Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT Log - Need Help


  • Please log in to reply

#1
buzzb8

buzzb8

    New Member

  • Member
  • Pip
  • 1 posts
Please help with this log. I had to shutdown many of the 100+ processes that were running to be able to run AdAware and Spybot. The system is inundated with malware/spyware/adware. Sorry this log is so long, but I want to be sure of what to fix.

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:12 PM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\yjtjvzw.exe
C:\WINDOWS\System32\wamefspw\yxqq.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.searchwebzone.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}
- (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D}
- (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
- (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program
Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Ztpxfuer] C:\Program Files\Vhfuo\Rjedm.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ssdkpd.exe reg_run
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [njlrdll] C:\WINDOWS\njlrdll.EXE
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [gdsqws] C:\WINDOWS\System32\ubvwcx\gdsqws.exe
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\System32\testit.exe
O4 - HKLM\..\Run: [mmxp2passion.exe]
C:\WINDOWS\System32\mmxp2passion.exe
O4 - HKLM\..\Run: [mediapluscash.exe]
C:\WINDOWS\System32\mediapluscash.exe
O4 - HKLM\..\Run: [MediaGateway.exe]
C:\WINDOWS\System32\MediaGateway.exe
O4 - HKLM\..\Run: [cashfortool.exe] C:\WINDOWS\System32\cashfortool.exe
O4 - HKLM\..\Run: [cashplusmedia.exe]
C:\WINDOWS\System32\cashplusmedia.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\System32\adprot.exe
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [SSK3_B5.exew3.org]
C:\WINDOWS\System32\SSK3_B5.exew3.org
O4 - HKLM\..\Run: [adcomplusanalytic.exe]
C:\WINDOWS\System32\adcomplusanalytic.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program
Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [pi1_72.exe] C:\WINDOWS\System32\pi1_72.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [rxkcwnt] C:\WINDOWS\rxkcwnt.exe
O4 - HKLM\..\Run: [virD] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\System32\webnexus.exe
O4 - HKLM\..\Run: [silent_partos] C:\WINDOWS\System32\silent_partos.exe
O4 - HKLM\..\Run: [mmxp2passion] C:\WINDOWS\System32\mmxp2passion.exe
O4 - HKLM\..\Run: [MediaGateway] C:\WINDOWS\System32\MediaGateway.exe
O4 - HKLM\..\Run: [fnbp] C:\WINDOWS\System32\dfuqhmok\fnbp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [paxq] C:\WINDOWS\System32\jnmrlq\paxq.exe
O4 - HKLM\..\Run: [ovixf] C:\WINDOWS\System32\rsfqipw\ovixf.exe
O4 - HKLM\..\Run: [rfxj] C:\WINDOWS\System32\xqmr\rfxj.exe
O4 - HKLM\..\Run: [ebeovq] C:\WINDOWS\System32\pnra\ebeovq.exe
O4 - HKLM\..\Run: [tqaxpl] C:\WINDOWS\System32\trrmiayc\tqaxpl.exe
O4 - HKLM\..\Run: [memg] C:\WINDOWS\System32\unpxn\memg.exe
O4 - HKLM\..\Run: [ksgo] C:\WINDOWS\System32\hnju\ksgo.exe
O4 - HKLM\..\Run: [gnvtx] C:\WINDOWS\System32\hlhyqfn\gnvtx.exe
O4 - HKLM\..\Run: [ylambr] C:\WINDOWS\System32\ithgttu\ylambr.exe
O4 - HKLM\..\Run: [yxqq] C:\WINDOWS\System32\wamefspw\yxqq.exe
O4 - HKLM\..\Run: [vxsgla] C:\WINDOWS\System32\unrefvv.exe r
O4 - HKLM\..\Run: [wrapperouter.exe]
C:\WINDOWS\System32\wrapperouter.exe
O4 - HKLM\..\Run: [russandmmx.exe] C:\WINDOWS\System32\russandmmx.exe
O4 - HKLM\..\Run: [640x] C:\WINDOWS\System32\640x.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program
Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Z0rFROc8h] wowadm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common
Files\mc-58-12-0000105.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program
Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\System32\ichckupd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe
1
O4 - HKCU\..\Run: [wsnskp] c:\windows\system32\wsnskp.exe
O4 - HKCU\..\Run: [msnsp2] c:\windows\system32\msnsp2.exe
O4 - HKCU\..\Run: [phocom] c:\windows\system32\phocom.exe
O4 - HKCU\..\Run: [logepe] c:\windows\system32\logepe.exe
O4 - HKCU\..\Run: [ialeri] c:\windows\system32\ialeri.exe
O4 - HKCU\..\Run: [cloudsim] c:\windows\system32\cloudsim.exe
O4 - HKCU\..\Run: [dmlbbv] c:\windows\system32\dmlbbv.exe
O4 - HKCU\..\Run: [netrrt] c:\windows\system32\netrrt.exe
O4 - HKCU\..\Run: [dllsta] c:\windows\system32\dllsta.exe
O4 - HKCU\..\Run: [msnmpa] c:\windows\system32\msnmpa.exe
O4 - HKCU\..\Run: [tcpsld] c:\windows\system32\tcpsld.exe
O4 - HKCU\..\Run: [shifxc] C:\windows\system32\shifxc.exe
O4 - HKCU\..\Run: [jgmnfj] C:\windows\system32\jgmnfj.exe
O4 - HKCU\..\Run: [netls3] c:\windows\system32\netls3.exe
O4 - HKCU\..\Run: [ntmlmo] c:\windows\system32\ntmlmo.exe
O4 - HKCU\..\Run: [xpssap] c:\windows\system32\xpssap.exe
O4 - HKCU\..\Run: [odbcrt] c:\windows\system32\odbcrt.exe
O4 - HKCU\..\Run: [rdpdcz] c:\windows\system32\rdpdcz.exe
O4 - HKCU\..\Run: [rdsmms] c:\windows\system32\rdsmms.exe
O4 - HKCU\..\Run: [fxspah] c:\windows\system32\fxspah.exe
O4 - HKCU\..\Run: [rasc_3] c:\windows\system32\rasc_3.exe
O4 - HKCU\..\Run: [pcdwin] c:\windows\system32\pcdwin.exe
O4 - HKCU\..\Run: [raskvi] c:\windows\system32\raskvi.exe
O4 - HKCU\..\Run: [advdvo] c:\windows\system32\advdvo.exe
O4 - HKCU\..\Run: [raspcx] c:\windows\system32\raspcx.exe
O4 - HKCU\..\Run: [hcctks] c:\windows\system32\hcctks.exe
O4 - HKCU\..\RunOnce: [cloudsim] c:\windows\system32\cloudsim.exe
O4 - HKCU\..\RunOnce: [ialeri] c:\windows\system32\ialeri.exe
O4 - HKCU\..\RunOnce: [dmlbbv] c:\windows\system32\dmlbbv.exe
O4 - HKCU\..\RunOnce: [netrrt] c:\windows\system32\netrrt.exe
O4 - HKCU\..\RunOnce: [dllsta] c:\windows\system32\dllsta.exe
O4 - HKCU\..\RunOnce: [tcpsld] c:\windows\system32\tcpsld.exe
O4 - HKCU\..\RunOnce: [shifxc] C:\windows\system32\shifxc.exe
O4 - HKCU\..\RunOnce: [jgmnfj] C:\windows\system32\jgmnfj.exe
O4 - HKCU\..\RunOnce: [netls3] c:\windows\system32\netls3.exe
O4 - HKCU\..\RunOnce: [ntmlmo] c:\windows\system32\ntmlmo.exe
O4 - HKCU\..\RunOnce: [odbcrt] c:\windows\system32\odbcrt.exe
O4 - HKCU\..\RunOnce: [msnmpa] c:\windows\system32\msnmpa.exe
O4 - HKCU\..\RunOnce: [rdsmms] c:\windows\system32\rdsmms.exe
O4 - HKCU\..\RunOnce: [fxspah] c:\windows\system32\fxspah.exe
O4 - HKCU\..\RunOnce: [rasc_3] c:\windows\system32\rasc_3.exe
O4 - HKCU\..\RunOnce: [logepe] c:\windows\system32\logepe.exe
O4 - HKCU\..\RunOnce: [pcdwin] c:\windows\system32\pcdwin.exe
O4 - HKCU\..\RunOnce: [raskvi] c:\windows\system32\raskvi.exe
O4 - HKCU\..\RunOnce: [advdvo] c:\windows\system32\advdvo.exe
O4 - HKCU\..\RunOnce: [rdpdcz] c:\windows\system32\rdpdcz.exe
O4 - HKCU\..\RunOnce: [raspcx] c:\windows\system32\raspcx.exe
O4 - HKCU\..\RunOnce: [hcctks] c:\windows\system32\hcctks.exe
O4 - HKCU\..\RunOnce: [xpssap] c:\windows\system32\xpssap.exe
O4 - Startup: Download Plus.lnk = C:\Documents and
Settings\Owner\Application Data\DownloadPlus.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program
Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: rrcd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} -
(no file)
O9 - Extra 'Tools' menuitem: Java -
{9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...e/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless
Media Upload) -
http://www.vzwpix.co...loadControl.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\uyer32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - c:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: tqaxpltrrmiayc - Unknown owner -
C:\WINDOWS\System32\trrmiayc\tqaxpl.exe
O23 - Service: uoibjjgptsmk - Unknown owner -
C:\WINDOWS\System32\tsmk\uoibjjgp.exe
O23 - Service: Windows Overlay Components - Unknown owner -
C:\WINDOWS\yjtjvzw.exe
O23 - Service: yxqqwamefspw - Unknown owner -
C:\WINDOWS\System32\wamefspw\yxqq.exe
  • 0

Advertisements


#2
daparker

daparker

    Visiting Staff

  • Member
  • PipPipPip
  • 232 posts
Hello and welcome to the forums. Sorry for the delay in responding, but we have been pretty busy here lately. Since your log might have changed since your last posting, I would like to see a new log. If you could please post a new log, I will be glad to review it.

Please make sure you notepad window is maximized before you copy the text of your HJT log since it makes it easier to read.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP