Hijack Log....something bit me for sure..HELP!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

topazbest

Thread Starter
Joined
Aug 25, 2003
Messages
620
Computer suddenly wont boot unless to safe mode. Wont allow MCAFEE to even run....I posted the hijack this log, was able to get it running in SAFE MODE. See anythingy? Don't have internet acess so had to copy log over to this computer and paste here....Lots of critcal stuff.....I got to get this back....take pity on me!

Logfile of HijackThis v1.99.1
Scan saved at 6:27:40 PM, on 1/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\mcd3stor.exe
A:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kwopf.exe
F2 - REG:system.ini: UserInit=userinit.exe,urvtpad.exe
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e32.exe
O4 - HKLM\..\Run: [htz6ef3c] RUNDLL32.EXE w0145022.dll,n 0056ef37000000120145022
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e32.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [{2B-B5-54-4D-ZN}] C:\windows\system32\nrdsregr.exe GEN001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swinsoem.exe GEN001
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKLM\..\Run: [kfbfrdi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\kfbfrdi.dll,nzwipue
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvlam.dll,startup
O4 - HKLM\..\Run: [win_drivr32] C:\DOCUME~1\Owner\LOCALS~1\Temp\183312.exe
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaycac.exe reg_run
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20004\free.exe
O4 - HKLM\..\Run: [sys010270748932] C:\WINDOWS\sys010270748932.exe
O4 - HKLM\..\Run: [sys022707489320] C:\WINDOWS\sys022707489320.exe
O4 - HKLM\..\Run: [ms040748932027] C:\WINDOWS\ms040748932027.exe
O4 - HKLM\..\Run: [win32093202707489] C:\WINDOWS\win32093202707489.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32089320270748] C:\WINDOWS\win32089320270748.exe
O4 - HKLM\..\Run: [sys102027074893] C:\WINDOWS\sys102027074893.exe
O4 - HKLM\..\Run: [win32064893202707] C:\WINDOWS\win32064893202707.exe
O4 - HKLM\..\Run: [sys037074893202] C:\WINDOWS\sys037074893202.exe
O4 - HKLM\..\Run: [ms064893202707] C:\WINDOWS\ms064893202707.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: aaaalqqk.t
O4 - Startup: AutoTBar.exe
O4 - Startup: dgyrwiqj.t
O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
O4 - Startup: myvsnubd.t
O4 - Startup: myvsnuhp.t
O4 - Startup: myvsnuip.t
O4 - Startup: myvsnuwm.t
O4 - Startup: pfukkxue.t
O4 - Startup: pfukkynq.t
O4 - Startup: pfukkyyd.t
O4 - Startup: pfuknogd.t
O4 - Startup: sltchdap.t
O4 - Startup: sltchdbd.t
O4 - Startup: sltchduw.t
O4 - Startup: sltchhje.t
O4 - Startup: vrstewuw.t
O4 - Global Startup: aaaaaesp.t
O4 - Global Startup: aaaaaetr.t
O4 - Global Startup: aaaaaevw.t
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dgyraxyq.t
O4 - Global Startup: dgyrwhjf.t
O4 - Global Startup: dgyrwimk.t
O4 - Global Startup: dgyrwxpl.t
O4 - Global Startup: gmxjfyed.t
O4 - Global Startup: gmxjtmgm.t
O4 - Global Startup: gmxjtmir.t
O4 - Global Startup: gmxjtmnx.t
O4 - Global Startup: gmxjtmpr.t
O4 - Global Startup: gmxjtmqp.t
O4 - Global Startup: gmxjtqka.t
O4 - Global Startup: jswbqqbk.t
O4 - Global Startup: pfukkxie.t
O4 - Global Startup: pfukkyhf.t
O4 - Global Startup: pfukkyir.t
O4 - Global Startup: sltchdre.t
O4 - Global Startup: sltchhjg.t
O4 - Global Startup: vrstehty.t
O4 - Global Startup: vrstehum.t
O4 - Global Startup: vrstptjr.t
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Hijacked Internet access by New.Net
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8E321AD-C2E4-446F-85C6-04D568987DB1}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: dxclib303562752.dll,wdmicpui.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: NtdDt - {78D2B54E-D278-1FE4-3BF7-55FC85FF5D79} - C:\WINDOWS\System32\pjgklf.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\System32\impgsje.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top