Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijackthislog

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hijackthislog

Unread postby angst2k » January 7th, 2006, 7:06 pm

Please help, thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:36:04 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDXP\System32\smss.exe
C:\WINDXP\system32\winlogon.exe
C:\WINDXP\system32\services.exe
C:\WINDXP\system32\lsass.exe
C:\WINDXP\system32\svchost.exe
C:\WINDXP\System32\svchost.exe
C:\WINDXP\system32\LEXBCES.EXE
C:\WINDXP\system32\spoolsv.exe
C:\WINDXP\system32\LEXPPS.EXE
C:\WINDXP\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDXP\System32\svchost.exe
C:\WINDXP\system32\MsgSys.EXE
C:\WINDXP\system32\cidaemon.exe
C:\WINDXP\system32\cidaemon.exe
C:\WINDXP\system32\wscntfy.exe
C:\WINDXP\Explorer.EXE
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Faxidrh\Gbazyaw.exe
C:\Program Files\Network\network.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDXP\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\System Files\System.exe
C:\Program Files\sf\sf.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Stevo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Stevo\Application Data\Mozilla\Profiles\default\rlg8wfew.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Stevo\Application Data\Mozilla\Profiles\default\rlg8wfew.slt\prefs.js)
O2 - BHO: (no name) - {1B855240-8893-C969-AE2B-EA35639CB3FF} - C:\WINDXP\system32\qfvcs.dll (file missing)
O2 - BHO: (no name) - {23B3DC58-459D-6346-EC6D-6D2317CDCFC2} - C:\WINDXP\system32\klpirf.dll (file missing)
O2 - BHO: (no name) - {4D94D95B-0F8E-4D78-B05A-3D982A6DBEF1} - C:\WINDXP\system32\qebpj.dll (file missing)
O2 - BHO: (no name) - {587A852A-52F1-450F-C2FD-671DC293A2FB} - C:\WINDXP\system32\dbc.dll (file missing)
O2 - BHO: (no name) - {5C7B8628-06A8-160E-C2FD-671DC293F3A8} - C:\WINDXP\system32\orv.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDXP\DH.dll (file missing)
O2 - BHO: (no name) - {75B9E92E-22BE-0939-9D6A-0DB51E5C93C9} - C:\WINDXP\system32\qebpj.dll (file missing)
O2 - BHO: (no name) - {9F4D0C7C-E567-2213-BC35-FF8347F4FE2D} - C:\WINDXP\hqbswuky.dll
O2 - BHO: (no name) - {C20E3D11-A6FB-D402-8438-FB4DF0AF2B95} - C:\WINDXP\System32\aviwz.dll (file missing)
O3 - Toolbar: Search - {69AD668A-DF35-2B19-6992-68F3D1C04CD7} - C:\WINDXP\hqbswuky.dll
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Rsfru] C:\Program Files\Faxidrh\Gbazyaw.exe
O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [nwf] C:\WINDXP\nwf.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [okqi] C:\PROGRA~1\COMMON~1\okqi\okqim.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O13 - WWW. Prefix: http://
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/downl ... TING11.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5555702763
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorC ... EFlash.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{374FCD0E-36DC-4F4A-8A78-602B778DF8CB}: NameServer = 10.0.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1D6BE43-46A0-4B97-8B62-D080E998EFB0}: NameServer = 10.0.10.1
O20 - Winlogon Notify: NavLogon - C:\WINDXP\System32\NavLogon.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDXP\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDXP\System32\HPZipm12.exe
O23 - Service: Workstation NetLogon Service (Â
angst2k
Regular Member
 
Posts: 19
Joined: January 6th, 2006, 10:20 pm
Location: Florider
Top
Advertisement
Register to Remove

Unread postby Rogue » January 7th, 2006, 11:53 pm

Hi angst2k,

Welcome to the Malware Removal forums. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a MR Staff Member reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If you’re unsure of anything at all please stop and ask!


Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah
Top

Unread postby markkhunt » January 8th, 2006, 10:05 am

Duplicate post.
http://www.malwareremoval.com/forum/viewtopic.php?t=6357

Please do not begin multiple topics for the same problem. Thank you for your cooperation. This thread has been locked and archived.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7913
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 154 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index