1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack log file iam having major issues

Discussion in 'Virus & Other Malware Removal' started by tadtheman, Feb 9, 2005.

Thread Status:
Not open for further replies.
  1. tadtheman

    tadtheman Thread Starter

    Feb 9, 2005
    could some one please help he i have like 100 new critical objects in adware scan ever day and the house call says i have the startpag.ag maleware but i have icons on my desktop i dont understand this....

    Logfile of HijackThis v1.99.0
    Scan saved at 7:12:56 PM, on 2/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
    C:\Program Files\hpdll\hpdll.exe
    C:\Program Files\gyyfw5dz\gyyfw5dz.exe
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Silicon Image, Inc\SiICfg\SiICfg.exe
    C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: www.iframedollars.biz
    O1 - Hosts: iframedollars.biz
    O1 - Hosts: virgin-tgp.net
    O1 - Hosts: www.virgin-tgp.net
    O1 - Hosts: aaasexypics.com
    O1 - Hosts: www.aaasexypics.com
    O1 - Hosts: www.pizdato.biz
    O1 - Hosts: vesbiz.biz
    O1 - Hosts: www.vesbiz.biz
    O1 - Hosts: www.newiframe.biz
    O1 - Hosts: iframe.biz
    O1 - Hosts: www.iframe.biz
    O1 - Hosts: www.allforadult.com
    O1 - Hosts: allforadult.com
    O1 - Hosts: sexfiles.nu
    O1 - Hosts: awmdabest.com
    O1 - Hosts: www.sexfiles.nu
    O1 - Hosts: www.awmdabest.com
    O1 - Hosts: www.autoescrowpay.com
    O1 - Hosts: x.full-tgp.net
    O1 - Hosts: counter.sexmaniack.com
    O1 - Hosts: autoescrowpay.com
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
    O2 - BHO: (no name) - {27B2CDE0-C1BB-48D5-80E0-C39B39659B6B} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O2 - BHO: (no name) - {2DAA7371-1304-4A7F-B73C-57BD99165122} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O2 - BHO: (no name) - {48A1746F-D957-4F46-AE62-70B4E1FE57CF} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O2 - BHO: (no name) - {5E4E03FC-F065-4255-9C68-7251A8A68229} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O2 - BHO: (no name) - {7B1EC57A-4E1E-4DF7-AE74-E58664DE714F} - C:\WINDOWS\System32\pfci.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B1768E08-4EEE-41FA-B22C-E20947D990C6} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O2 - BHO: (no name) - {EFA23C9D-2153-4909-AA2F-7A4C5C760E72} - C:\Program Files\gyyfw5dz\gyyfw5dz.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [qvhxpla] C:\WINDOWS\system32\qvhxpla.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
    O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [gyyfw5dz] C:\Program Files\gyyfw5dz\gyyfw5dz.exe
    O4 - HKLM\..\Run: [fzdmgc] C:\WINDOWS\System32\fzdmgc.exe
    O4 - HKLM\..\Run: [ehnnoc] C:\WINDOWS\System32\ehnnoc.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteabb32.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [usFk34W] admquoui.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [fBwqRQaEP] acctuq.exe
    O4 - Global Startup: SiICfg.lnk = C:\Program Files\Silicon Image, Inc\SiICfg\SiICfg.exe
    O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.neededware.com
    O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: WZCBDL Service - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328718

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice