NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 01:22:56 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

My Hijackthis Log.


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: My Hijackthis Log.  (Read 1466 times)
Niku5himi
Newbie
*
Posts: 4

dkxaznloner@hotmail.com
View Profile
« on: August 09, 2006, 09:40:39 AM »
Logfile of HijackThis v1.99.1
Scan saved at 7:51:48 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - _{712ED2B2-4006-19F2-72BD-66D4FD07C2BD} - (no file)
R3 - URLSearchHook: (no name) - _{F3C7BFAE-294B-25E2-6838-0B6245B91EB7} - (no file)
R3 - URLSearchHook: (no name) - {23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - {5D0BCC68-5CDB-5E2F-A4E2-73D58D51E3EA} - (no file)
R3 - URLSearchHook: (no name) - {C6477713-E0FE-E906-D252-CD3EC35675B3} - (no file)
R3 - URLSearchHook: (no name) - {9C12221F-B6F8-B400-D652-CD3EC35674B7} - (no file)
R3 - URLSearchHook: (no name) - {3DC16A11-FFFA-F154-DD56-D87F176BD8BE} - (no file)
R3 - URLSearchHook: (no name) - {9A472616-E3FC-B503-8752-CD3EC35622BF} - (no file)
R3 - URLSearchHook: (no name) - {455A3B5C-A4ED-AC42-94A0-878AD8D6FFBB} - (no file)
R3 - URLSearchHook: (no name) - {4B3D1B5A-8EEB-D548-9D04-AD98B960F4BB} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {5139B2EE-7A51-25FC-7889-5087E880BEEE} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
R3 - URLSearchHook: (no name) - {32E732AA-F511-A4BB-332B-8F6A66A9DAEF} - (no file)
R3 - URLSearchHook: (no name) - {919671FE-B712-B7BE-6D8D-957B47FB28E0} - (no file)
R3 - URLSearchHook: (no name) - {959372AB-B640-EBBA-3E8D-957B47FB2AE0} - (no file)
R3 - URLSearchHook: (no name) - {2A688D42-46A4-1008-DAC7-34D1ED4E9DBB} - (no file)
R3 - URLSearchHook: (no name) - {B8565965-95DE-C924-F3B1-E62C82185CB4} - (no file)
R3 - URLSearchHook: (no name) - {BE575E35-928D-9A21-F2B1-E62C82185BBF} - (no file)
R3 - URLSearchHook: (no name) - {BF065831-C08B-CD72-F3B1-E62C82190CE9} - (no file)
R3 - URLSearchHook: (no name) - {378C2E65-E885-E27A-A548-992B52E4D1E8} - (no file)
R3 - URLSearchHook: (no name) - {AB7B3C0A-A7B9-A74D-C540-89BAAB4B1AE1} - (no file)
R3 - URLSearchHook: (no name) - {648C2E35-E880-B773-F048-992B52BC87EA} - (no file)
R3 - URLSearchHook: (no name) - {17B460C3-A52F-F4D5-0A9A-844A34AAF4E9} - (no file)
R3 - URLSearchHook: (no name) - {13E435C0-A07D-A084-0C9A-844A34AAA6B8} - (no file)
R3 - URLSearchHook: (no name) - {B14CE14B-21A5-785A-D7F6-5717C1F65DB6} - (no file)
R3 - URLSearchHook: (no name) - {088FBB8A-743A-7890-17F3-5227528FE9EA} - (no file)
R3 - URLSearchHook: (no name) - {C92CF321-6AC0-6F6E-BAC9-41B6ABE028E3} - (no file)
R3 - URLSearchHook: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
O2 - BHO: (no name) - {2B0F2A91-EE2E-B285-007A-CF8ED8E0CABD} - C:\WINDOWS\system32\olfa.dll (file missing)
O2 - BHO: (no name) - {2C7D5FB3-0C3B-ACF9-23A7-686032D26630} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll
O2 - BHO: (no name) - {E8BDD018-B39F-E043-E711-1B1258218FFB} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [team skip tray burn] C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Pkwsyl] C:\Program Files\Kddhq\Xjrjj.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [sendsafelinkgram] C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154321924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\RunServices: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Uqr] C:\WINDOWS\system32\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Heck Cash] C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe
O4 - HKCU\..\Run: [Naln] "C:\PROGRA~1\ICROSO~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm020YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:   wowexec.dll            C:\WINDOWS\system32\wowexec.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hope you guys can help me.  I scanned with HJT couple of days ago in safemode.  If you think you need a new one just let me know and I'll scan again.
Logged
Guest
Guest
« Reply #1 on: August 09, 2006, 09:40:55 AM »
Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1.   Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Naln] "C:\PROGRA~1\ICROSO~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - _{712ED2B2-4006-19F2-72BD-66D4FD07C2BD} - (no file)
R3 - URLSearchHook: (no name) - _{F3C7BFAE-294B-25E2-6838-0B6245B91EB7} - (no file)
R3 - URLSearchHook: (no name) - {23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - {5D0BCC68-5CDB-5E2F-A4E2-73D58D51E3EA} - (no file)
R3 - URLSearchHook: (no name) - {C6477713-E0FE-E906-D252-CD3EC35675B3} - (no file)
R3 - URLSearchHook: (no name) - {9C12221F-B6F8-B400-D652-CD3EC35674B7} - (no file)
R3 - URLSearchHook: (no name) - {3DC16A11-FFFA-F154-DD56-D87F176BD8BE} - (no file)
R3 - URLSearchHook: (no name) - {9A472616-E3FC-B503-8752-CD3EC35622BF} - (no file)
R3 - URLSearchHook: (no name) - {455A3B5C-A4ED-AC42-94A0-878AD8D6FFBB} - (no file)
R3 - URLSearchHook: (no name) - {4B3D1B5A-8EEB-D548-9D04-AD98B960F4BB} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {5139B2EE-7A51-25FC-7889-5087E880BEEE} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
R3 - URLSearchHook: (no name) - {32E732AA-F511-A4BB-332B-8F6A66A9DAEF} - (no file)
R3 - URLSearchHook: (no name) - {919671FE-B712-B7BE-6D8D-957B47FB28E0} - (no file)
R3 - URLSearchHook: (no name) - {959372AB-B640-EBBA-3E8D-957B47FB2AE0} - (no file)
R3 - URLSearchHook: (no name) - {2A688D42-46A4-1008-DAC7-34D1ED4E9DBB} - (no file)
R3 - URLSearchHook: (no name) - {B8565965-95DE-C924-F3B1-E62C82185CB4} - (no file)
R3 - URLSearchHook: (no name) - {BE575E35-928D-9A21-F2B1-E62C82185BBF} - (no file)
R3 - URLSearchHook: (no name) - {BF065831-C08B-CD72-F3B1-E62C82190CE9} - (no file)
R3 - URLSearchHook: (no name) - {378C2E65-E885-E27A-A548-992B52E4D1E8} - (no file)
R3 - URLSearchHook: (no name) - {AB7B3C0A-A7B9-A74D-C540-89BAAB4B1AE1} - (no file)
R3 - URLSearchHook: (no name) - {648C2E35-E880-B773-F048-992B52BC87EA} - (no file)
R3 - URLSearchHook: (no name) - {17B460C3-A52F-F4D5-0A9A-844A34AAF4E9} - (no file)
R3 - URLSearchHook: (no name) - {13E435C0-A07D-A084-0C9A-844A34AAA6B8} - (no file)
R3 - URLSearchHook: (no name) - {B14CE14B-21A5-785A-D7F6-5717C1F65DB6} - (no file)
R3 - URLSearchHook: (no name) - {088FBB8A-743A-7890-17F3-5227528FE9EA} - (no file)
R3 - URLSearchHook: (no name) - {C92CF321-6AC0-6F6E-BAC9-41B6ABE028E3} - (no file)
R3 - URLSearchHook: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll
O2 - BHO: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
O2 - BHO: (no name) - {2B0F2A91-EE2E-B285-007A-CF8ED8E0CABD} - C:\WINDOWS\system32\olfa.dll (file missing)
O2 - BHO: (no name) - {2C7D5FB3-0C3B-ACF9-23A7-686032D26630} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: (no name) - {E8BDD018-B39F-E043-E711-1B1258218FFB} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra ''Tools'' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

4. Now restart your system in Safe Mode. This step is very important!
5.   Use the Pocket KillBox utility to delete the following files:

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\WINDOWS\system32\dhtmlcore.dll
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\ICROSO~1\regsvr32.exe


The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [team skip tray burn] C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [Pkwsyl] C:\Program Files\Kddhq\Xjrjj.exe
O4 - HKLM\..\Run: [sendsafelinkgram] C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Uqr] C:\WINDOWS\system32\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Heck Cash] C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O20 - AppInit_DLLs:   wowexec.dll            C:\WINDOWS\system32\wowexec.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.


If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!
Logged
Niku5himi
Newbie
*
Posts: 4

dkxaznloner@hotmail.com
View Profile
« Reply #2 on: August 09, 2006, 03:14:38 PM »
This is my newest hijack this log after followed through with the intrusctions above.  I found some files and deleted them but not all the files that was listed like above.

Logfile of HijackThis v1.99.1
Scan saved at 2:13:06 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1154321924\ee\AOLSoftware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\WAUBOO~1.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ICROSO~1\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - _{712ED2B2-4006-19F2-72BD-66D4FD07C2BD} - (no file)
R3 - URLSearchHook: (no name) - _{F3C7BFAE-294B-25E2-6838-0B6245B91EB7} - (no file)
R3 - URLSearchHook: (no name) - {23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - {5D0BCC68-5CDB-5E2F-A4E2-73D58D51E3EA} - (no file)
R3 - URLSearchHook: (no name) - {C6477713-E0FE-E906-D252-CD3EC35675B3} - (no file)
R3 - URLSearchHook: (no name) - {9C12221F-B6F8-B400-D652-CD3EC35674B7} - (no file)
R3 - URLSearchHook: (no name) - {3DC16A11-FFFA-F154-DD56-D87F176BD8BE} - (no file)
R3 - URLSearchHook: (no name) - {9A472616-E3FC-B503-8752-CD3EC35622BF} - (no file)
R3 - URLSearchHook: (no name) - {455A3B5C-A4ED-AC42-94A0-878AD8D6FFBB} - (no file)
R3 - URLSearchHook: (no name) - {4B3D1B5A-8EEB-D548-9D04-AD98B960F4BB} - (no file)
R3 - URLSearchHook: (no name) - {5139B2EE-7A51-25FC-7889-5087E880BEEE} - (no file)
R3 - URLSearchHook: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
R3 - URLSearchHook: (no name) - {32E732AA-F511-A4BB-332B-8F6A66A9DAEF} - (no file)
R3 - URLSearchHook: (no name) - {919671FE-B712-B7BE-6D8D-957B47FB28E0} - (no file)
R3 - URLSearchHook: (no name) - {959372AB-B640-EBBA-3E8D-957B47FB2AE0} - (no file)
R3 - URLSearchHook: (no name) - {2A688D42-46A4-1008-DAC7-34D1ED4E9DBB} - (no file)
R3 - URLSearchHook: (no name) - {B8565965-95DE-C924-F3B1-E62C82185CB4} - (no file)
R3 - URLSearchHook: (no name) - {BE575E35-928D-9A21-F2B1-E62C82185BBF} - (no file)
R3 - URLSearchHook: (no name) - {BF065831-C08B-CD72-F3B1-E62C82190CE9} - (no file)
R3 - URLSearchHook: (no name) - {378C2E65-E885-E27A-A548-992B52E4D1E8} - (no file)
R3 - URLSearchHook: (no name) - {AB7B3C0A-A7B9-A74D-C540-89BAAB4B1AE1} - (no file)
R3 - URLSearchHook: (no name) - {648C2E35-E880-B773-F048-992B52BC87EA} - (no file)
R3 - URLSearchHook: (no name) - {17B460C3-A52F-F4D5-0A9A-844A34AAF4E9} - (no file)
R3 - URLSearchHook: (no name) - {13E435C0-A07D-A084-0C9A-844A34AAA6B8} - (no file)
R3 - URLSearchHook: (no name) - {B14CE14B-21A5-785A-D7F6-5717C1F65DB6} - (no file)
R3 - URLSearchHook: (no name) - {088FBB8A-743A-7890-17F3-5227528FE9EA} - (no file)
R3 - URLSearchHook: (no name) - {C92CF321-6AC0-6F6E-BAC9-41B6ABE028E3} - (no file)
R3 - URLSearchHook: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - (no file)
R3 - URLSearchHook: (no name) - {CB22F77D-3CC5-3E3F-BCC9-41B6ABE025E7} - C:\WINDOWS\system32\viipspr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
O2 - BHO: (no name) - {2B0F2A91-EE2E-B285-007A-CF8ED8E0CABD} - C:\WINDOWS\system32\olfa.dll (file missing)
O2 - BHO: (no name) - {2C7D5FB3-0C3B-ACF9-23A7-686032D26630} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CB22F77D-3CC5-3E3F-BCC9-41B6ABE025E7} - C:\WINDOWS\system32\viipspr.dll
O2 - BHO: (no name) - {E8BDD018-B39F-E043-E711-1B1258218FFB} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [team skip tray burn] C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Pkwsyl] C:\Program Files\Kddhq\Xjrjj.exe
O4 - HKLM\..\Run: [sendsafelinkgram] C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154321924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\RunServices: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Heck Cash] C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uqr] C:\WINDOWS\system32\WAUBOO~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Naln] "C:\PROGRA~1\ICROSO~1\regsvr32.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm020YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowexec.dll,
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #3 on: August 10, 2006, 07:19:59 AM »
Hi, Niku5himi. Welcome to the 2-Spyware.com forums!

Please follow these steps:

1. Download Pocket KillBox or KillBox utility.

2. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/ /www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - _{712ED2B2-4006-19F2-72BD-66D4FD07C2BD} - (no file)
R3 - URLSearchHook: (no name) - _{F3C7BFAE-294B-25E2-6838-0B6245B91EB7} - (no file)
R3 - URLSearchHook: (no name) - {23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file)
R3 - URLSearchHook: (no name) - {5D0BCC68-5CDB-5E2F-A4E2-73D58D51E3EA} - (no file)
R3 - URLSearchHook: (no name) - {C6477713-E0FE-E906-D252-CD3EC35675B3} - (no file)
R3 - URLSearchHook: (no name) - {9C12221F-B6F8-B400-D652-CD3EC35674B7} - (no file)
R3 - URLSearchHook: (no name) - {3DC16A11-FFFA-F154-DD56-D87F176BD8BE} - (no file)
R3 - URLSearchHook: (no name) - {9A472616-E3FC-B503-8752-CD3EC35622BF} - (no file)
R3 - URLSearchHook: (no name) - {455A3B5C-A4ED-AC42-94A0-878AD8D6FFBB} - (no file)
R3 - URLSearchHook: (no name) - {4B3D1B5A-8EEB-D548-9D04-AD98B960F4BB} - (no file)
R3 - URLSearchHook: (no name) - {5139B2EE-7A51-25FC-7889-5087E880BEEE} - (no file)
R3 - URLSearchHook: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
R3 - URLSearchHook: (no name) - {32E732AA-F511-A4BB-332B-8F6A66A9DAEF} - (no file)
R3 - URLSearchHook: (no name) - {919671FE-B712-B7BE-6D8D-957B47FB28E0} - (no file)
R3 - URLSearchHook: (no name) - {959372AB-B640-EBBA-3E8D-957B47FB2AE0} - (no file)
R3 - URLSearchHook: (no name) - {2A688D42-46A4-1008-DAC7-34D1ED4E9DBB} - (no file)
R3 - URLSearchHook: (no name) - {B8565965-95DE-C924-F3B1-E62C82185CB4} - (no file)
R3 - URLSearchHook: (no name) - {BE575E35-928D-9A21-F2B1-E62C82185BBF} - (no file)
R3 - URLSearchHook: (no name) - {BF065831-C08B-CD72-F3B1-E62C82190CE9} - (no file)
R3 - URLSearchHook: (no name) - {378C2E65-E885-E27A-A548-992B52E4D1E8} - (no file)
R3 - URLSearchHook: (no name) - {AB7B3C0A-A7B9-A74D-C540-89BAAB4B1AE1} - (no file)
R3 - URLSearchHook: (no name) - {648C2E35-E880-B773-F048-992B52BC87EA} - (no file)
R3 - URLSearchHook: (no name) - {17B460C3-A52F-F4D5-0A9A-844A34AAF4E9} - (no file)
R3 - URLSearchHook: (no name) - {13E435C0-A07D-A084-0C9A-844A34AAA6B8} - (no file)
R3 - URLSearchHook: (no name) - {B14CE14B-21A5-785A-D7F6-5717C1F65DB6} - (no file)
R3 - URLSearchHook: (no name) - {088FBB8A-743A-7890-17F3-5227528FE9EA} - (no file)
R3 - URLSearchHook: (no name) - {C92CF321-6AC0-6F6E-BAC9-41B6ABE028E3} - (no file)
R3 - URLSearchHook: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - (no file)
R3 - URLSearchHook: (no name) - {CB22F77D-3CC5-3E3F-BCC9-41B6ABE025E7} - C:\WINDOWS\system32\viipspr.dll
O2 - BHO: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing)
O2 - BHO: (no name) - {2B0F2A91-EE2E-B285-007A-CF8ED8E0CABD} - C:\WINDOWS\system32\olfa.dll (file missing)
O2 - BHO: (no name) - {2C7D5FB3-0C3B-ACF9-23A7-686032D26630} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: (no name) - {CB22F77D-3CC5-3E3F-BCC9-41B6ABE025E7} - C:\WINDOWS\system32\viipspr.dll
O2 - BHO: (no name) - {E8BDD018-B39F-E043-E711-1B1258218FFB} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing)
O4 - HKLM\..\Run: [team skip tray burn] C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe
O4 - HKLM\..\Run: [Pkwsyl] C:\Program Files\Kddhq\Xjrjj.exe
O4 - HKLM\..\Run: [sendsafelinkgram] C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe
O4 - HKCU\..\Run: [Heck Cash] C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe
O4 - HKCU\..\Run: [Uqr] C:\WINDOWS\system32\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Naln] "C:\PROGRA~1\ICROSO~1\regsvr32.exe" -vt ndrv
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http:/ /static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowexec.dll,

3.  Now restart your system in Safe Mode. This step is very important!

4. Once in Safe Mode, use either Pocket KillBox or KillBox to delete the following files:
C:\WINDOWS\system32\WAUBOO~1.EXE
C:\WINDOWS\system32\viipspr.dll
C:\WINDOWS\system32\wowexec.dll
C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe
C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe
C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe
C:\Program Files\Kddhq\Xjrjj.exe
C:\PROGRA~1\ICROSO~1\regsvr32.exe

Also, delete the following directories:
C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1
C:\Documents and Settings\All Users\Application Data\jugs sixth team skip
C:\Documents and Settings\All Users\Application Data\dart mode send safe
C:\Program Files\Kddhq
C:\PROGRA~1\ICROSO~1

5. Reboot your computer. Download the trial version of ewido anti-spyware. Install the program, update its definitions and run a complete system scan. Remove all the threats the application will find.

6. After you get done, run new HijackThis scan and post a fresh log here.
Logged
Niku5himi
Newbie
*
Posts: 4

dkxaznloner@hotmail.com
View Profile
« Reply #4 on: August 11, 2006, 11:42:16 AM »
Followed all the intructions above and here's my latest hijack this scan log.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:12 AM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154321924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm020YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #5 on: August 13, 2006, 02:06:50 AM »
Hi, Niku5himi.

Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/ /www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Everything else in your log looks clean to me.
Logged
Niku5himi
Newbie
*
Posts: 4

dkxaznloner@hotmail.com
View Profile
« Reply #6 on: August 13, 2006, 11:14:49 PM »
Thanks a lot GTO for helping me through the whole thing.  You have been very helpful and I'm glad that I registered to this forum.

Once again, thanks you for your assistance.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.