Smack Forums: Hijack this! - Smack Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Hijack this!

#1 User is offline   johnny

  • Fetus
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 03-September 03

Posted 07 January 2006 - 09:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:38:14 PM, on 01/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\ winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\ lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\syskw32. exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\ Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Johnny\LOCALS~1\Temp\ Rar$EX01.266\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {14B347DC-397D-8A0C-EE38-EDC9B92A99F9} - C:\WINDOWS\d3dz.dll
O2 - BHO: Class - {1A259247-D25A-36CA-4F73-9322D7A0CDB1} - C:\WINDOWS\system32\addcp32.dll
O2 - BHO: Class - {3C733A18-BA69-B034-3516-D68F69A95735} - C:\WINDOWS\atlzd32.dll (file missing)
O2 - BHO: Class - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - C:\WINDOWS\system32\javarh32.dll
O2 - BHO: Class - {73370541-FB2A-6DED-E594-D3DA5F033BD7} - C:\WINDOWS\apppe32.dll
O2 - BHO: Class - {7369E702-7B86-0B57-D101-8BCC1671DEFE} - C:\WINDOWS\mfcfm.dll (file missing)
O2 - BHO: Class - {8C4D260B-1E41-DA14-F55E-71DD630C18DD} - C:\WINDOWS\addpy32.dll (file missing)
O2 - BHO: Class - {A3EDBFE4-809C-6103-9624-82841BD19878} - C:\WINDOWS\system32\addnv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messages] msnmessag.exe
O4 - HKLM\..\Run: [Services] c:\windows.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\canada.exe -N
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Active Seek Program 4] C:\Documents and Settings\All Users\Application Data\Drvlongactiveseek\amok team.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitefaa32.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run124.exe dummy
O4 - HKLM\..\Run: [addhx.exe] C:\WINDOWS\system32\addhx.exe
O4 - HKLM\..\Run: [nettj.exe] C:\WINDOWS\system32\nettj.exe
O4 - HKLM\..\Run: [atlan32.exe] C:\WINDOWS\atlan32.exe
O4 - HKLM\..\Run: [iesa.exe] C:\WINDOWS\system32\iesa.exe
O4 - HKLM\..\Run: [netbr32.exe] C:\WINDOWS\netbr32.exe
O4 - HKLM\..\Run: [mfcxk32.exe] C:\WINDOWS\system32\mfcxk32.exe
O4 - HKLM\..\Run: [crxg32.exe] C:\WINDOWS\crxg32.exe
O4 - HKLM\..\Run: [ipwi.exe] C:\WINDOWS\system32\ipwi.exe
O4 - HKLM\..\Run: [crao32.exe] C:\WINDOWS\crao32.exe
O4 - HKLM\..\Run: [javang.exe] C:\WINDOWS\javang.exe
O4 - HKLM\..\Run: [winyi32.exe] C:\WINDOWS\winyi32.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunServices: [MSN Messages] msnmessag.exe
O4 - HKLM\..\RunOnce: [syskw32.exe] C:\WINDOWS\system32\syskw32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Plug-in 1.3.1_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\Ctsvccda.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

#2 User is offline   Tokyudo

  • Get To The CHOPPA!!!!!
  • PipPipPipPipPipPipPipPip
  • Group: smackdaddies
  • Posts: 2,551
  • Joined: 13-December 02

Posted 08 January 2006 - 10:04 AM

Ok, delete the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kqvzc.dll/sp.html#77035%resultposition.net
R3 - Default URLSearchHook is missing


O2 - BHO: Class - {14B347DC-397D-8A0C-EE38-EDC9B92A99F9} - C:\WINDOWS\d3dz.dll
O2 - BHO: Class - {1A259247-D25A-36CA-4F73-9322D7A0CDB1} - C:\WINDOWS\system32\addcp32.dll
O2 - BHO: Class - {3C733A18-BA69-B034-3516-D68F69A95735} - C:\WINDOWS\atlzd32.dll (file missing)
O2 - BHO: Class - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - C:\WINDOWS\system32\javarh32.dll
O2 - BHO: Class - {73370541-FB2A-6DED-E594-D3DA5F033BD7} - C:\WINDOWS\apppe32.dll
O2 - BHO: Class - {7369E702-7B86-0B57-D101-8BCC1671DEFE} - C:\WINDOWS\mfcfm.dll (file missing)
O2 - BHO: Class - {8C4D260B-1E41-DA14-F55E-71DD630C18DD} - C:\WINDOWS\addpy32.dll (file missing)
O2 - BHO: Class - {A3EDBFE4-809C-6103-9624-82841BD19878} - C:\WINDOWS\system32\addnv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitefaa32.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run124.exe dummy
O4 - HKLM\..\Run: [addhx.exe] C:\WINDOWS\system32\addhx.exe
O4 - HKLM\..\Run: [nettj.exe] C:\WINDOWS\system32\nettj.exe
O4 - HKLM\..\Run: [atlan32.exe] C:\WINDOWS\atlan32.exe
O4 - HKLM\..\Run: [iesa.exe] C:\WINDOWS\system32\iesa.exe
O4 - HKLM\..\Run: [netbr32.exe] C:\WINDOWS\netbr32.exe
O4 - HKLM\..\Run: [mfcxk32.exe] C:\WINDOWS\system32\mfcxk32.exe
O4 - HKLM\..\Run: [crxg32.exe] C:\WINDOWS\crxg32.exe
O4 - HKLM\..\Run: [ipwi.exe] C:\WINDOWS\system32\ipwi.exe
O4 - HKLM\..\Run: [crao32.exe] C:\WINDOWS\crao32.exe
O4 - HKLM\..\Run: [javang.exe] C:\WINDOWS\javang.exe
O4 - HKLM\..\Run: [winyi32.exe] C:\WINDOWS\winyi32.exe

O4 - HKLM\..\RunOnce: [syskw32.exe] C:\WINDOWS\system32\syskw32.exe



You have quite a bit there. Make sure you have gone into the Add/Remove Programs in the Control Panels and manually remove as many toolbars as you can. Also, here's a great anti-spyware program called Hitman Pro, it's very easy to use and runs completely automatically.

http://members.home....itmanpro233.exe


I would highly suggest that you install and run hitman pro (scans can take anywhere from 45 minutes to an hour and a half depending on your PC speed). Hitman Pro isn't a program itself, it uses 6 different programs including: Ad-Aware, Spy-Bot, SpySweeper, SpywareDoctor, CWShredder, etc. It will automatically update and run scans with each program. Once it's done running its initial run, I would suggest that you boot into "Safe with network support" and run Hitman Pro again.

Good Luck.
0

#3 User is offline   johnny

  • Fetus
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 03-September 03

Posted 08 January 2006 - 07:55 PM

Hey, thanks a lot. Hopefully it'll be better. What's the deal with Antivir? Is it any good? Thats what my dad uses on this computer.

So I deleted all those things. But still, everytime I open up Internet Explorer and even sometimes just randomly whenever, an Anitvir pop up comes up asking what we should do with the Trojan horse file...etc. How would I get rid of that?

This post has been edited by johnny: 08 January 2006 - 08:13 PM

0

#4 User is offline   smackdaddy

  • I am IRON WANG
  • PipPipPipPipPipPipPip
  • Group: Super Administrators
  • Posts: 527
  • Joined: 13-December 02

Posted 08 January 2006 - 08:13 PM

This isn't your only problem...I'd suggest running HJT! again and posting us another log, so we can see what's being stubborn.

Some of your problem may be archived viruses/spyware.

Right click on My Computer, click on Properties. Click on the System Restore tab, and CHECK the box that says "Turn off System Restore on all drives".

A confirmation message will pop up, asking if you want to remove all of the backedup files. You WANT TO REMOVE THEM. Then, close all the boxes, restart it, and if you want, re-enable it, after you know the machine is clean. I've run into quite a few virus that will get archived, and cause boxes to pop up eternally.

Any antivirus is usually better than none. www.grisoft.com is the home of AVG AntiVirus, which is the best free one we've found. The best overall in my opinion (and Tok feels the same) is Nod32, which is probably well worth the money you spend.

The days of being able to fly without protection are rapidly coming to an end.
0

#5 User is offline   johnny

  • Fetus
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 03-September 03

Posted 08 January 2006 - 08:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:29:57 PM, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\ winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\ lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\LEXBCES. EXE
C:\WINDOWS\system32\defrag.exe
C:\PROGRAM FILES\AVPERSONAL\GUARDGUI.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\ Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\netqi32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\ Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRAM FILES\AVPERSONAL\GUARDGUI.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\WINDOWS\system32\sysdu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Johnny\LOCALS~1\Temp\Rar$ EX01.859\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.purevolume.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\oypeq.dll/sp.html#77035%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {175EADE3-263E-66D2-E5E6-5404E3BB49E0} - C:\WINDOWS\system32\sdkyg32.dll
O2 - BHO: Class - {455CDCEA-F040-0D76-16EF-DFA09042C0B1} - C:\WINDOWS\applz32.dll
O2 - BHO: Class - {6A3C5AEB-2856-9DC8-A5D7-C63EDEC0AF15} - C:\WINDOWS\winow.dll
O2 - BHO: Class - {9CC8F542-1A40-D18B-FB14-9CD9B4908857} - C:\WINDOWS\system32\mfcca.dll
O2 - BHO: Class - {AA258D02-7EAF-CF17-74F9-F542353A0DA6} - C:\WINDOWS\system32\addlt32.dll
O2 - BHO: Class - {B3F32588-BFA0-7EFC-08BD-9D3F85061A26} - C:\WINDOWS\system32\atlzd.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messages] msnmessag.exe
O4 - HKLM\..\Run: [Services] c:\windows.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\canada.exe -N
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Active Seek Program 4] C:\Documents and Settings\All Users\Application Data\Drvlongactiveseek\amok team.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sysce.exe] C:\WINDOWS\system32\sysce.exe
O4 - HKLM\..\Run: [netqi32.exe] C:\WINDOWS\system32\netqi32.exe
O4 - HKLM\..\RunServices: [MSN Messages] msnmessag.exe
O4 - HKLM\..\RunOnce: [sysdu.exe] C:\WINDOWS\system32\sysdu.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Plug-in 1.3.1_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\syskw32.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\Ctsvccda.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

#6 User is offline   johnny

  • Fetus
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 03-September 03

Posted 08 January 2006 - 08:50 PM

Ok, so I tried to install that Hitman and well, I don't think it went so well. It just froze up. Same with the My Computer way properties smackdaddy told me.

This post has been edited by johnny: 08 January 2006 - 09:04 PM

0

#7 User is offline   Tokyudo

  • Get To The CHOPPA!!!!!
  • PipPipPipPipPipPipPipPip
  • Group: smackdaddies
  • Posts: 2,551
  • Joined: 13-December 02

Posted 09 January 2006 - 08:21 AM

Ok, I need you to try this:

Boot into Safe Mode.

Go to the following location c:\documents and settings\'your profile folder'

Make sure view hidden folders is enabled (tools -> folder options -> 'view' tab)

Inside your 'profile folder' is a folder called 'local settings'. Within that are 2 folders called 'temp' and 'temperary internet files'. Delete ALL of the contents INSIDE of those 2 folders, DO NOT DELETE THE FOLDERS. These 2 locations are most common places for trojans to attach.


It looks like you still have some sort of spyware/virus reproducing itself there. I would highly suggest removing AntiVir and installing AVG anti-virus. When you run your scans, be sure to run them all from 'Safe Mode with Network Support'.


So here's your homework:

Remove AntiVir, install AVG - get all updates and stuff

Boot into 'Safe Mode with Network Support' and delete the contents of those 2 folders I told you about

Run Hitman Pro from safe mode. If it locks up, then at least run Spy-bot or Ad-Aware individually.

Run Panda online virus scan


When you're done with that, please repost a HiJack log again. Good luck.
0

#8 User is offline   Moosenuckle

  • Knuckle of the Moose
  • PipPipPipPipPipPip
  • Group: smackdaddies
  • Posts: 447
  • Joined: 16-December 02

Posted 09 January 2006 - 03:40 PM

Also, don't use internet explorer. You need to switch to Mozilla Firefox as your browser.
0

#9 User is offline   smackdaddy

  • I am IRON WANG
  • PipPipPipPipPipPipPip
  • Group: Super Administrators
  • Posts: 527
  • Joined: 13-December 02

Posted 11 January 2006 - 10:06 PM

QUOTE (Moosenuckle @ Jan 9 2006, 03:40 PM) <{POST_SNAPBACK}>
Also, don't use internet explorer. You need to switch to Mozilla Firefox as your browser.


Sound advice.

It looks like a lot of work...and it is. It's not hard...just tedious, but it will take you a long time to do, and thats why people charge so much to do it.

Another thing - while you're in safe mode running all this, you should run each set of things for EVERY account. That means owner, plus your dad's, your mom's, and if your sisters still have accounts on there, it means theirs too...

A LOT of work.

I don't envy you, but we'll help you through it.
0

#10 Guest_MagicOPromotion_*

  • Group: Guests

Posted 17 June 2009 - 06:14 PM

I have the same problem, and I think prompted by my use of MSN Messenger on a Mac, as I rarely use a PC to log in there
And the messages have continued to be sent, I gather, even tho I havent logged into Messenger at all anywhere for several days now
Anyone got any thoughts on how to resolve this?
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users