hijack this log
| Author |
Message |
thechanmanxd
Joined: 27 Jun 2006
Posts: 7
|
 Post subject: hijack this log |
 |
|
Logfile of HijackThis v1.99.1
Scan saved at 10:07:38 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Firemann\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O1 - Hosts: 109.218.182.64 securityresponse.symantec.com
O1 - Hosts: 108.118.173.186 symantec.com
O1 - Hosts: 39.240.77.21 www.sophos.com
O1 - Hosts: 198.104.29.197 sophos.com
O1 - Hosts: 129.194.37.82 www.mcafee.com
O1 - Hosts: 51.221.32.194 mcafee.com
O1 - Hosts: 213.79.155.84 liveupdate.symantecliveupdate.com
O1 - Hosts: 197.146.43.108 www.viruslist.com
O1 - Hosts: 38.113.17.54 viruslist.com
O1 - Hosts: 233.130.251.238 viruslist.com
O1 - Hosts: 52.141.74.59 f-secure.com
O1 - Hosts: 169.168.98.154 www.f-secure.com
O1 - Hosts: 233.225.156.198 kaspersky.com
O1 - Hosts: 55.208.78.160 kaspersky-labs.com
O1 - Hosts: 19.86.230.232 www.avp.com
O1 - Hosts: 209.114.185.237 www.kaspersky.com
O1 - Hosts: 103.231.226.247 avp.com
O1 - Hosts: 116.162.92.134 www.networkassociates.com
O1 - Hosts: 92.25.188.59 networkassociates.com
O1 - Hosts: 214.142.45.122 www.ca.com
O1 - Hosts: 86.126.133.38 ca.com
O1 - Hosts: 59.142.185.235 mast.mcafee.com
O1 - Hosts: 27.209.105.161 my-etrust.com
O1 - Hosts: 150.191.201.155 www.my-etrust.com
O1 - Hosts: 28.153.63.233 download.mcafee.com
O1 - Hosts: 119.181.211.14 dispatch.mcafee.com
O1 - Hosts: 144.221.229.114 secure.nai.com
O1 - Hosts: 204.185.192.64 nai.com
O1 - Hosts: 219.116.238.102 www.nai.com
O1 - Hosts: 244.151.2.229 update.symantec.com
O1 - Hosts: 198.204.29.177 updates.symantec.com
O1 - Hosts: 157.248.118.63 us.mcafee.com
O1 - Hosts: 6.226.173.25 liveupdate.symantec.com
O1 - Hosts: 114.220.26.250 customer.symantec.com
O1 - Hosts: 24.171.119.102 rads.mcafee.com
O1 - Hosts: 162.140.146.39 trendmicro.com
O1 - Hosts: 103.34.89.39 www.trendmicro.com
O1 - Hosts: 173.174.250.51 www.grisoft.com
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [qzi113bd] RUNDLL32.EXE w52ba247.dll,n 007113b60000000552ba247
O4 - HKLM\..\Run: [ykvlosvA] C:\WINDOWS\ykvlosvA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms045020841482] C:\WINDOWS\ms045020841482.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Firemann\MYDOCU~1\ASKS~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Xoujkaj] C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: vshjw.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ykvlosv.exe |
|
Sun Nov 19, 2006 3:00 am
 |
|
 |
HJT Analyzer
Joined: 15 Mar 2006
Posts: 611
|
| Post subject: My HijackThis log |
|
|
Currently Locked:
Asking Permission from GTO.
-Moderator |
|
Sun Nov 19, 2006 3:01 am
|
|
|
junior08jr8
Joined: 25 Jun 2006
Posts: 194
|
| Post subject: |
|
|
Hello thechanmanxd,
This post took me from a great suspecion on abusing our help, you made two new threads at the same date but this one at 3:01 am.Im currently checking with the adminstratorto see if you're abusing our help.You'll be hearing from us.
-Closed |
|
Sun Nov 19, 2006 9:08 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi thechanmanxd.
I will reply to this post, thechanmanxd, as your system is badly infected. However, next time please post logs made on one single computer to the same thread or explain briefly, why do you need to start a new thread.
Please follow these steps:
1. Download Pocket KillBox or KillBox utility.
2. Download LSP-fix and WinsockXPFix utilities. You will need them later.
3. Open the Control Panel and launch the Add or Remove Programs tool. In the list of installed software find the DeluxeCommunications program and uninstall it. It's adware.
4. Use HijackThis to fix the following entries:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 109.218.182.64 securityresponse.symantec.com
O1 - Hosts: 108.118.173.186 symantec.com
O1 - Hosts: 39.240.77.21 www.sophos.com
O1 - Hosts: 198.104.29.197 sophos.com
O1 - Hosts: 129.194.37.82 www.mcafee.com
O1 - Hosts: 51.221.32.194 mcafee.com
O1 - Hosts: 213.79.155.84 liveupdate.symantecliveupdate.com
O1 - Hosts: 197.146.43.108 www.viruslist.com
O1 - Hosts: 38.113.17.54 viruslist.com
O1 - Hosts: 233.130.251.238 viruslist.com
O1 - Hosts: 52.141.74.59 f-secure.com
O1 - Hosts: 169.168.98.154 www.f-secure.com
O1 - Hosts: 233.225.156.198 kaspersky.com
O1 - Hosts: 55.208.78.160 kaspersky-labs.com
O1 - Hosts: 19.86.230.232 www.avp.com
O1 - Hosts: 209.114.185.237 www.kaspersky.com
O1 - Hosts: 103.231.226.247 avp.com
O1 - Hosts: 116.162.92.134 www.networkassociates.com
O1 - Hosts: 92.25.188.59 networkassociates.com
O1 - Hosts: 214.142.45.122 www.ca.com
O1 - Hosts: 86.126.133.38 ca.com
O1 - Hosts: 59.142.185.235 mast.mcafee.com
O1 - Hosts: 27.209.105.161 my-etrust.com
O1 - Hosts: 150.191.201.155 www.my-etrust.com
O1 - Hosts: 28.153.63.233 download.mcafee.com
O1 - Hosts: 119.181.211.14 dispatch.mcafee.com
O1 - Hosts: 144.221.229.114 secure.nai.com
O1 - Hosts: 204.185.192.64 nai.com
O1 - Hosts: 219.116.238.102 www.nai.com
O1 - Hosts: 244.151.2.229 update.symantec.com
O1 - Hosts: 198.204.29.177 updates.symantec.com
O1 - Hosts: 157.248.118.63 us.mcafee.com
O1 - Hosts: 6.226.173.25 liveupdate.symantec.com
O1 - Hosts: 114.220.26.250 customer.symantec.com
O1 - Hosts: 24.171.119.102 rads.mcafee.com
O1 - Hosts: 162.140.146.39 trendmicro.com
O1 - Hosts: 103.34.89.39 www.trendmicro.com
O1 - Hosts: 173.174.250.51 www.grisoft.com
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [qzi113bd] RUNDLL32.EXE w52ba247.dll,n 007113b60000000552ba247
O4 - HKLM\..\Run: [ykvlosvA] C:\WINDOWS\ykvlosvA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms045020841482] C:\WINDOWS\ms045020841482.exe
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [Xoujkaj] C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
O4 - HKCU\..\Run: [winsock32] winsock32
O4 - Global Startup: vshjw.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
5. Now restart your system in Safe Mode. This step is very important!
6. Once in Safe Mode, use either Pocket KillBox or KillBox to delete the following files:
C:\WINDOWS\System32\w52ba247.dll
C:\WINDOWS\System32\vshjw.exe
C:\WINDOWS\System32\dxclib303562752.dll
C:\WINDOWS\ykvlosvA.exe
C:\WINDOWS\ms045020841482.exe
C:\Documents and Settings\Firemann\My Documents\s?curity\m?hta.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\OIN Search\OINSearch.dll
C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}\888Bar.dll
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
C:\Program Files\UltimateBet\UltimateBet.exe
Also, delete the following directories:
C:\Program Files\Internet Optimizer
C:\Program Files\UltimateBet
C:\Program Files\NewDotNet
C:\Program Files\OIN Search
C:\Program Files\Common Files\{385D2FC4-0BB0-1033-1123-040412200001}
C:\Documents and Settings\Firemann\My Documents\s?curity
7. Reboot your computer. Now run either LSP-Fix or WinsockXPFix. These utilities should fix your Internet access.
8. Download the trial version of AVG Anti-Spyware. Install the program, update its definitions and run a complete system scan. Remove all the threats the application will find.
9. After you get done, run new HijackThis scan and post a fresh log here. |
|
Tue Nov 21, 2006 12:43 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
