Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need to know what to remove and what's safe to keep!


  • Please log in to reply

#1
helpme!!!

helpme!!!

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:47:31 PM, on

10/3/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common

Files\iS3\Anti-Spyware\SZServer.e

xe
C:\WINDOWS\system32\ZoneLabs\vsmo

n.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\STOPzilla!\STOPzilla.exe
C:\Program

Files\Lavasoft\Ad-Aware

2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceServ

ice.exe
C:\Program

Files\Backup995\res\ntservice.exe
C:\WINDOWS\system32\DRIVERS\CDANT

SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend

Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend

Micro\AntiVirus

2007\Components\tmproxy.exe
C:\WINDOWS\System32\wbem\aolserve

r.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wkservice.exe
C:\Program Files\Trend

Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\cihwboz.exe
C:\Program Files\Impact Software

LLC\iSync 2.1\NoticeP.exe
C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program

Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program

Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy

Sweeper\SSU.EXE
C:\Program

Files\Hijackthis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?L

inkId=54896
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.charter.net/
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?L

inkId=69157
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL

=

http://go.microsoft.com/fwlink/?L

inkId=54896
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr

?TYPE=3&tp=iesearch&locale=EN_US&

c=Q304&bd=pavilion&pf=desktop
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?L

inkId=54896
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?L

inkId=69157
R1 -

HKCU\Software\Microsoft\Windows\C

urrentVersion\Internet

Settings,ProxyOverride =

localhost
O2 - BHO: Adobe PDF Reader Link

Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6B

E0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroI

EHelper.dll
O2 - BHO: ZILLAbar BHO -

{1827766B-9F49-4854-8034-F6EE26FC

B1EC} - C:\Program

Files\STOPzilla!\ZB2.dll (file

missing)
O2 - BHO: Spybot-S&D IE

Protection -

{53707962-6F74-2D53-2644-206D7942

484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator

Helper -

{69A87B7D-DE56-4136-9655-716BA50C

19C7} - (no file)
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D9

2D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dl

l
O2 - BHO: Me.dium IE Add-on -

{D5E5C1E6-78DB-49F0-A137-8D594F34

2FD6} - "C:\Program

Files\Me.dium\Me.dium IE

Add-on\MediumIEAddOn.dll" (file

missing)
O2 - BHO: STOPzilla Browser

Helper Object -

{E3215F20-3212-11D6-9F8B-00D0B743

919D} - C:\Program

Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view -

{B2847E28-5D7D-4DEB-8B67-05D28BCF

79F5} - c:\program

files\hp\digital

imaging\bin\hpdtlk02.dll
O3 - Toolbar: Google Web

Accelerator -

{DB87BFA2-A2E3-451E-8E5A-C89982D8

7CBF} - (no file)
O3 - Toolbar: STOPzilla -

{98828DED-A591-462F-83BA-D2F62A68

B8B8} - C:\Program

Files\STOPzilla!\ZB2.dll (file

missing)
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon]

"RUNDLL32.EXE"

C:\WINDOWS\system32\NvCpl.dll,NvS

tartup
O4 - HKLM\..\Run: [Trend Micro

AntiVirus 2007] "C:\Program

Files\Trend Micro\AntiVirus

2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [NoticeP.exe]

"C:\Program Files\Impact Software

LLC\iSync 2.1\NoticeP.exe"
O4 - HKLM\..\Run: [Adobe Reader

Speed Launcher] "C:\Program

Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software

Update] "C:\Program Files\Hp\HP

Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD]

C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA

magicolor 2400W STD]

"C:\WINDOWS\system32\MSTMON_S.EXE

" STARTUP
O4 - HKLM\..\Run: [nwiz]

"nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter]

"RUNDLL32.EXE"

C:\WINDOWS\system32\NvMcTray.dll,

NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm

Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [eqt]

C:\WINDOWS\system32\eqt.exe
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [chothcnvta]

C:\WINDOWS\system32\chothcnvta.ex

e
O4 - HKLM\..\Run: [cihwboz]

C:\WINDOWS\system32\cihwboz.exe
O4 - HKLM\..\Run: [SpySweeper]

"C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe"

/startintray
O4 - HKLM\..\RunServices: [u]

C:\WINDOWS\system32\u.exe
O4 - HKLM\..\RunServices:

[wxechzzmsaqa]

C:\WINDOWS\system32\wxechzzmsaqa.

exe
O4 - HKLM\..\RunServices: [v]

C:\WINDOWS\system32\v.exe
O4 - HKLM\..\RunServices:

[snpzlp]

C:\WINDOWS\system32\snpzlp.exe
O4 - HKLM\..\RunServices:

[egbpcc]

C:\WINDOWS\system32\egbpcc.exe
O4 - HKLM\..\RunServices: [wy]

C:\WINDOWS\system32\wy.exe
O4 - HKLM\..\RunServices: [nen]

C:\WINDOWS\system32\nen.exe
O4 - HKLM\..\RunServices: [fx]

C:\WINDOWS\system32\fx.exe
O4 - HKLM\..\RunServices:

[eehymbxvlxgg]

C:\WINDOWS\system32\eehymbxvlxgg.

exe
O4 - HKLM\..\RunServices:

[mdtnsdge]

C:\WINDOWS\system32\mdtnsdge.exe
O4 - HKLM\..\RunServices: [eqt]

C:\WINDOWS\system32\eqt.exe
O4 - HKLM\..\RunServices:

[oiserqal]

C:\WINDOWS\system32\oiserqal.exe
O4 - HKLM\..\RunServices:

[wbiliduvt]

C:\WINDOWS\system32\wbiliduvt.exe
O4 - HKLM\..\RunServices:

[cihwboz]

C:\WINDOWS\system32\cihwboz.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD

TeaTimer] "C:\Program

Files\Spybot - Search &

Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [BackupNotify]

"c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe"
O4 - HKCU\..\RunOnce: [RWIP-UNB]

"C:\DOCUME~1\Owner\MYDOCU~1\RWCCl

eaB.exe"

"C:\PROGRA~1\R-WIPE~1\_RWIPE~2.EX

E"
O4 - HKCU\..\RunOnce: [RWIP-UN5]

"C:\DOCUME~1\Owner\MYDOCU~1\RWCCl

ea5.exe"

"C:\PROGRA~1\R-WIPE~1\RWIPEI~1.EX

E"
O6 -

HKCU\Software\Policies\Microsoft\

Internet Explorer\Restrictions

present
O6 -

HKCU\Software\Policies\Microsoft\

Internet Explorer\Control Panel

present
O6 -

HKCU\Software\Policies\Microsoft\

Internet

Explorer\Toolbars\Restrictions

present
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dl

l
O9 - Extra 'Tools' menuitem: Sun

Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dl

l
O9 - Extra button: Start or stop

sharing with Me.dium -

{47F8FF58-8C1E-4584-92CD-CE8B1FE1

AF44} - "C:\Program

Files\Me.dium\Me.dium IE

Add-on\MediumIEAddOn.dll" (file

missing)
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A

8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REF

IEBAR.DLL
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36F

D2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem:

Spybot - Search & Destroy

Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36F

D2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba3849

6583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba3849

6583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F79

5683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F79

5683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group:

[INTERNATIONAL] International*
O16 - DPF:

{00C0A1F2-D492-4DBA-A8E2-76CB1B79

1724} (TNPLDownloader Control) -

https://dtwx2.accuweather.com/tnp

l_awda/client/download/TNPLDownlo

ader.cab
O16 - DPF:

{0A706A23-DEF4-4C4B-B1F6-96AAB61F

2257} (TIExpertControl Object) -

https://techinline.net/Expert/TIE

Xpert.cab
O16 - DPF:

{17D667BA-5675-4AAB-9221-08B93793

84D4} (Image Uploader Control) -

http://cdnimg.piczo.com/images/up

loader/piczo_fast_uploader.cab
O16 - DPF:

{238F6F83-B8B4-11CF-8771-00A02454

1EE3} (Citrix ICA Client) -

http://a516.g.akamai.net/f/516/25

175/7d/runaware.download.akamai.c

om/25175/citrix/wficat-no-eula.ca

b
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA9

B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv

6/SharedContent/vc/bin/AvSniff.ca

b
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56

a2ab} (Installation Support) -

C:\Program

Files\Yahoo!\Common\Yinsthelper.d

ll
O16 - DPF:

{5D86DDB5-BDF9-441B-9E9E-D4730F4E

E499} -

http://download.bitdefender.com/r

esources/scan8/oscan8.cab
O16 - DPF:

{639658F3-B141-4D6B-B936-226F75A5

EAC3}

(CPlayFirstDinerDash2Control

Object) -

http://www.bigfishgames.com/onlin

e/dinerdash2restaura/DinerDash2.1

.0.0.48.cab
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162E

EEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv

6/SharedContent/common/bin/cabsa.

cab
O16 - DPF:

{77E32299-629F-43C6-AB77-6A1E6D76

63F6} (Groove Control) -

http://atv.disney.go.com/global/d

ownload/otoy/OTOYAX29b.cab
O16 - DPF:

{7E980B9B-8AE5-466A-B6D6-DA8CF814

E78A} (MJLauncherCtrl Class) -

http://www.bigfishgames.com/onlin

e/luxor2/mjolauncher.cab
O16 - DPF:

{81F0C919-AB0B-4F5C-932D-5CEEF058

79E9} (IITLoadCtrl Class) -

https://www.imoncall.com/go/iitlo

ader.cab
O16 - DPF:

{94EB57FE-2720-496C-B33F-D9353C6E

23F7} (F-Secure Online Scanner

2.1) -

http://www.charter.net/files/char

ter/securitysuite/fscax.cab
O16 - DPF:

{9522B3FB-7A2B-4646-8AF6-36E7F593

073C} -
O16 - DPF:

{B1E2B96C-12FE-45E2-BEF1-44A21911

3CDD} (SABScanProcesses Class) -

http://www.superadblocker.com/act

ivex/sabspx.cab
O16 - DPF:

{C02226EB-A5D7-4B1F-BD7E-635E46C2

288D} (Toontown Installer ActiveX

Control) -

http://a.download.toontown.com/sv

1.0.29.11/ttinst.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-44455354

0000} (Shockwave Flash Object) -

https://fpdownload.macromedia.com

/pub/shockwave/cabs/flash/swflash

.cab
O16 - DPF:

{D54160C3-DB7B-4534-9B65-190EE4A9

C7F7} (SproutLauncherCtrl Class)

-

http://game8.bigfishgames.com/Ree

f/en_feedingfrenzy/online/SproutL

auncher.cab
O16 - DPF:

{DC75FEF6-165D-4D25-A518-C8C4BDA7

BAA6} (CPlayFirstDinerDashControl

Object) -

http://www.bigfishgames.com/onlin

e/dinerdash/DinerDash.1.0.0.58.ca

b
O16 - DPF:

{DF780F87-FF2B-4DF8-92D0-73DB16A1

543A} (PopCapLoader Object) -

http://aolsvc.aol.com/onlinegames

/popzuma/popcaploader_v10.cab
O20 - Winlogon Notify:

!SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.d

ll
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier

-

C:\WINDOWS\SYSTEM32\WRLogonNTF.dl

l
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D52486

9DB5} -

C:\WINDOWS\system32\WPDShServiceO

bj.dll
O23 - Service: Ad-Aware 2007

Service (aawservice) - Lavasoft

AB - C:\Program

Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Apple Mobile

Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceServ

ice.exe
O23 - Service: Backup995

Automatic Backup - Unknown owner

- C:\Program

Files\Backup995\res\ntservice.exe
O23 - Service: C-DillaSrv -

C-Dilla Ltd -

C:\WINDOWS\system32\DRIVERS\CDANT

SRV.EXE
O23 - Service: Print Spooler

Service (dyyuiabokanz4) - Unknown

owner -

C:\WINDOWS\system32\cihwboz.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11\Int

el 32\IDriverT.exe
O23 - Service: iPod Service -

Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: STOPzilla Service

(szserver) - iS3, Inc. -

C:\Program Files\Common

Files\iS3\Anti-Spyware\SZServer.e

xe
O23 - Service: Trend Micro

AntiVirus Protection Service

(tavsvc) - Trend Micro Inc. -

C:\Program Files\Trend

Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy

Service (tmproxy) - Trend Micro

Inc. - C:\Program Files\Trend

Micro\AntiVirus

2007\Components\tmproxy.exe
O23 - Service: TrueVector

Internet Monitor (vsmon) - Zone

Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmo

n.exe
O23 - Service: AOL Authentication

Server (WBM-AOLSerV) - Unknown

owner -

C:\WINDOWS\System32\wbem\aolserve

r.exe
O23 - Service: Webroot Spy

Sweeper Engine

(WebrootSpySweeperService) -

Webroot Software, Inc. -

C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
O23 - Service: Windows Kernel

Service - Unknown owner -

C:\WINDOWS\system32\wkservice.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP