hijack this log

[thechanmanxd]

Logfile of HijackThis v1.99.1
Scan saved at 10:07:38 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Firemann\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O1 - Hosts: 109.218.182.64 securityresponse.symantec.com
O1 - Hosts: 108.118.173.186 symantec.com
O1 - Hosts: 39.240.77.21 www.sophos.com
O1 - Hosts: 198.104.29.197 sophos.com
O1 - Hosts: 129.194.37.82 www.mcafee.com
O1 - Hosts: 51.221.32.194 mcafee.com
O1 - Hosts: 213.79.155.84 liveupdate.symantecliveupdate.com
O1 - Hosts: 197.146.43.108 www.viruslist.com
O1 - Hosts: 38.113.17.54 viruslist.com
O1 - Hosts: 233.130.251.238 viruslist.com
O1 - Hosts: 52.141.74.59 f-secure.com
O1 - Hosts: 169.168.98.154 www.f-secure.com
O1 - Hosts: 233.225.156.198 kaspersky.com
O1 - Hosts: 55.208.78.160 kaspersky-labs.com
O1 - Hosts: 19.86.230.232 www.avp.com
O1 - Hosts: 209.114.185.237 www.kaspersky.com
O1 - Hosts: 103.231.226.247 avp.com
O1 - Hosts: 116.162.92.134 www.networkassociates.com
O1 - Hosts: 92.25.188.59 networkassociates.com
O1 - Hosts: 214.142.45.122 www.ca.com
O1 - Hosts: 86.126.133.38 ca.com
O1 - Hosts: 59.142.185.235 mast.mcafee.com
O1 - Hosts: 27.209.105.161 my-etrust.com
O1 - Hosts: 150.191.201.155 www.my-etrust.com
O1 - Hosts: 28.153.63.233 download.mcafee.com
O1 - Hosts: 119.181.211.14 dispatch.mcafee.com
O1 - Hosts: 144.221.229.114 secure.nai.com
O1 - Hosts: 204.185.192.64 nai.com
O1 - Hosts: 219.116.238.102 www.nai.com
O1 - Hosts: 244.151.2.229 update.symantec.com
O1 - Hosts: 198.204.29.177 updates.symantec.com
O1 - Hosts: 157.248.118.63 us.mcafee.com
O1 - Hosts: 6.226.173.25 liveupdate.symantec.com
O1 - Hosts: 114.220.26.250 customer.symantec.com
O1 - Hosts: 24.171.119.102 rads.mcafee.com
O1 - Hosts: 162.140.146.39 trendmicro.com
O1 - Hosts: 103.34.89.39 www.trendmicro.com
O1 - Hosts: 173.174.250.51 www.grisoft.com
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [qzi113bd] RUNDLL32.EXE w52ba247.dll,n 007113b60000000552ba247
O4 - HKLM\..\Run: [ykvlosvA] C:\WINDOWS\ykvlosvA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms045020841482] C:\WINDOWS\ms045020841482.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Firemann\MYDOCU~1\ASKS~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Xoujkaj] C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: vshjw.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ykvlosv.exe

[HJT Analyzer]

Currently Locked:

Asking Permission from GTO.



-Moderator

[junior08jr8]

Hello thechanmanxd,

This post took me from a great suspecion on abusing our help, you made two new threads at the same date but this one at 3:01 am.Im currently checking with the adminstratorto see if you're abusing our help.You'll be hearing from us.




-Closed

[GTO]

Hi thechanmanxd.

I will reply to this post, thechanmanxd, as your system is badly infected. However, next time please post logs made on one single computer to the same thread or explain briefly, why do you need to start a new thread.

Please follow these steps:

1. Download Pocket KillBox or KillBox utility.

2. Download LSP-fix and WinsockXPFix utilities. You will need them later.

3. Open the Control Panel and launch the Add or Remove Programs tool. In the list of installed software find the DeluxeCommunications program and uninstall it. It's adware.

4. Use HijackThis to fix the following entries:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 109.218.182.64 securityresponse.symantec.com
O1 - Hosts: 108.118.173.186 symantec.com
O1 - Hosts: 39.240.77.21 www.sophos.com
O1 - Hosts: 198.104.29.197 sophos.com
O1 - Hosts: 129.194.37.82 www.mcafee.com
O1 - Hosts: 51.221.32.194 mcafee.com
O1 - Hosts: 213.79.155.84 liveupdate.symantecliveupdate.com
O1 - Hosts: 197.146.43.108 www.viruslist.com
O1 - Hosts: 38.113.17.54 viruslist.com
O1 - Hosts: 233.130.251.238 viruslist.com
O1 - Hosts: 52.141.74.59 f-secure.com
O1 - Hosts: 169.168.98.154 www.f-secure.com
O1 - Hosts: 233.225.156.198 kaspersky.com
O1 - Hosts: 55.208.78.160 kaspersky-labs.com
O1 - Hosts: 19.86.230.232 www.avp.com
O1 - Hosts: 209.114.185.237 www.kaspersky.com
O1 - Hosts: 103.231.226.247 avp.com
O1 - Hosts: 116.162.92.134 www.networkassociates.com
O1 - Hosts: 92.25.188.59 networkassociates.com
O1 - Hosts: 214.142.45.122 www.ca.com
O1 - Hosts: 86.126.133.38 ca.com
O1 - Hosts: 59.142.185.235 mast.mcafee.com
O1 - Hosts: 27.209.105.161 my-etrust.com
O1 - Hosts: 150.191.201.155 www.my-etrust.com
O1 - Hosts: 28.153.63.233 download.mcafee.com
O1 - Hosts: 119.181.211.14 dispatch.mcafee.com
O1 - Hosts: 144.221.229.114 secure.nai.com
O1 - Hosts: 204.185.192.64 nai.com
O1 - Hosts: 219.116.238.102 www.nai.com
O1 - Hosts: 244.151.2.229 update.symantec.com
O1 - Hosts: 198.204.29.177 updates.symantec.com
O1 - Hosts: 157.248.118.63 us.mcafee.com
O1 - Hosts: 6.226.173.25 liveupdate.symantec.com
O1 - Hosts: 114.220.26.250 customer.symantec.com
O1 - Hosts: 24.171.119.102 rads.mcafee.com
O1 - Hosts: 162.140.146.39 trendmicro.com
O1 - Hosts: 103.34.89.39 www.trendmicro.com
O1 - Hosts: 173.174.250.51 www.grisoft.com
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [qzi113bd] RUNDLL32.EXE w52ba247.dll,n 007113b60000000552ba247
O4 - HKLM\..\Run: [ykvlosvA] C:\WINDOWS\ykvlosvA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms045020841482] C:\WINDOWS\ms045020841482.exe
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [Xoujkaj] C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - Global Startup: vshjw.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)

5. Now restart your system in Safe Mode. This step is very important!

6. Once in Safe Mode, use either Pocket KillBox or KillBox to delete the following files:
C:\WINDOWS\System32\w52ba247.dll
C:\WINDOWS\System32\vshjw.exe
C:\WINDOWS\System32\dxclib303562752.dll
C:\WINDOWS\ykvlosvA.exe
C:\WINDOWS\ms045020841482.exe
C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\OIN Search\OINSearch.dll
C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
C:\Program Files\UltimateBet\UltimateBet.exe

Also, delete the following directories:
C:\Program Files\Internet Optimizer
C:\Program Files\UltimateBet
C:\Program Files\NewDotNet
C:\Program Files\OIN Search
C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}
C:\Documents and Settings\Firemann\My Documents\s?curity

7. Reboot your computer. Now run either LSP-Fix or WinsockXPFix. These utilities should fix your Internet access.

8. Download the trial version of AVG Anti-Spyware. Install the program, update its definitions and run a complete system scan. Remove all the threats the application will find.

9. After you get done, run new HijackThis scan and post a fresh log here.