1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack Log....something bit me for sure..HELP!

Discussion in 'Virus & Other Malware Removal' started by topazbest, Jan 21, 2007.

Thread Status:
Not open for further replies.
  1. topazbest

    topazbest Thread Starter

    Aug 25, 2003
    Computer suddenly wont boot unless to safe mode. Wont allow MCAFEE to even run....I posted the hijack this log, was able to get it running in SAFE MODE. See anythingy? Don't have internet acess so had to copy log over to this computer and paste here....Lots of critcal stuff.....I got to get this back....take pity on me!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:27:40 PM, on 1/21/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Softex\OmniPass\OPXPApp.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kwopf.exe
    F2 - REG:system.ini: UserInit=userinit.exe,urvtpad.exe
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e32.exe
    O4 - HKLM\..\Run: [htz6ef3c] RUNDLL32.EXE w0145022.dll,n 0056ef37000000120145022
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e32.exe
    O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
    O4 - HKLM\..\Run: [{2B-B5-54-4D-ZN}] C:\windows\system32\nrdsregr.exe GEN001
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swinsoem.exe GEN001
    O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
    O4 - HKLM\..\Run: [kfbfrdi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\kfbfrdi.dll,nzwipue
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvlam.dll,startup
    O4 - HKLM\..\Run: [win_drivr32] C:\DOCUME~1\Owner\LOCALS~1\Temp\183312.exe
    O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaycac.exe reg_run
    O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20004\free.exe
    O4 - HKLM\..\Run: [sys010270748932] C:\WINDOWS\sys010270748932.exe
    O4 - HKLM\..\Run: [sys022707489320] C:\WINDOWS\sys022707489320.exe
    O4 - HKLM\..\Run: [ms040748932027] C:\WINDOWS\ms040748932027.exe
    O4 - HKLM\..\Run: [win32093202707489] C:\WINDOWS\win32093202707489.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
    O4 - HKLM\..\Run: [win32089320270748] C:\WINDOWS\win32089320270748.exe
    O4 - HKLM\..\Run: [sys102027074893] C:\WINDOWS\sys102027074893.exe
    O4 - HKLM\..\Run: [win32064893202707] C:\WINDOWS\win32064893202707.exe
    O4 - HKLM\..\Run: [sys037074893202] C:\WINDOWS\sys037074893202.exe
    O4 - HKLM\..\Run: [ms064893202707] C:\WINDOWS\ms064893202707.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Startup: aaaalqqk.t
    O4 - Startup: AutoTBar.exe
    O4 - Startup: dgyrwiqj.t
    O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
    O4 - Startup: myvsnubd.t
    O4 - Startup: myvsnuhp.t
    O4 - Startup: myvsnuip.t
    O4 - Startup: myvsnuwm.t
    O4 - Startup: pfukkxue.t
    O4 - Startup: pfukkynq.t
    O4 - Startup: pfukkyyd.t
    O4 - Startup: pfuknogd.t
    O4 - Startup: sltchdap.t
    O4 - Startup: sltchdbd.t
    O4 - Startup: sltchduw.t
    O4 - Startup: sltchhje.t
    O4 - Startup: vrstewuw.t
    O4 - Global Startup: aaaaaesp.t
    O4 - Global Startup: aaaaaetr.t
    O4 - Global Startup: aaaaaevw.t
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: dgyraxyq.t
    O4 - Global Startup: dgyrwhjf.t
    O4 - Global Startup: dgyrwimk.t
    O4 - Global Startup: dgyrwxpl.t
    O4 - Global Startup: gmxjfyed.t
    O4 - Global Startup: gmxjtmgm.t
    O4 - Global Startup: gmxjtmir.t
    O4 - Global Startup: gmxjtmnx.t
    O4 - Global Startup: gmxjtmpr.t
    O4 - Global Startup: gmxjtmqp.t
    O4 - Global Startup: gmxjtqka.t
    O4 - Global Startup: jswbqqbk.t
    O4 - Global Startup: pfukkxie.t
    O4 - Global Startup: pfukkyhf.t
    O4 - Global Startup: pfukkyir.t
    O4 - Global Startup: sltchdre.t
    O4 - Global Startup: sltchhjg.t
    O4 - Global Startup: vrstehty.t
    O4 - Global Startup: vrstehum.t
    O4 - Global Startup: vrstptjr.t
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C8E321AD-C2E4-446F-85C6-04D568987DB1}: NameServer =
    O20 - AppInit_DLLs: dxclib303562752.dll,wdmicpui.dll
    O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll (file missing)
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: NtdDt - {78D2B54E-D278-1FE4-3BF7-55FC85FF5D79} - C:\WINDOWS\System32\pjgklf.dll
    O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\System32\impgsje.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537264

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice