Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hyjackthis log

Started by Inthefairway , Apr 09 2005 01:18 PM

  • This topic is locked This topic is locked

#1
Inthefairway
Posted 09 April 2005 - 01:18 PM

Inthefairway

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:23:29 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\2Wire\2PortalMon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\odkdnhw\opnagmv.exe
C:\WINDOWS\system32\neydhj\xfud.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\abasa5jrp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\xqanxgu.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\DOCUME~1\Chris\LOCALS~1\Temp\hygmndj.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\SYSTEM32\FREECELL.EXE
C:\WINDOWS\system32\ttyl\nynvti.exe
C:\WINDOWS\system32\chbyvvbv\okydcw.exe
C:\WINDOWS\system32\sowrsbd\vsagas.exe
C:\WINDOWS\system32\vvsmdfgo\shmao.exe
C:\WINDOWS\system32\gjmpxiyj\kusax.exe
C:\WINDOWS\system32\jfscqh\sgonvi.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\rtneg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vrkhfphp] C:\WINDOWS\system32\tnkhsfu\vrkhfphp.exe
O4 - HKLM\..\Run: [mdxpqvm] C:\WINDOWS\system32\flml\mdxpqvm.exe
O4 - HKLM\..\Run: [gqqti] C:\WINDOWS\system32\iboayl\gqqti.exe
O4 - HKLM\..\Run: [lidmh] C:\WINDOWS\system32\pqbdg\lidmh.exe
O4 - HKLM\..\Run: [wvpyiqe] C:\WINDOWS\system32\swcbgxer\wvpyiqe.exe
O4 - HKLM\..\Run: [kiec] C:\WINDOWS\system32\lawjwr\kiec.exe
O4 - HKLM\..\Run: [nnveevqj] C:\WINDOWS\system32\biqv\nnveevqj.exe
O4 - HKLM\..\Run: [gcrm] C:\WINDOWS\system32\otydsqq\gcrm.exe
O4 - HKLM\..\Run: [xslgjhuk] C:\WINDOWS\system32\bbwu\xslgjhuk.exe
O4 - HKLM\..\Run: [wtymg] C:\WINDOWS\system32\pyke\wtymg.exe
O4 - HKLM\..\Run: [ycyf] C:\WINDOWS\system32\kndbhc\ycyf.exe
O4 - HKLM\..\Run: [hnfwb] C:\WINDOWS\system32\kxvdi\hnfwb.exe
O4 - HKLM\..\Run: [t77g34W] nqcecr40.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\Chris\LOCALS~1\Temp\hygmndj.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [rvvjheom] C:\WINDOWS\system32\imavm\rvvjheom.exe
O4 - HKLM\..\Run: [xfud] C:\WINDOWS\system32\neydhj\xfud.exe
O4 - HKLM\..\Run: [wahbis] C:\WINDOWS\system32\bayjqyhq\wahbis.exe
O4 - HKLM\..\Run: [wrtfmn] C:\WINDOWS\system32\sqle\wrtfmn.exe
O4 - HKLM\..\Run: [lhevmg] C:\WINDOWS\system32\nljci\lhevmg.exe
O4 - HKLM\..\Run: [kakfqd] C:\WINDOWS\system32\mtyr\kakfqd.exe
O4 - HKLM\..\Run: [opnagmv] C:\WINDOWS\system32\odkdnhw\opnagmv.exe
O4 - HKLM\..\Run: [yajqa] C:\WINDOWS\system32\ihci\yajqa.exe
O4 - HKLM\..\Run: [wahevjx] C:\WINDOWS\system32\nqpm\wahevjx.exe
O4 - HKLM\..\Run: [wmsvc] C:\WINDOWS\system32\hwvua\wmsvc.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteghj32.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\tqrignsj.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\system32\abasa5jrp.exe
O4 - HKLM\..\Run: [rhlkkk] C:\WINDOWS\system32\ioowiqp\rhlkkk.exe
O4 - HKLM\..\Run: [bdaven] C:\WINDOWS\system32\kkdwtq\bdaven.exe
O4 - HKLM\..\Run: [kwoxnm] c:\windows\system32\xqanxgu.exe
O4 - HKLM\..\Run: [nynvti] C:\WINDOWS\system32\ttyl\nynvti.exe
O4 - HKLM\..\Run: [okydcw] C:\WINDOWS\system32\chbyvvbv\okydcw.exe
O4 - HKLM\..\Run: [vsagas] C:\WINDOWS\system32\sowrsbd\vsagas.exe
O4 - HKLM\..\Run: [shmao] C:\WINDOWS\system32\vvsmdfgo\shmao.exe
O4 - HKLM\..\Run: [kusax] C:\WINDOWS\system32\gjmpxiyj\kusax.exe
O4 - HKLM\..\Run: [sgonvi] C:\WINDOWS\system32\jfscqh\sgonvi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: bdavenkkdwtq - Unknown owner - C:\WINDOWS\system32\kkdwtq\bdaven.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: gqqtiiboayl - Unknown owner - C:\WINDOWS\system32\iboayl\gqqti.exe (file missing)
O23 - Service: hnfwbkxvdi - Unknown owner - C:\WINDOWS\system32\kxvdi\hnfwb.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kakfqdmtyr - Unknown owner - C:\WINDOWS\system32\mtyr\kakfqd.exe (file missing)
O23 - Service: mdxpqvmflml - Unknown owner - C:\WINDOWS\system32\flml\mdxpqvm.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: rhlkkkioowiqp - Unknown owner - C:\WINDOWS\system32\ioowiqp\rhlkkk.exe
O23 - Service: rvvjheomimavm - Unknown owner - C:\WINDOWS\system32\imavm\rvvjheom.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: shmaovvsmdfgo - Unknown owner - C:\WINDOWS\system32\vvsmdfgo\shmao.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: vsagassowrsbd - Unknown owner - C:\WINDOWS\system32\sowrsbd\vsagas.exe
O23 - Service: wahevjxnqpm - Unknown owner - C:\WINDOWS\system32\nqpm\wahevjx.exe
O23 - Service: wtymgpyke - Unknown owner - C:\WINDOWS\system32\pyke\wtymg.exe

Please advise me as to what to keep and what to get rid of and how to get rid of it.

Thanks,

Inthefairway
  • 0

Advertisements

#2
greyknight17
Posted 25 December 2005 - 01:25 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Topic closed due to inactivity...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP