Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Malware Nightmare

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
Could someone please help me. I have malware on my pc and all i've been doing for a week is deleteing malware files which return. I've done your Required steps before posting your log. I hope you can help thanks nalby

Logfile of HijackThis v1.99.1
Scan saved at 5:26:52 PM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Naviscope\naviscope.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jim\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - blank (file missing)
O2 - BHO: (no name) - {3AFC7AC1-BE39-2E77-967C-23D13A39D0F3} - C:\WINDOWS\system32\nbfbfgqf\taegdjql.dll
O2 - BHO: (no name) - {51753D79-D432-BED8-DC53-4B509CABD22B} - C:\WINDOWS\system32\gxaqxvaq\ruhsrnth.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D4E79D32-A2D1-A6CA-F283-13F7BA8E3445} - C:\WINDOWS\system32\xgsgispj\hjrychbu.dll
O2 - BHO: (no name) - {D4EB5E74-D782-BD1A-C70B-8D2636C0D93C} - C:\WINDOWS\system32\qviwfpsl\tcnehwyx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pncse] C:\WINDOWS\system32\knlx\pncse.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [lbdpmf] C:\WINDOWS\system32\bmif\lbdpmf.exe
O4 - HKLM\..\Run: [shunxati] C:\WINDOWS\system32\tmrwb\shunxati.exe
O4 - HKLM\..\Run: [fviba] C:\WINDOWS\system32\dlsx\fviba.exe
O4 - HKLM\..\Run: [ljgfei] C:\WINDOWS\system32\xjqsp\ljgfei.exe
O4 - HKLM\..\Run: [occjgrjf] C:\WINDOWS\system32\dorvuq\occjgrjf.exe
O4 - HKLM\..\Run: [ovrhfq] C:\WINDOWS\system32\janbk\ovrhfq.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitetcd32.exe
O4 - HKLM\..\Run: [advjsklv] C:\WINDOWS\system32\lryfteks\advjsklv.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [srrt] C:\WINDOWS\system32\ejylt\srrt.exe
O4 - HKLM\..\Run: [eehj] C:\WINDOWS\system32\tcvvo\eehj.exe
O4 - HKLM\..\Run: [diptid] C:\WINDOWS\system32\ggvffld\diptid.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\Jim\LOCALS~1\Temp\bhay.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\oact.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [b0ttRRa2j] ieporee.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\DOCUME~1\Jim\LOCALS~1\Temp\qfwluwi.exe
O4 - Startup: naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe
O4 - Startup: Registration Brothers In Arms.LNK = G:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103489123795
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: agwmyoblwmwi - Unknown owner - C:\WINDOWS\system32\wmwi\agwmyobl.exe (file missing)
O23 - Service: allaaaftrqqat - Unknown owner - C:\WINDOWS\system32\aftrqqat\allaa.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cgpvikrobhbald - Unknown owner - C:\WINDOWS\system32\bhbald\cgpvikro.exe
O23 - Service: diptidggvffld - Unknown owner - C:\WINDOWS\system32\ggvffld\diptid.exe
O23 - Service: erunrxdvghrcjmi - Unknown owner - C:\WINDOWS\system32\vghrcjmi\erunrxd.exe
O23 - Service: hpnitujr - Unknown owner - C:\WINDOWS\system32\tujr\hpni.exe
O23 - Service: iawodohumixkx - Unknown owner - C:\WINDOWS\system32\umixkx\iawodoh.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: occjgrjfdorvuq - Unknown owner - C:\WINDOWS\system32\dorvuq\occjgrjf.exe
O23 - Service: ovqvofmfyvydvd - Unknown owner - C:\WINDOWS\system32\yvydvd\ovqvofmf.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: qwgagqlpdk - Unknown owner - C:\WINDOWS\system32\lpdk\qwgagq.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: srrtejylt - Unknown owner - C:\WINDOWS\system32\ejylt\srrt.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wsfqvupuxtcq - Unknown owner - C:\WINDOWS\system32\upuxtcq\wsfqv.exe
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP