MOVED From Other forum

[oba888]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:54 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0396FC20-3EE3-43F4-AF08-B6EA7354F305} - (no file)
O2 - BHO: (no name) - {076B3B2A-DA03-496F-B6EB-99717CD01DB8} - (no file)
O2 - BHO: (no name) - {0AEF2941-71A2-4B4A-A572-6A3450B03D45} - (no file)
O2 - BHO: (no name) - {0FA74439-4AE2-410F-9520-BF543BF05124} - (no file)
O2 - BHO: (no name) - {115AEFF8-3861-4AC9-8E85-5CAC8BB0710D} - (no file)
O2 - BHO: (no name) - {12636A1A-B55B-44B5-929E-00B635ED2D88} - (no file)
O2 - BHO: (no name) - {1E4CD4A0-0D2D-49AB-9262-F41E69DBA37F} - (no file)
O2 - BHO: (no name) - {2C2E34F6-82A1-4E4A-8355-463E143ED6B9} - (no file)
O2 - BHO: (no name) - {30C20869-8351-466E-B764-345616A417C4} - (no file)
O2 - BHO: (no name) - {33CC02E6-E59C-4C39-B0AF-FD03D3C15721} - (no file)
O2 - BHO: (no name) - {35A54F90-0BE3-441B-A84F-663126925D28} - C:\WINDOWS\System32\fcyxw.dll (file missing)
O2 - BHO: (no name) - {3737507E-A97D-405B-B0BF-05A086086763} - (no file)
O2 - BHO: (no name) - {41A72692-EA1B-4A1E-A652-E822AEB61479} - (no file)
O2 - BHO: (no name) - {41B4D4E7-EEFC-4984-B52E-93ADFDE80EF1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622122C9-C747-42FD-BAB6-9348D512AEAE} - C:\WINDOWS\System32\urqqn.dll (file missing)
O2 - BHO: (no name) - {69E44491-CAD5-4CCB-AC96-01D92E87FC74} - (no file)
O2 - BHO: (no name) - {710F6B14-E6B4-4CCB-9F17-694BCC7CA31B} - (no file)
O2 - BHO: (no name) - {72BFF07C-7D65-4379-8315-4731B70B93DE} - (no file)
O2 - BHO: (no name) - {777B3626-C102-4560-8484-B76483D280C3} - (no file)
O2 - BHO: (no name) - {786EBE21-2EA9-4478-A566-91B9F29B7C6D} - (no file)
O2 - BHO: (no name) - {789BF2CF-8296-4975-ADEA-346A4DF2D089} - (no file)
O2 - BHO: (no name) - {798BB616-6FBD-4062-84A4-A506E6001923} - (no file)
O2 - BHO: (no name) - {7C45EEFE-4B0B-47C4-B0AF-FFB954089F6C} - (no file)
O2 - BHO: (no name) - {7D52468F-3FB9-4CC8-B27E-6B9EA1AE228A} - (no file)
O2 - BHO: (no name) - {7F6A4659-0616-4F57-AACC-A2657D6BF33C} - (no file)
O2 - BHO: (no name) - {897975F9-2853-4297-8F4E-2564EF9DEDFA} - (no file)
O2 - BHO: (no name) - {8F7B7C59-6E88-4E96-8DB8-BFCDD7D75605} - (no file)
O2 - BHO: (no name) - {9497044E-3E3C-4981-B9C7-B56168B661D0} - (no file)
O2 - BHO: (no name) - {A18C5ADA-E724-45FF-A61F-68160E40C188} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glumbusa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB5F5DF2-4F67-4202-B4BA-3E1C4CCD848C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B22C3AE2-B9F2-49A2-A1D1-506E6A8CA2D2} - (no file)
O2 - BHO: (no name) - {B32E019D-52E2-4382-8A60-B5E7FE4F9657} - (no file)
O2 - BHO: (no name) - {B49F3891-91FA-4753-A16D-0AB5F9286F34} - (no file)
O2 - BHO: (no name) - {B88048A0-7A66-44A1-BF7C-9DCA9B5A09D4} - (no file)
O2 - BHO: (no name) - {C8B420AC-589E-42A7-9817-B98D052A43F4} - (no file)
O2 - BHO: (no name) - {D1302FDD-519F-4112-8C22-B3081EA33CED} - (no file)
O2 - BHO: (no name) - {D4C1E15E-9299-4C14-AED6-A7D5AB718D9D} - (no file)
O2 - BHO: (no name) - {E0DE0D3B-EDC0-4A96-A6A8-A24B4F6EDC3E} - (no file)
O2 - BHO: (no name) - {EB39D725-C6C9-45A7-B06B-E17E5B72C28E} - (no file)
O2 - BHO: (no name) - {EB543366-D332-4B12-B1E3-2C4CE1641459} - (no file)
O2 - BHO: (no name) - {EC1A2A1F-B38C-B070-F1DB-B4DEBFC25C91} - (no file)
O2 - BHO: {f2e350cd-04e2-76cb-4684-8e431fd9e62f} - {f26e9df1-34e8-4864-bc67-2e40dc053e2f} - C:\WINDOWS\System32\nqajpijd.dll
O2 - BHO: (no name) - {F270A99F-E989-46C1-BADB-5B5F7B86622B} - (no file)
O2 - BHO: (no name) - {FE6ED510-BFEA-4859-97EF-10CE112AF191} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glumbusa.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD6381] cmd /c del "C:\WINDOWS\system32\glumbusa.dllbox"
O4 - HKUS\S-1-5-18\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: ZDWLan Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu2.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.25/uploader2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193192392534
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: cicjerzg - cicjerzg.dll (file missing)
O20 - Winlogon Notify: gggvwxgb - gggvwxgb.dll (file missing)
O20 - Winlogon Notify: glumbusa - glumbusa.dll (file missing)
O20 - Winlogon Notify: nnnomkh - nnnomkh.dll (file missing)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\azaml5511.dll (file missing)
O20 - Winlogon Notify: opnnnkl - opnnnkl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\System32\winpol.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: I3 Update Service (I3UpdateSvc) - Interactive Intelligence, Inc. - C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/crazy_hoops_icon.gif
O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\kyhe.html
O24 - Desktop Component 2: (no name) - C:\Program Files\Messenger\hofyfy.html
O24 - Desktop Component 3: (no name) - http://img.avatars.yahoo.com/users/1R2CHyrKHAAQF_CFYjAvUBA==.large.png
O24 - Desktop Component 4: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_what_up_icon.gif
O24 - Desktop Component 5: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_hoops_in_love_icon.gif
O24 - Desktop Component 6: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/jumpropeyoyo.gif

--
End of file - 14654 bytes

 

[oba888]

Someone please help. I was so jacked

 

[cybertech]

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/649666-ton-problems.html#post5318819