1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MOVED From Other forum

Discussion in 'Virus & Other Malware Removal' started by oba888, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. oba888

    oba888 Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    12
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:54 AM, on 11/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
    C:\WINDOWS\System32\lxddcoms.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MEDIC\bin\sprtcmd.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {0396FC20-3EE3-43F4-AF08-B6EA7354F305} - (no file)
    O2 - BHO: (no name) - {076B3B2A-DA03-496F-B6EB-99717CD01DB8} - (no file)
    O2 - BHO: (no name) - {0AEF2941-71A2-4B4A-A572-6A3450B03D45} - (no file)
    O2 - BHO: (no name) - {0FA74439-4AE2-410F-9520-BF543BF05124} - (no file)
    O2 - BHO: (no name) - {115AEFF8-3861-4AC9-8E85-5CAC8BB0710D} - (no file)
    O2 - BHO: (no name) - {12636A1A-B55B-44B5-929E-00B635ED2D88} - (no file)
    O2 - BHO: (no name) - {1E4CD4A0-0D2D-49AB-9262-F41E69DBA37F} - (no file)
    O2 - BHO: (no name) - {2C2E34F6-82A1-4E4A-8355-463E143ED6B9} - (no file)
    O2 - BHO: (no name) - {30C20869-8351-466E-B764-345616A417C4} - (no file)
    O2 - BHO: (no name) - {33CC02E6-E59C-4C39-B0AF-FD03D3C15721} - (no file)
    O2 - BHO: (no name) - {35A54F90-0BE3-441B-A84F-663126925D28} - C:\WINDOWS\System32\fcyxw.dll (file missing)
    O2 - BHO: (no name) - {3737507E-A97D-405B-B0BF-05A086086763} - (no file)
    O2 - BHO: (no name) - {41A72692-EA1B-4A1E-A652-E822AEB61479} - (no file)
    O2 - BHO: (no name) - {41B4D4E7-EEFC-4984-B52E-93ADFDE80EF1} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {622122C9-C747-42FD-BAB6-9348D512AEAE} - C:\WINDOWS\System32\urqqn.dll (file missing)
    O2 - BHO: (no name) - {69E44491-CAD5-4CCB-AC96-01D92E87FC74} - (no file)
    O2 - BHO: (no name) - {710F6B14-E6B4-4CCB-9F17-694BCC7CA31B} - (no file)
    O2 - BHO: (no name) - {72BFF07C-7D65-4379-8315-4731B70B93DE} - (no file)
    O2 - BHO: (no name) - {777B3626-C102-4560-8484-B76483D280C3} - (no file)
    O2 - BHO: (no name) - {786EBE21-2EA9-4478-A566-91B9F29B7C6D} - (no file)
    O2 - BHO: (no name) - {789BF2CF-8296-4975-ADEA-346A4DF2D089} - (no file)
    O2 - BHO: (no name) - {798BB616-6FBD-4062-84A4-A506E6001923} - (no file)
    O2 - BHO: (no name) - {7C45EEFE-4B0B-47C4-B0AF-FFB954089F6C} - (no file)
    O2 - BHO: (no name) - {7D52468F-3FB9-4CC8-B27E-6B9EA1AE228A} - (no file)
    O2 - BHO: (no name) - {7F6A4659-0616-4F57-AACC-A2657D6BF33C} - (no file)
    O2 - BHO: (no name) - {897975F9-2853-4297-8F4E-2564EF9DEDFA} - (no file)
    O2 - BHO: (no name) - {8F7B7C59-6E88-4E96-8DB8-BFCDD7D75605} - (no file)
    O2 - BHO: (no name) - {9497044E-3E3C-4981-B9C7-B56168B661D0} - (no file)
    O2 - BHO: (no name) - {A18C5ADA-E724-45FF-A61F-68160E40C188} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glumbusa.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AB5F5DF2-4F67-4202-B4BA-3E1C4CCD848C} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {B22C3AE2-B9F2-49A2-A1D1-506E6A8CA2D2} - (no file)
    O2 - BHO: (no name) - {B32E019D-52E2-4382-8A60-B5E7FE4F9657} - (no file)
    O2 - BHO: (no name) - {B49F3891-91FA-4753-A16D-0AB5F9286F34} - (no file)
    O2 - BHO: (no name) - {B88048A0-7A66-44A1-BF7C-9DCA9B5A09D4} - (no file)
    O2 - BHO: (no name) - {C8B420AC-589E-42A7-9817-B98D052A43F4} - (no file)
    O2 - BHO: (no name) - {D1302FDD-519F-4112-8C22-B3081EA33CED} - (no file)
    O2 - BHO: (no name) - {D4C1E15E-9299-4C14-AED6-A7D5AB718D9D} - (no file)
    O2 - BHO: (no name) - {E0DE0D3B-EDC0-4A96-A6A8-A24B4F6EDC3E} - (no file)
    O2 - BHO: (no name) - {EB39D725-C6C9-45A7-B06B-E17E5B72C28E} - (no file)
    O2 - BHO: (no name) - {EB543366-D332-4B12-B1E3-2C4CE1641459} - (no file)
    O2 - BHO: (no name) - {EC1A2A1F-B38C-B070-F1DB-B4DEBFC25C91} - (no file)
    O2 - BHO: {f2e350cd-04e2-76cb-4684-8e431fd9e62f} - {f26e9df1-34e8-4864-bc67-2e40dc053e2f} - C:\WINDOWS\System32\nqajpijd.dll
    O2 - BHO: (no name) - {F270A99F-E989-46C1-BADB-5B5F7B86622B} - (no file)
    O2 - BHO: (no name) - {FE6ED510-BFEA-4859-97EF-10CE112AF191} - (no file)
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glumbusa.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [SoundMan] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6381] cmd /c del "C:\WINDOWS\system32\glumbusa.dllbox"
    O4 - HKUS\S-1-5-18\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'Default user')
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: ZDWLan Utility.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu1.html
    O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu2.html
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.25/uploader2.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193192392534
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: cicjerzg - cicjerzg.dll (file missing)
    O20 - Winlogon Notify: gggvwxgb - gggvwxgb.dll (file missing)
    O20 - Winlogon Notify: glumbusa - glumbusa.dll (file missing)
    O20 - Winlogon Notify: nnnomkh - nnnomkh.dll (file missing)
    O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\azaml5511.dll (file missing)
    O20 - Winlogon Notify: opnnnkl - opnnnkl.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\System32\winpol.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
    O23 - Service: I3 Update Service (I3UpdateSvc) - Interactive Intelligence, Inc. - C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
    O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
    O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    O24 - Desktop Component 0: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/crazy_hoops_icon.gif
    O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\kyhe.html
    O24 - Desktop Component 2: (no name) - C:\Program Files\Messenger\hofyfy.html
    O24 - Desktop Component 3: (no name) - http://img.avatars.yahoo.com/users/1R2CHyrKHAAQF_CFYjAvUBA==.large.png
    O24 - Desktop Component 4: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_what_up_icon.gif
    O24 - Desktop Component 5: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_hoops_in_love_icon.gif
    O24 - Desktop Component 6: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/jumpropeyoyo.gif

    --
    End of file - 14654 bytes
     
  2. oba888

    oba888 Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    12
    Someone please help. I was so jacked :(
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649785

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice