Please HELP.. been hijacked

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

elsmith

Thread Starter
Joined
Jan 26, 2007
Messages
1
Logfile of HijackThis v1.99.1
Scan saved at 9:47:38 AM, on 1/26/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\update00822631.exe
C:\WINDOWS\inet20126\winlogon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\bjiqbepx.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\System32\services.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\TEMP\B99D.tmp
C:\WINDOWS\inet20126\wpcem.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\UGf3elt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\inet20126\free.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\syswin.exe
C:\Documents and Settings\IBM\Local Settings\Temporary Internet Files\Content.IE5\PG07X1WT\KillBox[1].exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\IBM\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inet20126\winlogon.exe
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINDOWS\inet20126\126152842.dll
O2 - BHO: (no name) - {67F7AD97-39B3-8ABC-E4D4-016A5193ABD1} - C:\WINDOWS\System32\ehqijdj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [bjiqbepx] C:\WINDOWS\System32\bjiqbepx.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20126\svchost.exe
O4 - HKLM\..\Run: [lhrqufk.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\IBM\Local Settings\Application Data\lhrqufk.dll",qnvkjfg
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20126\free.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels1118.exe
O4 - HKCU\..\Run: [bjiqbepx] C:\WINDOWS\System32\bjiqbepx.exe
O4 - HKCU\..\Run: [WinUpdate] "C:\DOCUME~1\IBM\LOCALS~1\Temp\110108.exe "
O4 - HKCU\..\Run: [WinUpgrade] "C:\DOCUME~1\IBM\LOCALS~1\Temp\110669.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\IBM\LOCALS~1\Temp\108355.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/068c650111f44ef3bb22/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162779807396
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162779792394
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\wvenwa.dll (file missing)
O21 - SSODL: System - {C8F63D03-9ED1-4AD4-9FC3-246AEA37303D} - dgflib.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - C:\WINDOWS\System32\update00822631.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,918
Hi and welcome to TSG,


I see you don't have any MS service packs installed. Can you tell me why that is?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top