MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Major Spyware problem need some help
November 23, 2019, 02:33:11 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 23, 2019, 02:33:11 AM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Major Spyware problem need some help  (Read 5128 times)
Jayhova990
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« on: February 05, 2005, 01:45:50 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:XP
Problem Application Name & Version:dddd.exe and some other other one
Problem Hardware Make & Model:
Error Messages:


Hey guys im having major problems with spyware  first i have one that has taken over my wallpaper and an icon comes up with the wallpaper that says protect your data  and the other one is the dddd.exe its a new webdailer it like a newer version tibs dailer  but new it comes up more often  too i ran adware and it doesnt detect them so im guessing its new spyware  so if anyone  could help because ever since i havent been able to do anything with my computer so Hijak thread  thanks


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Systems.ini:lmgaq
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wintime.exe
C:\WINDOWS\system32\netet.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\axsaq.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Bpt\bpt.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\hczevw.exe
C:\WINDOWS\System32\sqlacmgr.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\1A.tmp.exe
C:\Program Files\Washer\washer.exe
C:\WINDOWS\System32\shueqchk.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\windows\system32\ugvswl.exe
C:\windows\system32\calc.exe
C:\Program Files\America Online 8.0b\waol.exe
C:\Program Files\America Online 8.0b\shellmon.exe
C:\Program Files\America Online 8.0b\aolwbspd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: (no name) - {4049B7E7-33AE-BFBE-2370-53B9B1C7072F} - C:\WINDOWS\system32\d3rg.dll
O4 - HKLM\..\Run: [sysbx.exe] C:\WINDOWS\system32\sysbx.exe
O4 - HKLM\..\Run: [64SPs-SPPE] C:\WINDOWS\system32\64SPs-SPPE.exe
O4 - HKLM\..\Run: [mfclm.exe] C:\WINDOWS\system32\mfclm.exe
O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
O4 - HKLM\..\Run: [apivz32.exe] C:\WINDOWS\system32\apivz32.exe
O4 - HKLM\..\Run: [winol32.exe] C:\WINDOWS\system32\winol32.exe
O4 - HKLM\..\Run: [mszz32.exe] C:\WINDOWS\system32\mszz32.exe
O4 - HKLM\..\Run: [wintj.exe] C:\WINDOWS\system32\wintj.exe
O4 - HKLM\..\Run: [atlck32.exe] C:\WINDOWS\system32\atlck32.exe
O4 - HKLM\..\Run: [wingh32.exe] C:\WINDOWS\system32\wingh32.exe
O4 - HKLM\..\Run: [msju.exe] C:\WINDOWS\system32\msju.exe
O4 - HKLM\..\Run: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\Run: [iplk32.exe] C:\WINDOWS\system32\iplk32.exe
O4 - HKLM\..\Run: [d3la.exe] C:\WINDOWS\system32\d3la.exe
O4 - HKLM\..\Run: [netet.exe] C:\WINDOWS\system32\netet.exe
O4 - HKLM\..\Run: [d3zs.exe] C:\WINDOWS\system32\d3zs.exe
O4 - HKLM\..\Run: [winee.exe] C:\WINDOWS\system32\winee.exe
O4 - HKLM\..\Run: [i9oid2992s8k] C:\WINDOWS\system32\i9oid2992s8k.exe
O4 - HKLM\..\Run: [0es9m5] C:\WINDOWS\system32\0es9m5.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e13j] C:\WINDOWS\system32\e13j.exe
O4 - HKLM\..\Run: [V1NDOc] C:\documents and settings\home\local settings\temp\V1NDOc.exe
O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 - HKLM\..\Run: [yme] C:\WINDOWS\system32\yme.exe
O4 - HKLM\..\Run: [5muygj] C:\WINDOWS\system32\5muygj.exe
O4 - HKLM\..\Run: [jz15ussssmm] C:\WINDOWS\system32\jz15ussssmm.exe
O4 - HKLM\..\Run: [ow6q68t3] C:\WINDOWS\system32\ow6q68t3.exe
O4 - HKLM\..\Run: [j8s0frkrn] C:\WINDOWS\system32\j8s0frkrn.exe
O4 - HKLM\..\Run: [qrkcuh37n3] C:\WINDOWS\system32\qrkcuh37n3.exe
O4 - HKLM\..\Run: [wg4sdnkh1kw] C:\WINDOWS\system32\wg4sdnkh1kw.exe
O4 - HKLM\..\Run: [slgdg] C:\WINDOWS\system32\slgdg.exe
O4 - HKLM\..\Run: [rkw3t] C:\WINDOWS\system32\rkw3t.exe
O4 - HKLM\..\Run: [netqh32.exe] C:\WINDOWS\system32\netqh32.exe
O4 - HKLM\..\Run: [ists9jcs1] C:\WINDOWS\system32\ists9jcs1.exe
O4 - HKLM\..\Run: [sij6kckse] C:\WINDOWS\system32\sij6kckse.exe
O4 - HKLM\..\Run: [7e5ikb8vt] C:\WINDOWS\system32\7e5ikb8vt.exe
O4 - HKLM\..\Run: [jr1h55] C:\WINDOWS\system32\jr1h55.exe
O4 - HKLM\..\Run: [rlz] C:\WINDOWS\system32\rlz.exe
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswklsd32.exe
O4 - HKLM\..\Run: [z6fyw9] C:\WINDOWS\system32\z6fyw9.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [bzq7e06u9e] C:\WINDOWS\system32\bzq7e06u9e.exe
O4 - HKLM\..\Run: [5h9ub5] C:\WINDOWS\system32\5h9ub5.exe
O4 - HKLM\..\Run: [5jxhn9e7] C:\WINDOWS\system32\5jxhn9e7.exe
O4 - HKLM\..\Run: [winxh32.exe] C:\WINDOWS\system32\winxh32.exe
O4 - HKLM\..\Run: [lq5] C:\documents and settings\home\local settings\temp\lq5.exe
O4 - HKLM\..\Run: [idu] C:\WINDOWS\system32\idu.exe
O4 - HKLM\..\Run: [mlfuk23t] C:\WINDOWS\system32\mlfuk23t.exe
O4 - HKLM\..\Run: [vm1oytk] C:\WINDOWS\system32\vm1oytk.exe
O4 - HKLM\..\Run: [d3nc32.exe] C:\WINDOWS\system32\d3nc32.exe
O4 - HKLM\..\Run: [7d5] C:\WINDOWS\system32\7d5.exe
O4 - HKLM\..\Run: [up27] C:\WINDOWS\system32\up27.exe
O4 - HKLM\..\Run: [956] C:\WINDOWS\system32\956.exe
O4 - HKLM\..\Run: [aa59b] C:\WINDOWS\system32\aa59b.exe
O4 - HKLM\..\Run: [niuzhgpuk] C:\WINDOWS\system32\niuzhgpuk.exe
O4 - HKLM\..\Run: [iyptcw3f] C:\WINDOWS\system32\iyptcw3f.exe
O4 - HKLM\..\Run: [8wyytun33thy] C:\WINDOWS\system32\8wyytun33thy.exe
O4 - HKLM\..\Run: [msqq32.exe] C:\WINDOWS\system32\msqq32.exe
O4 - HKLM\..\Run: [7113jzvo17vn] C:\WINDOWS\system32\7113jzvo17vn.exe
O4 - HKLM\..\Run: [2bk] C:\WINDOWS\system32\2bk.exe
O4 - HKLM\..\Run: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
O4 - HKLM\..\Run: [r9tkbkc] C:\WINDOWS\system32\r9tkbkc.exe
O4 - HKLM\..\Run: [itazi61j5yxy] C:\WINDOWS\system32\itazi61j5yxy.exe
O4 - HKLM\..\Run: [0m22ads93] C:\WINDOWS\system32\0m22ads93.exe
O4 - HKLM\..\Run: [lgz] C:\WINDOWS\system32\lgz.exe
O4 - HKLM\..\Run: [v5t] C:\WINDOWS\system32\v5t.exe
O4 - HKLM\..\Run: [m4s0g4dp] C:\WINDOWS\system32\m4s0g4dp.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [x3j7] C:\WINDOWS\system32\x3j7.exe
O4 - HKLM\..\Run: [61wc8q7wls6n] C:\WINDOWS\system32\61wc8q7wls6n.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe
O4 - HKLM\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKLM\..\Run: [x9kam2epyp1s] C:\WINDOWS\system32\x9kam2epyp1s.exe
O4 - HKLM\..\Run: [uluxz] C:\WINDOWS\system32\uluxz.exe
O4 - HKLM\..\Run: [11.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\11.tmp.exe 1 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKLM\..\Run: [11.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\11.tmp.exe 1 10001
O4 - HKLM\..\Run: [ue49a1wzu9h] C:\WINDOWS\system32\ue49a1wzu9h.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [ugvswl] c:\windows\system32\ugvswl.exe
O4 - HKLM\..\Run: [18.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\18.tmp.exe 0 10001
O4 - HKLM\..\Run: [18.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\18.tmp.exe 0 10001
O4 - HKLM\..\Run: [wiftoikh] C:\WINDOWS\system32\wiftoikh.exe
O4 - HKLM\..\Run: [p5yi9pptcj8] C:\WINDOWS\system32\p5yi9pptcj8.exe
O4 - HKLM\..\Run: [mrapyuzqbaqfmx] C:\WINDOWS\System32\wjwufblyod.exe
O4 - HKLM\..\Run: [8.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\8.tmp.exe 1 10001
O4 - HKLM\..\Run: [8.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\8.tmp.exe 1 10001
O4 - HKLM\..\Run: [lgpvz] C:\WINDOWS\system32\lgpvz.exe
O4 - HKLM\..\Run: [xsEO3pS] sqlacmgr.exe
O4 - HKLM\..\Run: [1C.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\1C.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [u9rsv15wd19] C:\WINDOWS\system32\u9rsv15wd19.exe
O4 - HKLM\..\Run: [1C.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\1C.tmp.exe 3 10001
O4 - HKLM\..\Run: [4f9rsfttx] C:\WINDOWS\system32\4f9rsfttx.exe
O4 - HKLM\..\Run: [1A.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\1A.tmp.exe 1 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvyo32.exe
O4 - HKLM\..\Run: [axsaq] C:\WINDOWS\system32\axsaq.exe
O4 - HKLM\..\Run: [1A.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\1A.tmp.exe 4 10001
O4 - HKCU\..\Run: [64SPs-SPPE] C:\WINDOWS\system32\64SPs-SPPE.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Qqixv] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [i9oid2992s8k] C:\WINDOWS\system32\i9oid2992s8k.exe
O4 - HKCU\..\Run: [0es9m5] C:\WINDOWS\system32\0es9m5.exe
O4 - HKCU\..\Run: [e13j] C:\WINDOWS\system32\e13j.exe
O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 - HKCU\..\Run: [yme] C:\WINDOWS\system32\yme.exe
O4 - HKCU\..\Run: [5muygj] C:\WINDOWS\system32\5muygj.exe
O4 - HKCU\..\Run: [jz15ussssmm] C:\WINDOWS\system32\jz15ussssmm.exe
O4 - HKCU\..\Run: [ow6q68t3] C:\WINDOWS\system32\ow6q68t3.exe
O4 - HKCU\..\Run: [j8s0frkrn] C:\WINDOWS\system32\j8s0frkrn.exe
O4 - HKCU\..\Run: [qrkcuh37n3] C:\WINDOWS\system32\qrkcuh37n3.exe
O4 - HKCU\..\Run: [wg4sdnkh1kw] C:\WINDOWS\system32\wg4sdnkh1kw.exe
O4 - HKCU\..\Run: [2fty8utz5n] C:\WINDOWS\system32\2fty8utz5n.exe
O4 - HKCU\..\Run: [slgdg] C:\WINDOWS\system32\slgdg.exe
O4 - HKCU\..\Run: [rkw3t] C:\WINDOWS\system32\rkw3t.exe
O4 - HKCU\..\Run: [ists9jcs1] C:\WINDOWS\system32\ists9jcs1.exe
O4 - HKCU\..\Run: [sij6kckse] C:\WINDOWS\system32\sij6kckse.exe
O4 - HKCU\..\Run: [7e5ikb8vt] C:\WINDOWS\system32\7e5ikb8vt.exe
O4 - HKCU\..\Run: [bd1tazjrz1] C:\WINDOWS\system32\bd1tazjrz1.exe
O4 - HKCU\..\Run: [jr1h55] C:\WINDOWS\system32\jr1h55.exe
O4 - HKCU\..\Run: [rlz] C:\WINDOWS\system32\rlz.exe
O4 - HKCU\..\Run: [z6fyw9] C:\WINDOWS\system32\z6fyw9.exe
O4 - HKCU\..\Run: [bzq7e06u9e] C:\WINDOWS\system32\bzq7e06u9e.exe
O4 - HKCU\..\Run: [e5dllg4xgr] C:\WINDOWS\system32\e5dllg4xgr.exe
O4 - HKCU\..\Run: [5h9ub5] C:\WINDOWS\system32\5h9ub5.exe
O4 - HKCU\..\Run: [5jxhn9e7] C:\WINDOWS\system32\5jxhn9e7.exe
O4 - HKCU\..\Run: [idu] C:\WINDOWS\system32\idu.exe
O4 - HKCU\..\Run: [mlfuk23t] C:\WINDOWS\system32\mlfuk23t.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [vm1oytk] C:\WINDOWS\system32\vm1oytk.exe
O4 - HKCU\..\Run: [7d5] C:\WINDOWS\system32\7d5.exe
O4 - HKCU\..\Run: [up27] C:\WINDOWS\system32\up27.exe
O4 - HKCU\..\Run: [956] C:\WINDOWS\system32\956.exe
O4 - HKCU\..\Run: [aa59b] C:\WINDOWS\system32\aa59b.exe
O4 - HKCU\..\Run: [niuzhgpuk] C:\WINDOWS\system32\niuzhgpuk.exe
O4 - HKCU\..\Run: [iyptcw3f] C:\WINDOWS\system32\iyptcw3f.exe
O4 - HKCU\..\Run: [8wyytun33thy] C:\WINDOWS\system32\8wyytun33thy.exe
O4 - HKCU\..\Run: [7113jzvo17vn] C:\WINDOWS\system32\7113jzvo17vn.exe
O4 - HKCU\..\Run: [2bk] C:\WINDOWS\system32\2bk.exe
O4 - HKCU\..\Run: [cp1luvj5o3] C:\WINDOWS\system32\cp1luvj5o3.exe
O4 - HKCU\..\Run: [r9tkbkc] C:\WINDOWS\system32\r9tkbkc.exe
O4 - HKCU\..\Run: [itazi61j5yxy] C:\WINDOWS\system32\itazi61j5yxy.exe
O4 - HKCU\..\Run: [0m22ads93] C:\WINDOWS\system32\0m22ads93.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [lgz] C:\WINDOWS\system32\lgz.exe
O4 - HKCU\..\Run: [v5t] C:\WINDOWS\system32\v5t.exe
O4 - HKCU\..\Run: [m4s0g4dp] C:\WINDOWS\system32\m4s0g4dp.exe
O4 - HKCU\..\Run: [x3j7] C:\WINDOWS\system32\x3j7.exe
O4 - HKCU\..\Run: [fwl5h82kaw] C:\WINDOWS\system32\fwl5h82kaw.exe
O4 - HKCU\..\Run: [61wc8q7wls6n] C:\WINDOWS\system32\61wc8q7wls6n.exe
O4 - HKCU\..\Run: [sysformat] C:\WINDOWS\System32\sysformat.exe
O4 - HKCU\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKCU\..\Run: [x9kam2epyp1s] C:\WINDOWS\system32\x9kam2epyp1s.exe
O4 - HKCU\..\Run: [uluxz] C:\WINDOWS\system32\uluxz.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKCU\..\Run: [ue49a1wzu9h] C:\WINDOWS\system32\ue49a1wzu9h.exe
O4 - HKCU\..\Run: [wiftoikh] C:\WINDOWS\system32\wiftoikh.exe
O4 - HKCU\..\Run: [p5yi9pptcj8] C:\WINDOWS\system32\p5yi9pptcj8.exe
O4 - HKCU\..\Run: [gBxERfe8U] shueqchk.exe
O4 - HKCU\..\Run: [lgpvz] C:\WINDOWS\system32\lgpvz.exe
O4 - HKCU\..\Run: [u9rsv15wd19] C:\WINDOWS\system32\u9rsv15wd19.exe
O4 - HKCU\..\Run: [4f9rsfttx] C:\WINDOWS\system32\4f9rsfttx.exe
O4 - HKCU\..\Run: [axsaq] C:\WINDOWS\system32\axsaq.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megap*rnix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/10.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captaincode.com/ccbar/ccbar.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15a2f7d5f76aa55c1005/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095222820042
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/s*xDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {C3B2B2F0-6406-11D9-9669-0800200C9A66} - http://fad-1109.nyc1.targetnet.com/ad/id=bryantq&opt=htj&pt=13760923251434589967&pfin=HEG4KVTFLOEH&cv=210&uid=2030754550&url=http://www.ouchvideo.com/c2/svcmm32.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol.com/snesman64/myhomepage/ProfR1G.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD3F8A7-1E40-42A7-B50D-D0183183229F}: NameServer = 205.188.146.145
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O19 - User stylesheet:  (file missing)
O21 - SSODL: eplrr - {0E49F1D6-12AE-4F68-A1AE-BC3FE06A4745} - C:\WINDOWS\System32\eplrr3.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Security Agent - Unknown - C:\WINDOWS\system32\scagent.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\Systems.ini:lmgaq.exe (file missing)
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: February 05, 2005, 05:21:40 AM »

Hi and Welcome
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order its listed.If you don't understand please ask before proceeding with the fixes. Please Keep your browser closed when you are carrying out the fixes.Please do not run HJT on the desktop or a temp folder.Its best run in a dedicated folder of its own.

Download and run   DELDOMAINS
then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


After that Make sure to run CWShreader, Adaware and Spybot  (check for updates)  as these will do a preliminary clean first.Some files below may not be present after running the above programs

Then.....
Turn off your System Restore.See Here.Reinstate it and create an new restore point when your log is cleaned.Close your browser window and run hjt in safe mode... How To Run Safemode  and have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked". .

If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the  EXE files (if they are there) and click Kill process before deleting.

Make sure to have your system set to show hidden files and folders..How To Show File .

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


Every one of these EXE will need to be deleted from your hard drive...
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: (no name) - {4049B7E7-33AE-BFBE-2370-53B9B1C7072F} - C:\WINDOWS\system32\d3rg.dll
O4 - HKLM\..\Run: [sysbx.exe] C:\WINDOWS\system32\sysbx.exe
O4 - HKLM\..\Run: [64SPs-SPPE] C:\WINDOWS\system32\64SPs-SPPE.exe
O4 - HKLM\..\Run: [mfclm.exe] C:\WINDOWS\system32\mfclm.exe
O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
O4 - HKLM\..\Run: [apivz32.exe] C:\WINDOWS\system32\apivz32.exe
O4 - HKLM\..\Run: [winol32.exe] C:\WINDOWS\system32\winol32.exe
O4 - HKLM\..\Run: [mszz32.exe] C:\WINDOWS\system32\mszz32.exe
O4 - HKLM\..\Run: [wintj.exe] C:\WINDOWS\system32\wintj.exe
O4 - HKLM\..\Run: [atlck32.exe] C:\WINDOWS\system32\atlck32.exe
O4 - HKLM\..\Run: [wingh32.exe] C:\WINDOWS\system32\wingh32.exe
O4 - HKLM\..\Run: [msju.exe] C:\WINDOWS\system32\msju.exe
O4 - HKLM\..\Run: [netvw.exe] C:\WINDOWS\system32\netvw.exe
O4 - HKLM\..\Run: [iplk32.exe] C:\WINDOWS\system32\iplk32.exe
O4 - HKLM\..\Run: [d3la.exe] C:\WINDOWS\system32\d3la.exe
O4 - HKLM\..\Run: [netet.exe] C:\WINDOWS\system32\netet.exe
O4 - HKLM\..\Run: [d3zs.exe] C:\WINDOWS\system32\d3zs.exe
O4 - HKLM\..\Run: [winee.exe] C:\WINDOWS\system32\winee.exe
O4 - HKLM\..\Run: [i9oid2992s8k] C:\WINDOWS\system32\i9oid2992s8k.exe
O4 - HKLM\..\Run: [0es9m5] C:\WINDOWS\system32\0es9m5.exe
O4 - HKLM\..\Run: [e13j] C:\WINDOWS\system32\e13j.exe
O4 - HKLM\..\Run: [V1NDOc] C:\documents and settings\home\local settings\temp\V1NDOc.exe
O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 - HKLM\..\Run: [yme] C:\WINDOWS\system32\yme.exe
O4 - HKLM\..\Run: [5muygj] C:\WINDOWS\system32\5muygj.exe
O4 - HKLM\..\Run: [jz15ussssmm] C:\WINDOWS\system32\jz15ussssmm.exe
O4 - HKLM\..\Run: [ow6q68t3] C:\WINDOWS\system32\ow6q68t3.exe
O4 - HKLM\..\Run: [j8s0frkrn] C:\WINDOWS\system32\j8s0frkrn.exe
O4 - HKLM\..\Run: [qrkcuh37n3] C:\WINDOWS\system32\qrkcuh37n3.exe
O4 - HKLM\..\Run: [wg4sdnkh1kw] C:\WINDOWS\system32\wg4sdnkh1kw.exe
O4 - HKLM\..\Run: [slgdg] C:\WINDOWS\system32\slgdg.exe
O4 - HKLM\..\Run: [rkw3t] C:\WINDOWS\system32\rkw3t.exe
O4 - HKLM\..\Run: [netqh32.exe] C:\WINDOWS\system32\netqh32.exe
O4 - HKLM\..\Run: [ists9jcs1] C:\WINDOWS\system32\ists9jcs1.exe
O4 - HKLM\..\Run: [sij6kckse] C:\WINDOWS\system32\sij6kckse.exe
O4 - HKLM\..\Run: [7e5ikb8vt] C:\WINDOWS\system32\7e5ikb8vt.exe
O4 - HKLM\..\Run: [jr1h55] C:\WINDOWS\system32\jr1h55.exe
O4 - HKLM\..\Run: [rlz] C:\WINDOWS\system32\rlz.exe
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswklsd32.exe
O4 - HKLM\..\Run: [z6fyw9] C:\WINDOWS\system32\z6fyw9.exe
O4 - HKLM\..\Run: [bzq7e06u9e] C:\WINDOWS\system32\bzq7e06u9e.exe
O4 - HKLM\..\Run: [5h9ub5] C:\WINDOWS\system32\5h9ub5.exe
O4 - HKLM\..\Run: [5jxhn9e7] C:\WINDOWS\system32\5jxhn9e7.exe
O4 - HKLM\..\Run: [winxh32.exe] C:\WINDOWS\system32\winxh32.exe
O4 - HKLM\..\Run: [lq5] C:\documents and settings\home\local settings\temp\lq5.exe
O4 - HKLM\..\Run: [idu] C:\WINDOWS\system32\idu.exe
O4 - HKLM\..\Run: [mlfuk23t] C:\WINDOWS\system32\mlfuk23t.exe
O4 - HKLM\..\Run: [vm1oytk] C:\WINDOWS\system32\vm1oytk.exe
O4 - HKLM\..\Run: [d3nc32.exe] C:\WINDOWS\system32\d3nc32.exe
O4 - HKLM\..\Run: [7d5] C:\WINDOWS\system32\7d5.exe
O4 - HKLM\..\Run: [up27] C:\WINDOWS\system32\up27.exe
O4 - HKLM\..\Run: [956] C:\WINDOWS\system32\956.exe
O4 - HKLM\..\Run: [aa59b] C:\WINDOWS\system32\aa59b.exe
O4 - HKLM\..\Run: [niuzhgpuk] C:\WINDOWS\system32\niuzhgpuk.exe
O4 - HKLM\..\Run: [iyptcw3f] C:\WINDOWS\system32\iyptcw3f.exe
O4 - HKLM\..\Run: [8wyytun33thy] C:\WINDOWS\system32\8wyytun33thy.exe
O4 - HKLM\..\Run: [msqq32.exe] C:\WINDOWS\system32\msqq32.exe
O4 - HKLM\..\Run: [7113jzvo17vn] C:\WINDOWS\system32\7113jzvo17vn.exe
O4 - HKLM\..\Run: [2bk] C:\WINDOWS\system32\2bk.exe
O4 - HKLM\..\Run: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
O4 - HKLM\..\Run: [r9tkbkc] C:\WINDOWS\system32\r9tkbkc.exe
O4 - HKLM\..\Run: [itazi61j5yxy] C:\WINDOWS\system32\itazi61j5yxy.exe
O4 - HKLM\..\Run: [0m22ads93] C:\WINDOWS\system32\0m22ads93.exe
O4 - HKLM\..\Run: [lgz] C:\WINDOWS\system32\lgz.exe
O4 - HKLM\..\Run: [v5t] C:\WINDOWS\system32\v5t.exe
O4 - HKLM\..\Run: [m4s0g4dp] C:\WINDOWS\system32\m4s0g4dp.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [x3j7] C:\WINDOWS\system32\x3j7.exe
O4 - HKLM\..\Run: [61wc8q7wls6n] C:\WINDOWS\system32\61wc8q7wls6n.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe
O4 - HKLM\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKLM\..\Run: [x9kam2epyp1s] C:\WINDOWS\system32\x9kam2epyp1s.exe
O4 - HKLM\..\Run: [uluxz] C:\WINDOWS\system32\uluxz.exe
O4 - HKLM\..\Run: [11.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\11.tmp.exe 1 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKLM\..\Run: [11.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\11.tmp.exe 1 10001
O4 - HKLM\..\Run: [ue49a1wzu9h] C:\WINDOWS\system32\ue49a1wzu9h.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [ugvswl] c:\windows\system32\ugvswl.exe
O4 - HKLM\..\Run: [18.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\18.tmp.exe 0 10001
O4 - HKLM\..\Run: [18.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\18.tmp.exe 0 10001
O4 - HKLM\..\Run: [wiftoikh] C:\WINDOWS\system32\wiftoikh.exe
O4 - HKLM\..\Run: [p5yi9pptcj8] C:\WINDOWS\system32\p5yi9pptcj8.exe
O4 - HKLM\..\Run: [mrapyuzqbaqfmx] C:\WINDOWS\System32\wjwufblyod.exe
O4 - HKLM\..\Run: [8.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\8.tmp.exe 1 10001
O4 - HKLM\..\Run: [8.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\8.tmp.exe 1 10001
O4 - HKLM\..\Run: [lgpvz] C:\WINDOWS\system32\lgpvz.exe
O4 - HKLM\..\Run: [xsEO3pS] sqlacmgr.exe
O4 - HKLM\..\Run: [1C.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\1C.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [u9rsv15wd19] C:\WINDOWS\system32\u9rsv15wd19.exe
O4 - HKLM\..\Run: [1C.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\1C.tmp.exe 3 10001
O4 - HKLM\..\Run: [4f9rsfttx] C:\WINDOWS\system32\4f9rsfttx.exe
O4 - HKLM\..\Run: [1A.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\1A.tmp.exe 1 10001
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvyo32.exe
O4 - HKLM\..\Run: [axsaq] C:\WINDOWS\system32\axsaq.exe
O4 - HKLM\..\Run: [1A.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\1A.tmp.exe 4 10001
O4 - HKCU\..\Run: [64SPs-SPPE] C:\WINDOWS\system32\64SPs-SPPE.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Qqixv] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [i9oid2992s8k] C:\WINDOWS\system32\i9oid2992s8k.exe
O4 - HKCU\..\Run: [0es9m5] C:\WINDOWS\system32\0es9m5.exe
O4 - HKCU\..\Run: [e13j] C:\WINDOWS\system32\e13j.exe
O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 - HKCU\..\Run: [yme] C:\WINDOWS\system32\yme.exe
O4 - HKCU\..\Run: [5muygj] C:\WINDOWS\system32\5muygj.exe
O4 - HKCU\..\Run: [jz15ussssmm] C:\WINDOWS\system32\jz15ussssmm.exe
O4 - HKCU\..\Run: [ow6q68t3] C:\WINDOWS\system32\ow6q68t3.exe
O4 - HKCU\..\Run: [j8s0frkrn] C:\WINDOWS\system32\j8s0frkrn.exe
O4 - HKCU\..\Run: [qrkcuh37n3] C:\WINDOWS\system32\qrkcuh37n3.exe
O4 - HKCU\..\Run: [wg4sdnkh1kw] C:\WINDOWS\system32\wg4sdnkh1kw.exe
O4 - HKCU\..\Run: [2fty8utz5n] C:\WINDOWS\system32\2fty8utz5n.exe
O4 - HKCU\..\Run: [slgdg] C:\WINDOWS\system32\slgdg.exe
O4 - HKCU\..\Run: [rkw3t] C:\WINDOWS\system32\rkw3t.exe
O4 - HKCU\..\Run: [ists9jcs1] C:\WINDOWS\system32\ists9jcs1.exe
O4 - HKCU\..\Run: [sij6kckse] C:\WINDOWS\system32\sij6kckse.exe
O4 - HKCU\..\Run: [7e5ikb8vt] C:\WINDOWS\system32\7e5ikb8vt.exe
O4 - HKCU\..\Run: [bd1tazjrz1] C:\WINDOWS\system32\bd1tazjrz1.exe
O4 - HKCU\..\Run: [jr1h55] C:\WINDOWS\system32\jr1h55.exe
O4 - HKCU\..\Run: [rlz] C:\WINDOWS\system32\rlz.exe
O4 - HKCU\..\Run: [z6fyw9] C:\WINDOWS\system32\z6fyw9.exe
O4 - HKCU\..\Run: [bzq7e06u9e] C:\WINDOWS\system32\bzq7e06u9e.exe
O4 - HKCU\..\Run: [e5dllg4xgr] C:\WINDOWS\system32\e5dllg4xgr.exe
O4 - HKCU\..\Run: [5h9ub5] C:\WINDOWS\system32\5h9ub5.exe
O4 - HKCU\..\Run: [5jxhn9e7] C:\WINDOWS\system32\5jxhn9e7.exe
O4 - HKCU\..\Run: [idu] C:\WINDOWS\system32\idu.exe
O4 - HKCU\..\Run: [mlfuk23t] C:\WINDOWS\system32\mlfuk23t.exe
O4 - HKCU\..\Run: [vm1oytk] C:\WINDOWS\system32\vm1oytk.exe
O4 - HKCU\..\Run: [7d5] C:\WINDOWS\system32\7d5.exe
O4 - HKCU\..\Run: [up27] C:\WINDOWS\system32\up27.exe
O4 - HKCU\..\Run: [956] C:\WINDOWS\system32\956.exe
O4 - HKCU\..\Run: [aa59b] C:\WINDOWS\system32\aa59b.exe
O4 - HKCU\..\Run: [niuzhgpuk] C:\WINDOWS\system32\niuzhgpuk.exe
O4 - HKCU\..\Run: [iyptcw3f] C:\WINDOWS\system32\iyptcw3f.exe
O4 - HKCU\..\Run: [8wyytun33thy] C:\WINDOWS\system32\8wyytun33thy.exe
O4 - HKCU\..\Run: [7113jzvo17vn] C:\WINDOWS\system32\7113jzvo17vn.exe
O4 - HKCU\..\Run: [2bk] C:\WINDOWS\system32\2bk.exe
O4 - HKCU\..\Run: [cp1luvj5o3] C:\WINDOWS\system32\cp1luvj5o3.exe
O4 - HKCU\..\Run: [r9tkbkc] C:\WINDOWS\system32\r9tkbkc.exe
O4 - HKCU\..\Run: [itazi61j5yxy] C:\WINDOWS\system32\itazi61j5yxy.exe
O4 - HKCU\..\Run: [0m22ads93] C:\WINDOWS\system32\0m22ads93.exe
O4 - HKCU\..\Run: [lgz] C:\WINDOWS\system32\lgz.exe
O4 - HKCU\..\Run: [v5t] C:\WINDOWS\system32\v5t.exe
O4 - HKCU\..\Run: [m4s0g4dp] C:\WINDOWS\system32\m4s0g4dp.exe
O4 - HKCU\..\Run: [x3j7] C:\WINDOWS\system32\x3j7.exe
O4 - HKCU\..\Run: [fwl5h82kaw] C:\WINDOWS\system32\fwl5h82kaw.exe
O4 - HKCU\..\Run: [61wc8q7wls6n] C:\WINDOWS\system32\61wc8q7wls6n.exe
O4 - HKCU\..\Run: [sysformat] C:\WINDOWS\System32\sysformat.exe
O4 - HKCU\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKCU\..\Run: [x9kam2epyp1s] C:\WINDOWS\system32\x9kam2epyp1s.exe
O4 - HKCU\..\Run: [uluxz] C:\WINDOWS\system32\uluxz.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKCU\..\Run: [ue49a1wzu9h] C:\WINDOWS\system32\ue49a1wzu9h.exe
O4 - HKCU\..\Run: [wiftoikh] C:\WINDOWS\system32\wiftoikh.exe
O4 - HKCU\..\Run: [p5yi9pptcj8] C:\WINDOWS\system32\p5yi9pptcj8.exe
O4 - HKCU\..\Run: [gBxERfe8U] shueqchk.exe
O4 - HKCU\..\Run: [lgpvz] C:\WINDOWS\system32\lgpvz.exe
O4 - HKCU\..\Run: [u9rsv15wd19] C:\WINDOWS\system32\u9rsv15wd19.exe
O4 - HKCU\..\Run: [4f9rsfttx] C:\WINDOWS\system32\4f9rsfttx.exe
O4 - HKCU\..\Run: [axsaq] C:\WINDOWS\system32\axsaq.exe
C:\WINDOWS\System32\shueqchk.exe
C:\WINDOWS\System32\sqlacmgr.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megap*rnix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/10.cab

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab



« Last Edit: February 05, 2005, 05:29:10 AM by Pancake » Logged

An Australian Member of

EDDY
Jayhova990
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: February 05, 2005, 06:27:49 PM »

i have some questions  to delete the exe files do i just check them  in the hijak  and another question when i did a scan this wasnt the same  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sxrud.dll/sp.html#27859 this dll file  sxrud.dll was diffrent so should i still fix them  because alll of them i have the same dll and all them were diffrent when i scaned it again
Logged

 
Jayhova990
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #3 on: February 05, 2005, 06:32:12 PM »

and one more thing there no icons on my  desktop what do i do to get them back
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: February 06, 2005, 12:31:38 AM »

delete the exe files  from your hard drive and also fix them in hjt then post a new log.You have some big problems that we will have to go through one at a time
Logged

An Australian Member of

EDDY
Jayhova990
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #5 on: February 07, 2005, 02:28:08 PM »

Heres my new hijak
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Systems.ini:lmgaq
C:\WINDOWS\system32\soft.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\WINDOWS\system32\64rzoqroln1n.exe
C:\WINDOWS\system32\apidj.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\America Online 8.0b\waol.exe
C:\Program Files\America Online 8.0b\shellmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 8.0b\aolwbspd.exe
C:\Hijkae this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tjboc.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tjboc.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tjboc.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tjboc.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: (no name) - {71167969-C63A-6FB0-2E12-19AC38D1B9B1} - C:\WINDOWS\atlfw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [bfu] C:\WINDOWS\system32\bfu.exe
O4 - HKLM\..\Run: [64rzoqroln1n] C:\WINDOWS\system32\64rzoqroln1n.exe
O4 - HKLM\..\Run: [hmus6xzu65k] C:\WINDOWS\system32\hmus6xzu65k.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [apidj.exe] C:\WINDOWS\system32\apidj.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvxoc32.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [sysformat] C:\WINDOWS\System32\sysformat.exe
O4 - HKCU\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKCU\..\Run: [bfu] C:\WINDOWS\system32\bfu.exe
O4 - HKCU\..\Run: [64rzoqroln1n] C:\WINDOWS\system32\64rzoqroln1n.exe
O4 - HKCU\..\Run: [hmus6xzu65k] C:\WINDOWS\system32\hmus6xzu65k.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captaincode.com/ccbar/ccbar.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15a2f7d5f76aa55c1005/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095222820042
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/s*xDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {C3B2B2F0-6406-11D9-9669-0800200C9A66} - http://fad-1109.nyc1.targetnet.com/ad/id=bryantq&opt=htj&pt=13760923251434589967&pfin=HEG4KVTFLOEH&cv=210&uid=2030754550&url=http://www.ouchvideo.com/c2/svcmm32.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol.com/snesman64/myhomepage/ProfR1G.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O19 - User stylesheet:  (file missing)
O21 - SSODL: eplrr - {0A6DC1DF-02E4-40E9-AE4E-915B720B2656} - C:\WINDOWS\System32\eplrr3.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Security Agent - Unknown - C:\WINDOWS\system32\scagent.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\Systems.ini:lmgaq.exe (file missing)
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: February 08, 2005, 12:25:39 AM »

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Please do not run HJT on the desktop or a temp folder.Its best run in a dedicated folder of its own.

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check
« Last Edit: February 08, 2005, 12:30:32 AM by Pancake » Logged

An Australian Member of

EDDY
Jayhova990
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #7 on: February 17, 2005, 07:06:41 PM »

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Systems.ini:lmgaq
C:\Program Files\America Online 8.0b\waol.exe
C:\WINDOWS\wanmpsvc.exe
C:\Hijkae this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fuonj.dll/sp.html#27859
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: (no name) - {63236BC9-4D24-90B8-ADF7-2B3E736B42B4} - C:\WINDOWS\appqn.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [bfu] C:\WINDOWS\system32\bfu.exe
O4 - HKLM\..\Run: [64rzoqroln1n] C:\WINDOWS\system32\64rzoqroln1n.exe
O4 - HKLM\..\Run: [hmus6xzu65k] C:\WINDOWS\system32\hmus6xzu65k.exe
O4 - HKLM\..\Run: [apidj.exe] C:\WINDOWS\system32\apidj.exe
O4 - HKLM\..\Run: [mrapyuzqbaqfmx] C:\WINDOWS\System32\mpisocpcdix.exe
O4 - HKLM\..\Run: [22.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\22.tmp.exe 4 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitewci32.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\17.tmp.exe 5 10001
O4 - HKLM\..\Run: [1D.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\1D.tmp.exe 1 10001
O4 - HKLM\..\Run: [4E.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\4E.tmp.exe 4 10001
O4 - HKLM\..\Run: [1D.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\1D.tmp.exe 1 10001
O4 - HKLM\..\Run: [4E.tmp.exe] C:\DOCUME~1\Home\LOCALS~1\Temp\4E.tmp.exe 4 10001
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [ugvswl] c:\windows\system32\ugvswl.exe
O4 - HKLM\..\Run: [d3ub32.exe] C:\WINDOWS\d3ub32.exe
O4 - HKLM\..\Run: [40.tmp] C:\DOCUME~1\Home\LOCALS~1\Temp\40.tmp.exe 1 10001
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [4dty7c] C:\WINDOWS\system32\4dty7c.exe
O4 - HKCU\..\Run: [bfu] C:\WINDOWS\system32\bfu.exe
O4 - HKCU\..\Run: [64rzoqroln1n] C:\WINDOWS\system32\64rzoqroln1n.exe
O4 - HKCU\..\Run: [hmus6xzu65k] C:\WINDOWS\system32\hmus6xzu65k.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\web.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\crt32_v2.dll (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megap*rnix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {0A1D6C46-5012-11AD-5F96-38AC781BD8E9} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captaincode.com/ccbar/ccbar.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15a2f7d5f76aa55c1005/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095222820042
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.globalphon.com/dialer/internazionale_ver4.CAB
O16 - DPF: {C3B2B2F0-6406-11D9-9669-0800200C9A66} - http://fad-1109.nyc1.targetnet.com/ad/id=bryantq&opt=htj&pt=13760923251434589967&pfin=HEG4KVTFLOEH&cv=210&uid=2030754550&url=http://www.ouchvideo.com/c2/svcmm32.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol.com/snesman64/myhomepage/ProfR1G.exe
O19 - User stylesheet:  (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\Systems.ini:lmgaq.exe (file missing)

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 14, 2018, 09:28:58 PM