Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJackThis log, please help!

Started by Banshee , Mar 07 2005 10:13 AM

  • This topic is locked This topic is locked

#1
Banshee
Posted 07 March 2005 - 10:13 AM

Banshee

    Member

  • Member
  • PipPip
  • 23 posts
I've been lurking for a while. Great site! Great help!

I've been trying to clean a friend's computer, without a lot of luck. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 9:21:57 AM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ipujt\Jyacngh.exe
C:\Program Files\Raajrtc\Xramr.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\winupdt.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\msexploren.exe
C:\WINDOWS\system32\dx3beros.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system\gufkdxub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\windaek32.exe
C:\WINDOWS\system32\rcpptext.exe
C:\WINDOWS\system32\sca2cenu.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.42.87.219/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: (no name) - {075C7F25-A32C-4B58-B523-16E26EAA9BD6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {14313491-179E-4D53-BCAB-9254A61B6DA6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C0506B8-345E-4FFB-9233-2D8188B8A14D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C255940-0152-4EBA-901B-72CBD41F6451} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {3FED5ACE-5DD2-4F15-95BC-45B808D77CE2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: (no name) - {51CFB6EF-9DAB-4E82-9CB2-60B06228494D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5794E4D2-3A7C-4024-9677-6E843E0C7F2A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {60B5A625-FF9D-4DB1-A291-DC367AC890B5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {6460B876-0F6B-47C2-9A98-ECB87776928F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {7BB4AD32-2E12-4B38-BAB3-4326E4E67A25} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9868DFEE-530E-4646-AC16-F9C420647A12} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9ACF7BC0-F838-4E3E-BE40-41610B99E1C2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9B54589D-E74D-4E4C-9C3B-030D8A76E9E3} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9F1F1755-8FFE-42A2-B43B-5AF09D92AEA5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {A0B92F24-C92C-4CCD-B762-C6F0F53A515C} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {D703AA50-42D9-441A-9C32-49A543F7D11B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {E1693175-A166-4DF6-AF2C-ECB91F068EB4} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O2 - BHO: (no name) - {F89E87D3-CC14-4853-8C48-D4D5EEFF7031} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Vlfpl] C:\Program Files\Ipujt\Jyacngh.exe
O4 - HKLM\..\Run: [Bkbstvya] C:\Program Files\Raajrtc\Xramr.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteowt32.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements

#2
Banshee
Posted 07 March 2005 - 01:43 PM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Let me know if I need to post additional information. Thanks!
  • 0

#3
Banshee
Posted 07 March 2005 - 02:30 PM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
His system is down to a crawl now. Any ideas?
  • 0

#4
Banshee
Posted 07 March 2005 - 10:37 PM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
After some more work on my own this is where I am now. Any ideas on what else should be done?

Logfile of HijackThis v1.99.1
Scan saved at 10:34:18 PM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\windows\system32\arrsaa.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\isrvs\desktop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system\gufkdxub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\rcpptext.exe
C:\windows\system32\calc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vick Valentine\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: (no name) - {023580B5-C620-4433-B770-45845E6FA3C5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {075C7F25-A32C-4B58-B523-16E26EAA9BD6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {0CC4EB16-21BB-4083-A5F0-785E770ACB5B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {14313491-179E-4D53-BCAB-9254A61B6DA6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {1F208024-33BE-43D7-A00F-44E69873A48F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C0506B8-345E-4FFB-9233-2D8188B8A14D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C255940-0152-4EBA-901B-72CBD41F6451} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {3FED5ACE-5DD2-4F15-95BC-45B808D77CE2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {4A550DB3-CCD5-4030-8DE2-E4B47F9FF237} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: (no name) - {51CFB6EF-9DAB-4E82-9CB2-60B06228494D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5794E4D2-3A7C-4024-9677-6E843E0C7F2A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {60B5A625-FF9D-4DB1-A291-DC367AC890B5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {6460B876-0F6B-47C2-9A98-ECB87776928F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {7BB4AD32-2E12-4B38-BAB3-4326E4E67A25} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9868DFEE-530E-4646-AC16-F9C420647A12} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9ACF7BC0-F838-4E3E-BE40-41610B99E1C2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9B54589D-E74D-4E4C-9C3B-030D8A76E9E3} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9F1F1755-8FFE-42A2-B43B-5AF09D92AEA5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {A0B92F24-C92C-4CCD-B762-C6F0F53A515C} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0856176-F982-41FF-B356-137B82B2AD9A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {D703AA50-42D9-441A-9C32-49A543F7D11B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {E1693175-A166-4DF6-AF2C-ECB91F068EB4} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O2 - BHO: (no name) - {F89E87D3-CC14-4853-8C48-D4D5EEFF7031} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [4s2h3EO] dx3beros.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#5
Banshee
Posted 08 March 2005 - 08:01 AM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
O.K., what... you guys got me on the ignore list or what?
  • 0

#6
Banshee
Posted 08 March 2005 - 11:13 AM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I got a lot of popups and spyware cleaned out... IExplorer is running slow though.

What else should I do???

What is this O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll about?




Logfile of HijackThis v1.99.1
Scan saved at 11:08:55 AM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\windows\system32\arrsaa.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system\gufkdxub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rcpptext.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vick Valentine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {023580B5-C620-4433-B770-45845E6FA3C5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {075C7F25-A32C-4B58-B523-16E26EAA9BD6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {0CC4EB16-21BB-4083-A5F0-785E770ACB5B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {14313491-179E-4D53-BCAB-9254A61B6DA6} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {1F208024-33BE-43D7-A00F-44E69873A48F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C0506B8-345E-4FFB-9233-2D8188B8A14D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {2C255940-0152-4EBA-901B-72CBD41F6451} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {3FED5ACE-5DD2-4F15-95BC-45B808D77CE2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {4A550DB3-CCD5-4030-8DE2-E4B47F9FF237} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {51CFB6EF-9DAB-4E82-9CB2-60B06228494D} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5794E4D2-3A7C-4024-9677-6E843E0C7F2A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {57BB33ED-F2E3-4AEA-89FE-0AF5BA637448} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {60B5A625-FF9D-4DB1-A291-DC367AC890B5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {635A0BCF-8A06-4BF8-8A70-555848E3D6A8} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {6460B876-0F6B-47C2-9A98-ECB87776928F} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {7B800BFE-C8B6-42AC-B2D4-F8BA556CFFD4} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {7BB4AD32-2E12-4B38-BAB3-4326E4E67A25} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {951D95A1-5565-4B4C-8764-5FD921277272} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9868DFEE-530E-4646-AC16-F9C420647A12} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9ACF7BC0-F838-4E3E-BE40-41610B99E1C2} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9B54589D-E74D-4E4C-9C3B-030D8A76E9E3} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {9F1F1755-8FFE-42A2-B43B-5AF09D92AEA5} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {A0B92F24-C92C-4CCD-B762-C6F0F53A515C} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ABC5CF62-CD7E-4D19-8433-6AAE774B4C92} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {B0856176-F982-41FF-B356-137B82B2AD9A} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {D46D744E-987D-4C79-9738-52A2594B2B93} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {D703AA50-42D9-441A-9C32-49A543F7D11B} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {E1693175-A166-4DF6-AF2C-ECB91F068EB4} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: (no name) - {E345B4DA-C8AE-4786-A4A4-4F80E5A8FE75} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O2 - BHO: (no name) - {F89E87D3-CC14-4853-8C48-D4D5EEFF7031} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [4s2h3EO] dx3beros.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#7
Banshee
Posted 08 March 2005 - 11:27 AM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Whatever "O2 - BHO: (no name) - {5FEE1DD8-6B88-4C52-93E8-984B6F858822} - C:\Program Files\m0o8dsgj\m0o8dsgj.dll" is it's gone now!
  • 0

#8
Banshee
Posted 08 March 2005 - 11:33 AM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:27:49 AM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\windows\system32\arrsaa.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system\gufkdxub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\rcpptext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vick Valentine\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [4s2h3EO] dx3beros.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#9
Michelle
Posted 08 March 2005 - 12:14 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Banshee,
Please move HiJackThis to a permanent folder (i.e. C:\HJT) This ensures backups are saved and accessible.

Please follow all of the recomendations here

I assure you that you are not on an ignore list! A lot of people with a bunch of problems and not enough staff members to go around. Someone will be along to help you out ASAP! Also, be very careful "fixing" items with HiJackThis, especially when you do not know what the entries are. We want to make your system better, not worse if something gets deleted by accident that shouldn't have! :tazz:

Michelle
  • 0

#10
Guest_thatman_*
Posted 11 March 2005 - 05:33 AM

Guest_thatman_*
  • Guest
Hi Banshee

Please use task manager to kill the following Processes
C:\WINDOWS\system32\vxuxc.dll
c:\windows\system32\arrsaa.exe
C:\WINDOWS\system32\vxuxcc.exe
C:\Program Files\m0o8dsgj\m0o8dsgj.exe
dx3beros.exe
C:\WINDOWS\system32\sysmonnt
rcpptext.exe


Copy and paste this document and save it to your desktop. Or if you have a printer you can print these instructions.

Be sure you're able to view hidden files,


Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items.

O2 - BHO: SDWin32 Class - {EAE3E1CD-0711-4840-9BC1-7555FD700EBE} - C:\WINDOWS\system32\vxuxc.dll
O4 - HKLM\..\Run: [arrsaa] c:\windows\system32\arrsaa.exe
O4 - HKLM\..\Run: [vxuxcc] C:\WINDOWS\system32\vxuxcc.exe
O4 - HKLM\..\Run: [m0o8dsgj] C:\Program Files\m0o8dsgj\m0o8dsgj.exe
O4 - HKLM\..\Run: [4s2h3EO] dx3beros.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [LBtnROitO] rcpptext.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0008.exe

Then click fix checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Please use windows explorer to find the following Files and Folders.

C:\WINDOWS\system32\vxuxc.dll<--Delete this file
c:\windows\system32\arrsaa.exe<--Delete this file
C:\WINDOWS\system32\vxuxcc.exe<--Delete this file
C:\Program Files\m0o8dsgj\m0o8dsgj.exe<--Delete the whole folder
dx3beros.exe<--Delete this file
C:\WINDOWS\system32\sysmonnt<--Delete this file
[b]rcpptext.exe<--Delete this file

Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. ;)

Sorry for the delay in getting to you

kc :tazz:
  • 0

#11
Banshee
Posted 11 March 2005 - 11:10 AM

Banshee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I had to give back the computer a couple days ago. I'll get on it again asap. Thanks for the input!
  • 0

#12
Guest_thatman_*
Posted 10 April 2005 - 07:28 AM

Guest_thatman_*
  • Guest
This topic is now closed

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP