MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: 4bf65.ilxt.info
November 12, 2019, 08:39:03 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 12, 2019, 08:39:03 AM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: 4bf65.ilxt.info  (Read 1161 times)
Joshua
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« on: July 23, 2004, 07:16:05 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: windows xp
Problem Application Name & Version: internet exlporer
Problem Hardware Make & Model: dell inspiron 2650
Error Messages:none




recently my internet explore has been throwing popup adds from 4bf65.ilxt.info at me and has been running extremely slow.. i cant seem to get rid of the program generating the popup adds, i used spybot and adaware

here is my hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 2:55:28 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kaklmpfh.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Bargain Buddy\bin2\bargains.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\msrexe.exe
C:\Program Files\iPod\bin\iPodManager.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\temp\msbb.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\windows\winstart32.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg2.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\aebnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll
O2 - BHO: (no name) - {0BF9380C-1842-43E5-8AD7-F7DE765044B9} - C:\WINDOWS\System32\aebnk.dll
O2 - BHO: (no name) - {345AE34E-C597-1895-C41B-1C4006DC4E8D} - C:\WINDOWS\System32\slbbhnwl.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
O2 - BHO: (no name) - {ACFDAA47-3E9F-607F-0E2E-F6AEF247FDB0} - C:\WINDOWS\System32\bhudujam.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll
O2 - BHO: (no name) - {F320AB5E-6C81-3E3C-7574-EAA21113B930} - C:\WINDOWS\System32\wpxzgnlp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [awslwiqs] C:\WINDOWS\kaklmpfh.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [lhvqsri] "C:\WINDOWS\System32\lhvqsri.exe"
O4 - HKLM\..\Run: [osakdzl] "C:\WINDOWS\System32\osakdzl.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [xdevnbk] "C:\WINDOWS\System32\xdevnbk.exe"
O4 - HKLM\..\Run: [ajojvr] "C:\WINDOWS\System32\ajojvr.exe"
O4 - HKLM\..\Run: [yafckdc] "C:\WINDOWS\System32\yafckdc.exe"
O4 - HKLM\..\Run: [mpsnszc] "C:\WINDOWS\System32\mpsnszc.exe"
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System32\<HEAD>
O4 - HKLM\..\Run: [  <TITLE>Error</TI] c:\WINDOWS\System32\  <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINDOWS\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINDOWS\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System32\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINDOWS\System32\</BODY>
O4 - HKLM\..\Run: [addxyic] "C:\WINDOWS\System32\addxyic.exe"
O4 - HKLM\..\Run: [sryoith] "C:\WINDOWS\System32\sryoith.exe"
O4 - HKLM\..\Run: [ntptstb] "C:\WINDOWS\System32\ntptstb.exe"
O4 - HKLM\..\Run: [ubevmtl] "C:\WINDOWS\System32\ubevmtl.exe"
O4 - HKLM\..\Run: [cydmnsg] "C:\WINDOWS\System32\cydmnsg.exe"
O4 - HKLM\..\Run: [fszwpah] "C:\WINDOWS\System32\fszwpah.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [vmmjshl] "C:\WINDOWS\System32\vmmjshl.exe"
O4 - HKLM\..\Run: [ijudxwm] "C:\WINDOWS\System32\ijudxwm.exe"
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [kyyhjhm] "C:\WINDOWS\System32\kyyhjhm.exe"
O4 - HKLM\..\Run: [encjfkm] "C:\WINDOWS\System32\encjfkm.exe"
O4 - HKLM\..\Run: [wboqhcb] "C:\WINDOWS\System32\wboqhcb.exe"
O4 - HKLM\..\Run: [gyyssyf] "C:\WINDOWS\System32\gyyssyf.exe"
O4 - HKLM\..\Run: [ivhicnm] "C:\WINDOWS\System32\ivhicnm.exe"
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [oqbenjh] "C:\WINDOWS\System32\oqbenjh.exe"
O4 - HKLM\..\Run: [pfdzrtd] "C:\WINDOWS\System32\pfdzrtd.exe"
O4 - HKLM\..\Run: [oilalgh] "C:\WINDOWS\System32\oilalgh.exe"
O4 - HKLM\..\Run: [fqasdpe] "C:\WINDOWS\System32\fqasdpe.exe"
O4 - HKLM\..\Run: [pdnbjwg] "C:\WINDOWS\System32\pdnbjwg.exe"
O4 - HKLM\..\Run: [ibdbepc] "C:\WINDOWS\System32\ibdbepc.exe"
O4 - HKLM\..\Run: [eavpjqc] "C:\WINDOWS\System32\eavpjqc.exe"
O4 - HKLM\..\Run: [tkxgvrd] "C:\WINDOWS\System32\tkxgvrd.exe"
O4 - HKLM\..\Run: [eeebsdg] "C:\WINDOWS\System32\eeebsdg.exe"
O4 - HKLM\..\Run: [vwmzxnk] "C:\WINDOWS\System32\vwmzxnk.exe"
O4 - HKLM\..\Run: [lznujqd] "C:\WINDOWS\System32\lznujqd.exe"
O4 - HKLM\..\Run: [kwudfmg] "C:\WINDOWS\System32\kwudfmg.exe"
O4 - HKLM\..\Run: [wzekzmf] "C:\WINDOWS\System32\wzekzmf.exe"
O4 - HKLM\..\Run: [ndwilqb] "C:\WINDOWS\System32\ndwilqb.exe"
O4 - HKLM\..\Run: [tisxqem] "C:\WINDOWS\System32\tisxqem.exe"
O4 - HKLM\..\Run: [zrevmrm] "C:\WINDOWS\System32\zrevmrm.exe"
O4 - HKLM\..\Run: [bmffjrc] "C:\WINDOWS\System32\bmffjrc.exe"
O4 - HKLM\..\Run: [irsggff] "C:\WINDOWS\System32\irsggff.exe"
O4 - HKLM\..\Run: [krbyeuj] "C:\WINDOWS\System32\krbyeuj.exe"
O4 - HKLM\..\Run: [ezbbqaf] "C:\WINDOWS\System32\ezbbqaf.exe"
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [iummisl] "C:\DOCUME~1\Josh\LOCALS~1\Temp\iummisl.exe"
O4 - HKLM\..\Run: [pkmgijl] "C:\WINDOWS\System32\pkmgijl.exe"
O4 - HKLM\..\Run: [rlmxwym] "C:\WINDOWS\System32\rlmxwym.exe"
O4 - HKLM\..\Run: [ulneyeh] "C:\WINDOWS\System32\ulneyeh.exe"
O4 - HKLM\..\Run: [porzwgg] "C:\WINDOWS\System32\porzwgg.exe"
O4 - HKLM\..\Run: [ywfgadn] "C:\WINDOWS\System32\ywfgadn.exe"
O4 - HKLM\..\Run: [eyfavjg] "C:\WINDOWS\System32\eyfavjg.exe"
O4 - HKLM\..\Run: [ubvvqhe] "C:\WINDOWS\System32\ubvvqhe.exe"
O4 - HKLM\..\Run: [rtwzrpn] "C:\WINDOWS\System32\rtwzrpn.exe"
O4 - HKLM\..\Run: [sweqwel] "C:\WINDOWS\System32\sweqwel.exe"
O4 - HKLM\..\Run: [bmtjjfh] "C:\WINDOWS\System32\bmtjjfh.exe"
O4 - HKLM\..\Run: [rcglyod] "C:\WINDOWS\System32\rcglyod.exe"
O4 - HKLM\..\Run: [zgkzssi] "C:\WINDOWS\System32\zgkzssi.exe"
O4 - HKLM\..\Run: [fqjaxcd] "C:\WINDOWS\System32\fqjaxcd.exe"
O4 - HKLM\..\Run: [sbtgrag] "C:\WINDOWS\System32\sbtgrag.exe"
O4 - HKLM\..\Run: [wklrerl] "C:\WINDOWS\System32\wklrerl.exe"
O4 - HKLM\..\Run: [osavipf] "C:\WINDOWS\System32\osavipf.exe"
O4 - HKLM\..\Run: [mgdmirl] "C:\WINDOWS\System32\mgdmirl.exe"
O4 - HKLM\..\Run: [wbxkzzf] "C:\WINDOWS\System32\wbxkzzf.exe"
O4 - HKLM\..\Run: [fkqfjxg] "C:\WINDOWS\System32\fkqfjxg.exe"
O4 - HKLM\..\Run: [tawdypk] "C:\WINDOWS\System32\tawdypk.exe"
O4 - HKLM\..\Run: [zdhknbk] "C:\WINDOWS\System32\zdhknbk.exe"
O4 - HKLM\..\Run: [ikkppvd] "C:\WINDOWS\System32\ikkppvd.exe"
O4 - HKLM\..\Run: [dadenwn] "C:\WINDOWS\System32\dadenwn.exe"
O4 - HKLM\..\Run: [ynxksn] "C:\WINDOWS\System32\ynxksn.exe"
O4 - HKLM\..\Run: [ienmjaf] "C:\WINDOWS\System32\ienmjaf.exe"
O4 - HKLM\..\Run: [uztkgwn] "C:\WINDOWS\System32\uztkgwn.exe"
O4 - HKLM\..\Run: [scpsoum] "C:\WINDOWS\System32\scpsoum.exe"
O4 - HKLM\..\Run: [ykclqsf] "C:\WINDOWS\System32\ykclqsf.exe"
O4 - HKLM\..\Run: [qjzpzdm] "C:\WINDOWS\System32\qjzpzdm.exe"
O4 - HKLM\..\Run: [kjgrhjm] "C:\WINDOWS\System32\kjgrhjm.exe"
O4 - HKLM\..\Run: [rjsegu] "C:\WINDOWS\System32\rjsegu.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [zvyynem] "C:\WINDOWS\System32\zvyynem.exe"
O4 - HKLM\..\Run: [ukosxwc] "C:\WINDOWS\System32\ukosxwc.exe"
O4 - HKLM\..\Run: [dnoxth] "C:\WINDOWS\System32\dnoxth.exe"
O4 - HKLM\..\Run: [bmciuwd] "C:\WINDOWS\System32\bmciuwd.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [amitytc] "C:\WINDOWS\System32\amitytc.exe"
O4 - HKLM\..\Run: [zsfodb] "C:\WINDOWS\System32\zsfodb.exe"
O4 - HKLM\..\Run: [lzeffkh] "C:\WINDOWS\System32\lzeffkh.exe"
O4 - HKLM\..\Run: [zqgazec] "C:\WINDOWS\System32\zqgazec.exe"
O4 - HKLM\..\Run: [vlztgld] "C:\WINDOWS\System32\vlztgld.exe"
O4 - HKLM\..\Run: [pcdghik] "C:\WINDOWS\System32\pcdghik.exe"
O4 - HKLM\..\Run: [ksycugh] "C:\WINDOWS\System32\ksycugh.exe"
O4 - HKLM\..\Run: [joagbyg] "C:\WINDOWS\System32\joagbyg.exe"
O4 - HKLM\..\Run: [gjdncll] "C:\WINDOWS\System32\gjdncll.exe"
O4 - HKLM\..\Run: [kxlxsnj] "C:\WINDOWS\System32\kxlxsnj.exe"
O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [zcnqkpm] "C:\WINDOWS\System32\zcnqkpm.exe"
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
O4 - HKLM\..\Run: [vwytici] "C:\WINDOWS\System32\vwytici.exe"
O4 - HKLM\..\Run: [asmteof] "C:\WINDOWS\System32\asmteof.exe"
O4 - HKLM\..\Run: [zfdwidn] "C:\WINDOWS\System32\zfdwidn.exe"
O4 - HKLM\..\Run: [frrcayg] "C:\WINDOWS\System32\frrcayg.exe"
O4 - HKLM\..\Run: [gqvgqvb] "C:\WINDOWS\System32\gqvgqvb.exe"
O4 - HKLM\..\Run: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKLM\..\Run: [erilwpf] "C:\WINDOWS\System32\erilwpf.exe"
O4 - HKLM\..\Run: [tnrzifb] "C:\WINDOWS\System32\tnrzifb.exe"
O4 - HKLM\..\Run: [qezihpm] "C:\WINDOWS\System32\qezihpm.exe"
O4 - HKLM\..\Run: [brhoohg] "C:\WINDOWS\System32\brhoohg.exe"
O4 - HKLM\..\Run: [fqmsvii] "C:\WINDOWS\System32\fqmsvii.exe"
O4 - HKLM\..\Run: [pcnpkgh] "C:\WINDOWS\System32\pcnpkgh.exe"
O4 - HKLM\..\Run: [bsxzqgm] "C:\WINDOWS\System32\bsxzqgm.exe"
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [dljcohn] "C:\WINDOWS\System32\dljcohn.exe"
O4 - HKLM\..\Run: [ihxlil] "C:\WINDOWS\System32\ihxlil.exe"
O4 - HKLM\..\Run: [gmswwqg] "C:\WINDOWS\System32\gmswwqg.exe"
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [sqwpvu] "C:\WINDOWS\System32\sqwpvu.exe"
O4 - HKLM\..\Run: [vkkvkde] "C:\WINDOWS\System32\vkkvkde.exe"
O4 - HKLM\..\Run: [xslxcq] "C:\WINDOWS\System32\xslxcq.exe"
O4 - HKLM\..\Run: [tcqxxpc] "C:\WINDOWS\System32\tcqxxpc.exe"
O4 - HKLM\..\Run: [oodjfam] "C:\WINDOWS\System32\oodjfam.exe"
O4 - HKLM\..\Run: [avzndjk] "C:\WINDOWS\System32\avzndjk.exe"
O4 - HKLM\..\Run: [lvwzuwl] "C:\WINDOWS\System32\lvwzuwl.exe"
O4 - HKLM\..\Run: [aourxvn] "C:\WINDOWS\System32\aourxvn.exe"
O4 - HKLM\..\Run: [gnnfwic] "C:\WINDOWS\System32\gnnfwic.exe"
O4 - HKLM\..\RunServices: [Windows TCP/IP] wintcp.exe
O4 - HKLM\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Josh\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Josh\Client\HelpExp.exe
O4 - HKCU\..\Run: [<H] c:\WINDOWS\System32\<HEAD>
O4 - HKCU\..\Run: [  <TITLE>Error</TI] c:\WINDOWS\System32\  <TITLE>Error</TITLE>
O4 - HKCU\..\Run: [</H] c:\WINDOWS\System32\</HTML>
O4 - HKCU\..\Run: [<B] c:\WINDOWS\System32\<BODY>
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System32\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System32\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System32\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
O4 - HKCU\..\Run: [</B] c:\WINDOWS\System32\</BODY>
O4 - HKCU\..\Run: [Winstart] C:\windows\winstart32.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\RunServices: [Winstart] C:\windows\winstart32.exe
O4 - HKCU\..\RunServices: [AolCInUna] C:\windows\system\AolCInUna.com
O4 - HKCU\..\RunServices: [exploer.exe] C:\WINDOWS\System32\exploer.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Josh\LOCALS~1\Temp\djtopr1150.exe"
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Josh\Application Data\DownloadPlus.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: WAB501 Configuration Utility.lnk = C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=8eed54950496bfeb5899b8ba81fbaa8f52698706bfeedff
388bf3e8d58cf5f61afd31721d03773ca067a2afbc699d63f22ed05f72cb55925:0db69b72ff39cfe5e585d7b34e81015d
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00010/chm.chm::/files/initial.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


I AM ON MY KNEES BEGGING ANYBODY TO HELP ME

Shortened the 016 entry
« Last Edit: July 23, 2004, 08:59:12 PM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 23, 2004, 08:56:29 PM »

You have an outdated version of hijackthis
Can you please delete your copy and redownload
download from
HERE or HERE

Rescan and post a new log, you have a bit of work ahead of you Smiley
« Last Edit: July 23, 2004, 08:57:10 PM by benditup » Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 28, 2017, 09:24:32 PM