS\system32\bakxyavo.exe
O4 - HKLM\..\Run: [jlvhkyic] C:\WINDOWS\system32\imrs.exe
O4 - HKLM\..\Run: [tkqslnld] C:\WINDOWS\system32\stfzcpb.exe
O4 - HKLM\..\Run: [xedjiazy] C:\WINDOWS\system32\axmuayra.exe
O4 - HKLM\..\Run: [lnevivd] C:\WINDOWS\system32\mzqs.exe
O4 - HKLM\..\Run: [ruhb] C:\WINDOWS\system32\jbcdz.exe
O4 - HKLM\..\Run: [jjhu] C:\WINDOWS\system32\uvhnarcv.exe
O4 - HKLM\..\Run: [pjrbmwx] C:\WINDOWS\system32\exngbc.exe
O4 - HKLM\..\Run: [dbilfcn] C:\WINDOWS\system32\crrwrm.exe
O4 - HKLM\..\Run: [bxxldia] C:\WINDOWS\system32\mmhumac.exe
O4 - HKLM\..\Run: [ppfp] C:\WINDOWS\system32\xgmnns.exe
O4 - HKLM\..\Run: [pvfpe] C:\WINDOWS\system32\yiof.exe
O4 - HKLM\..\Run: [uccrx] C:\WINDOWS\system32\meyw.exe
O4 - HKLM\..\Run: [zzclhljl] C:\WINDOWS\system32\awrqnv.exe
O4 - HKLM\..\Run: [msnagi] C:\WINDOWS\system32\ffsa.exe
O4 - HKLM\..\Run: [piifi] C:\WINDOWS\system32\edhclkj.exe
O4 - HKLM\..\Run: [nvvlctcp] C:\WINDOWS\system32\ktecs.exe
O4 - HKLM\..\Run: [fbmkpjck] C:\WINDOWS\system32\xpootvj.exe
O4 - HKLM\..\Run: [btxqebk] C:\WINDOWS\system32\rekfqu.exe
O4 - HKLM\..\Run: [myjiklf] C:\WINDOWS\system32\vutpowse.exe
O4 - HKLM\..\Run: [jdculql] C:\WINDOWS\system32\pbpgsvnq.exe
O4 - HKLM\..\Run: [vmnz] C:\WINDOWS\system32\utiqpu.exe
O4 - HKLM\..\Run: [jsifdcxm] C:\WINDOWS\system32\vxwo.exe
O4 - HKLM\..\Run: [lukp] C:\WINDOWS\system32\gakziulb.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\system32\lejqc.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097813613671
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Client Access Express Remote Command - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
hurlball is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 12-31-2004, 08:13 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Oh dear,Oh dear.Your are in a mess.

Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the EXE files (if they are there) and click Kill process before deleting.

Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program.

Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please reboot and post a new log when finished...

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ntnyproxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)

Every one of these EXE files below will need to found and be deleted.........

O4 - HKLM\..\Run: [yzwjspii] C:\WINDOWS\System32\cxkeqaax.exe
O4 - HKLM\..\Run: [yxuzn] C:\WINDOWS\System32\btxiai.exe
O4 - HKLM\..\Run: [yvvxz] C:\WINDOWS\System32\lohyturj.exe
O4 - HKLM\..\Run: [yslnqw] C:\WINDOWS\System32\ylxc.exe
O4 - HKLM\..\Run: [yifnuus] C:\WINDOWS\System32\vrwjqzc.exe
O4 - HKLM\..\Run: [xoll] C:\WINDOWS\System32\hnjs.exe
O4 - HKLM\..\Run: [vvmlayro] C:\WINDOWS\System32\jlxilsjf.exe
O4 - HKLM\..\Run: [vhyhwt] C:\WINDOWS\System32\xfkl.exe
O4 - HKLM\..\Run: [uvdimaz] C:\WINDOWS\System32\viainq.exe
O4 - HKLM\..\Run: [sqgj] C:\WINDOWS\System32\fgiyja.exe
O4 - HKLM\..\Run: [rziejjqc] C:\WINDOWS\System32\nrssmf.exe
O4 - HKLM\..\Run: [qjdddexf] C:\WINDOWS\System32\ecmrd.exe
O4 - HKLM\..\Run: [qaux] C:\WINDOWS\System32\efpixaju.exe
O4 - HKLM\..\Run: [pvlrnq] C:\WINDOWS\System32\uzhycwf.exe
O4 - HKLM\..\Run: [pdogolx] C:\WINDOWS\System32\cmjiespm.exe
O4 - HKLM\..\Run: [ognahfc] C:\WINDOWS\System32\wqmjumc.exe
O4 - HKLM\..\Run: [nkgen] C:\WINDOWS\System32\qvznisvy.exe
O4 - HKLM\..\Run: [nbocxx] C:\WINDOWS\System32\comgcd.exe
O4 - HKLM\..\Run: [lanqnei] C:\WINDOWS\System32\wasmrjn.exe
O4 - HKLM\..\Run: [jypm] C:\WINDOWS\System32\uzqpumt.exe
O4 - HKLM\..\Run: [jbqo] C:\WINDOWS\System32\dseppmez.exe
O4 - HKLM\..\Run: [higmya] C:\WINDOWS\System32\qnfpvd.exe
O4 - HKLM\..\Run: [evot] C:\WINDOWS\System32\kfuo.exe
O4 - HKLM\..\Run: [EPAKUCMZ] C:\WINDOWS\EPAKUCMZ.exe
O4 - HKLM\..\Run: [ekkhl] C:\WINDOWS\System32\rkexd.exe
O4 - HKLM\..\Run: [dvxao] C:\WINDOWS\System32\eyokph.exe
O4 - HKLM\..\Run: [cmzqchn] C:\WINDOWS\System32\drumu.exe
O4 - HKLM\..\Run: [buhvopu] C:\WINDOWS\System32\rjrj.exe
O4 - HKLM\..\Run: [atvclo] C:\WINDOWS\System32\bxegjk.exe
O4 - HKLM\..\Run: [aorlcr] C:\WINDOWS\System32\lvds.exe
O4 - HKLM\..\Run: [xirygdo] C:\WINDOWS\System32\xcrmy.exe
O4 - HKLM\..\Run: [dtoqvb] C:\WINDOWS\System32\kzcxzo.exe
O4 - HKLM\..\Run: [kwxmwhzt] C:\WINDOWS\System32\ioihehh.exe
O4 - HKLM\..\Run: [mgepqyn] C:\WINDOWS\System32\tqosez.exe
O4 - HKLM\..\Run: [scoun] C:\WINDOWS\System32\dktl.exe
O4 - HKLM\..\Run: [ljedmpx] C:\WINDOWS\System32\zppmavij.exe
O4 - HKLM\..\Run: [psmzjtgm] C:\WINDOWS\System32\emtvmno.exe
O4 - HKLM\..\Run: [xfogec] C:\WINDOWS\System32\rmrn.exe
O4 - HKLM\..\Run: [slwscjd] C:\WINDOWS\System32\yeubvtw.exe
O4 - HKLM\..\Run: [hggt] C:\WINDOWS\System32\byamo.exe
O4 - HKLM\..\Run: [kfeqncwj] C:\WINDOWS\System32\cqnbed.exe
O4 - HKLM\..\Run: [wwea] C:\WINDOWS\System32\nktu.exe
O4 - HKLM\..\Run: [uaeprt] C:\WINDOWS\System32\pmymfohg.exe
O4 - HKLM\..\Run: [nhpgwn] C:\WINDOWS\System32\fkli.exe
O4 - HKLM\..\Run: [fluvgexr] C:\WINDOWS\System32\ehsz.exe
O4 - HKLM\..\Run: [rowc] C:\WINDOWS\System32\ojfspxd.exe
O4 - HKLM\..\Run: [qyqt] C:\WINDOWS\System32\duojvl.exe
O4 - HKLM\..\Run: [hahdnnbe] C:\WINDOWS\System32\ynttlxl.exe
O4 - HKLM\..\Run: [oyhvjgb] C:\WINDOWS\System32\rqhmixf.exe
O4 - HKLM\..\Run: [ibry] C:\WINDOWS\System32\emrp.exe
O4 - HKLM\..\Run: [kulovhg] C:\WINDOWS\System32\lfuenws.exe
O4 - HKLM\..\Run: [csvi] C:\WINDOWS\System32\iocf.exe
O4 - HKLM\..\Run: [werljwcb] C:\WINDOWS\System32\sihyuud.exe
O4 - HKLM\..\Run: [fillvi] C:\WINDOWS\System32\absmxi.exe
O4 - HKLM\..\Run: [pwukyp] C:\WINDOWS\System32\ftluth.exe
O4 - HKLM\..\Run: [eusm] C:\WINDOWS\System32\cjjxwk.exe
O4 - HKLM\..\Run: [bkror] C:\WINDOWS\System32\ziytyo.exe
O4 - HKLM\..\Run: [hokygedy] C:\WINDOWS\System32\smbatrsx.exe
O4 - HKLM\..\Run: [cosl] C:\WINDOWS\System32\eild.exe
O4 - HKLM\..\Run: [onnilx] C:\WINDOWS\System32\reeooe.exe
O4 - HKLM\..\Run: [ksil] C:\WINDOWS\System32\lykjakp.exe
O4 - HKLM\..\Run: [nldmisvq] C:\WINDOWS\System32\yuum.exe
O4 - HKLM\..\Run: [qvmobnbe] C:\WINDOWS\System32\dewwym.exe
O4 - HKLM\..\Run: [quaff] C:\WINDOWS\System32\bavknxu.exe
O4 - HKLM\..\Run: [fmecs] C:\WINDOWS\System32\duado.exe
O4 - HKLM\..\Run: [fcny] C:\WINDOWS\system32\etdiaeyt.exe
O4 - HKLM\..\Run: [mfmwld] C:\WINDOWS\system32\qolvvnt.exe
O4 - HKLM\..\Run: [yzbrpx] C:\WINDOWS\system32\lvhmrl.exe
O4 - HKLM\..\Run: [cdxsz] C:\WINDOWS\system32\lcvc.exe
O4 - HKLM\..\Run: [scpn] C:\WINDOWS\system32\yyffon.exe
O4 - HKLM\..\Run: [sqrkm] C:\WINDOWS\system32\gcbb.exe
O4 - HKLM\..\Run: [yuxxr] C:\WINDOWS\system32\reotulj.exe
O4 - HKLM\..\Run: [mmcpc] C:\WINDOWS\system32\tzumvv.exe
O4 - HKLM\..\Run: [rmcllw] C:\WINDOWS\system32\qpkjojo.exe
O4 - HKLM\..\Run: [bfsdtdot] C:\WINDOWS\system32\zixp.exe
O4 - HKLM\..\Run: [hcchpc] C:\WINDOWS\system32\jvgwu.exe
O4 - HKLM\..\Run: [nzafrzsm] C:\WINDOWS\system32\gmesx.exe
O4 - HKLM\..\Run: [yjitnzpo] C:\WINDOWS\system32\wrjnb.exe
O4 - HKLM\..\Run: [xjxdv] C:\WINDOWS\system32\bakxyavo.exe
O4 - HKLM\..\Run: [jlvhkyic] C:\WINDOWS\system32\imrs.exe
O4 - HKLM\..\Run: [tkqslnld] C:\WINDOWS\system32\stfzcpb.exe
O4 - HKLM\..\Run: [xedjiazy] C:\WINDOWS\system32\axmuayra.exe
O4 - HKLM\..\Run: [lnevivd] C:\WINDOWS\system32\mzqs.exe
O4 - HKLM\..\Run: [ruhb] C:\WINDOWS\system32\jbcdz.exe
O4 - HKLM\..\Run: [jjhu] C:\WINDOWS\system32\uvhnarcv.exe
O4 - HKLM\..\Run: [pjrbmwx] C:\WINDOWS\system32\exngbc.exe
O4 - HKLM\..\Run: [dbilfcn] C:\WINDOWS\system32\crrwrm.exe
O4 - HKLM\..\Run: [bxxldia] C:\WINDOWS\system32\mmhumac.exe
O4 - HKLM\..\Run: [ppfp] C:\WINDOWS\system32\xgmnns.exe
O4 - HKLM\..\Run: [pvfpe] C:\WINDOWS\system32\yiof.exe
O4 - HKLM\..\Run: [uccrx] C:\WINDOWS\system32\meyw.exe
O4 - HKLM\..\Run: [zzclhljl] C:\WINDOWS\system32\awrqnv.exe
O4 - HKLM\..\Run: [msnagi] C:\WINDOWS\system32\ffsa.exe
O4 - HKLM\..\Run: [piifi] C:\WINDOWS\system32\edhclkj.exe
O4 - HKLM\..\Run: [nvvlctcp] C:\WINDOWS\system32\ktecs.exe
O4 - HKLM\..\Run: [fbmkpjck] C:\WINDOWS\system32\xpootvj.exe
O4 - HKLM\..\Run: [btxqebk] C:\WINDOWS\system32\rekfqu.exe
O4 - HKLM\..\Run: [myjiklf] C:\WINDOWS\system32\vutpowse.exe
O4 - HKLM\..\Run: [jdculql] C:\WINDOWS\system32\pbpgsvnq.exe
O4 - HKLM\..\Run: [vmnz] C:\WINDOWS\system32\utiqpu.exe
O4 - HKLM\..\Run: [jsifdcxm] C:\WINDOWS\system32\vxwo.exe
O4 - HKLM\..\Run: [lukp] C:\WINDOWS\system32\gakziulb.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\system32\lejqc.exe
C:\WINDOWS\system32\ykpdyd.exe

Oh..Happy New Year.
__________________
An Australian Member of



Eddy
Last edited by Pancake : 12-31-2004 at 08:16 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82