need someone to look at a logfile to fix hijacked browser

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
Mar 17, 2004
I'll open your log here so others can see it

Logfile of HijackThis v1.99.0
Scan saved at 5:12:27 PM, on 2/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter & Kelli Kniss\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {E29B1729-1A0F-FD3D-2C3A-FC336BAEA1D9} - C:\WINDOWS\Umdifyhp.dll (file missing)
R3 - URLSearchHook: (no name) - {D63C6F8E-1462-81F0-7056-49DB0177E676} - DCC_send.dll (file missing)
O1 - Hosts: 3466709097
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: cdmodym - {2EB18AD0-E01B-EADA-AD76-AA580D5A4E43} - C:\WINDOWS\System32\CDMODYM.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E269032A-0211-4C6C-9985-FA469FDF3BD7} - C:\WINDOWS\System32\protect32.dll
O2 - BHO: (no name) - {ED450C14-C881-1FFB-AEF4-10DC078137D8} - C:\WINDOWS\Umdifyhp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Search - {6F9BA8EE-728F-BFBB-A10B-3A8CF8D4BDDE} - C:\WINDOWS\Umdifyhp.dll (file missing)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [aiambs] C:\WINDOWS\System32\hiasxat.exe
O4 - HKLM\..\Run: [ffdzobak] C:\WINDOWS\System32\xhwjq.exe
O4 - HKLM\..\Run: [obyeva] C:\WINDOWS\System32\azchunr.exe
O4 - HKLM\..\Run: [rjwimxyq] C:\WINDOWS\System32\nwukvyuk.exe
O4 - HKLM\..\Run: [yiush] C:\WINDOWS\System32\lwvronch.exe
O4 - HKLM\..\Run: [egaycvf] C:\WINDOWS\System32\wyakpgn.exe
O4 - HKLM\..\Run: [kmayyoa] C:\WINDOWS\System32\niaitqa.exe
O4 - HKLM\..\Run: [zgotui] C:\WINDOWS\System32\vtdww.exe
O4 - HKLM\..\Run: [ehzoxoj] C:\WINDOWS\System32\hnvgdza.exe
O4 - HKLM\..\Run: [uegfyrfi] C:\WINDOWS\System32\azvtuu.exe
O4 - HKLM\..\Run: [bmdauqjv] C:\WINDOWS\System32\qehqhbk.exe
O4 - HKLM\..\Run: [apowd] C:\WINDOWS\System32\ayqxdpmw.exe
O4 - HKLM\..\Run: [ycld] C:\WINDOWS\System32\kujsgk.exe
O4 - HKLM\..\Run: [pwth] C:\WINDOWS\System32\ownqgxa.exe
O4 - HKLM\..\Run: [yfvquw] C:\WINDOWS\System32\krzfi.exe
O4 - HKLM\..\Run: [ymbnowa] C:\WINDOWS\System32\uuexjmjg.exe
O4 - HKLM\..\Run: [bruyepm] C:\WINDOWS\System32\babbdct.exe
O4 - HKLM\..\Run: [rpwusq] C:\WINDOWS\System32\yqzxxgz.exe
O4 - HKLM\..\Run: [yhogqj] C:\WINDOWS\System32\qgfcgyvg.exe
O4 - HKLM\..\Run: [wjlvqhy] C:\WINDOWS\System32\nfdyibku.exe
O4 - HKLM\..\Run: [fomqs] C:\WINDOWS\System32\dcmrl.exe
O4 - HKLM\..\Run: [szzmw] C:\WINDOWS\System32\yraii.exe
O4 - HKLM\..\Run: [oatlny] C:\WINDOWS\System32\yxqyjrn.exe
O4 - HKLM\..\Run: [sbqe] C:\WINDOWS\System32\vgjig.exe
O4 - HKLM\..\Run: [uyrbdd] C:\WINDOWS\System32\aroab.exe
O4 - HKLM\..\Run: [ojfyiwxi] C:\WINDOWS\System32\ugksx.exe
O4 - HKLM\..\Run: [egibsmg] C:\WINDOWS\System32\lmua.exe
O4 - HKLM\..\Run: [bwlb] C:\WINDOWS\System32\hbqucxd.exe
O4 - HKLM\..\Run: [runxftgb] C:\WINDOWS\System32\froqeaj.exe
O4 - HKLM\..\Run: [zagb] C:\WINDOWS\System32\rrfbkak.exe
O4 - HKLM\..\Run: [hukypt] C:\WINDOWS\System32\jewa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pxrjmd] C:\WINDOWS\System32\bdupaj.exe
O4 - HKLM\..\Run: [pjwjuvy] C:\WINDOWS\System32\nxcbv.exe
O4 - HKLM\..\Run: [xavsqpww] C:\WINDOWS\System32\hrewo.exe
O4 - HKLM\..\Run: [suhcdfjz] C:\WINDOWS\System32\renvjy.exe
O4 - HKLM\..\Run: [asthgde] C:\WINDOWS\System32\bpsu.exe
O4 - HKLM\..\Run: [tlhu] C:\WINDOWS\System32\lcjss.exe
O4 - HKLM\..\Run: [ruqcrf] C:\WINDOWS\System32\xlhyw.exe
O4 - HKLM\..\Run: [ifrobtce] C:\WINDOWS\System32\ujxt.exe
O4 - HKLM\..\Run: [iubhxwu] C:\WINDOWS\System32\aahtfa.exe
O4 - HKLM\..\Run: [hmzblo] C:\WINDOWS\System32\bvinvdai.exe
O4 - HKLM\..\Run: [ugxux] C:\WINDOWS\System32\csbi.exe
O4 - HKLM\..\Run: [dbidwsx] C:\WINDOWS\System32\wjcuxm.exe
O4 - HKLM\..\Run: [ysczr] C:\WINDOWS\System32\xdia.exe
O4 - HKLM\..\Run: [buctwckp] C:\WINDOWS\System32\zvbnbkc.exe
O4 - HKLM\..\Run: [wodqvb] C:\WINDOWS\System32\lvoid.exe
O4 - HKLM\..\Run: [zvjsht] C:\WINDOWS\System32\rqwemgpt.exe
O4 - HKLM\..\Run: [aoozcpal] C:\WINDOWS\System32\qoosoaqd.exe
O4 - HKLM\..\Run: [hgjguuv] C:\WINDOWS\System32\nxfej.exe
O4 - HKLM\..\Run: [ebahuzub] c:\windows\system32\ebahuzub.exe
O4 - HKLM\..\Run: [ovwg] C:\WINDOWS\System32\edro.exe
O4 - HKLM\..\Run: [ltpe] C:\WINDOWS\System32\yifc.exe
O4 - HKLM\..\Run: [jjsma] C:\WINDOWS\System32\rbqeirfb.exe
O4 - HKLM\..\Run: [oaaer] C:\WINDOWS\System32\blwtmzt.exe
O4 - HKLM\..\Run: [umfubp] C:\WINDOWS\System32\iqgcahrj.exe
O4 - HKLM\..\Run: [viasnq] C:\WINDOWS\System32\taxrul.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [newbreed] Trayz.exe
O4 - HKLM\..\Run: [Serviceprocess] sysconf16.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min
O4 - HKCU\..\Run: [dhcpsapi] C:\WINDOWS\System32\dhcpsapi.exe
O4 - HKCU\..\Run: [crtdll] C:\WINDOWS\System32\crtdll.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [SpyElim] sysmon12.exe
O4 - HKCU\..\Run: [slamm] Kargo.exe
O4 - HKCU\..\Run: [MsNetHelper] pizda.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search -
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE624C57-5C3E-48C9-A34F-83F4B32E0631}: NameServer =,
O18 - Filter: text/html - {D90E0631-F4C6-4446-B7AA-AC1A83584824} - C:\WINDOWS\System32\protect32.dll
O18 - Filter: text/plain - {D90E0631-F4C6-4446-B7AA-AC1A83584824} - C:\WINDOWS\System32\protect32.dll
O19 - User stylesheet: (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Mar 17, 2004
Go to Windows Updates and download all critical updates except SP2

Get the lates definitions for your anti virus program or follow the above link and get AVG 7 and install it
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online