1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please HELP.. been hijacked

Discussion in 'Virus & Other Malware Removal' started by elsmith, Jan 26, 2007.

Thread Status:
Not open for further replies.
  1. elsmith

    elsmith Thread Starter

    Joined:
    Jan 26, 2007
    Messages:
    1
    Logfile of HijackThis v1.99.1
    Scan saved at 9:47:38 AM, on 1/26/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\atievxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\update00822631.exe
    C:\WINDOWS\inet20126\winlogon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\bjiqbepx.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\inet20126\wpcem.exe
    C:\WINDOWS\System32\services.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\TEMP\B99D.tmp
    C:\WINDOWS\inet20126\wpcem.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\inet20126\wpcem.exe
    C:\WINDOWS\UGf3elt.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\inet20126\free.exe
    C:\WINDOWS\inet20126\wpcem.exe
    C:\WINDOWS\inet20126\syswin.exe
    C:\Documents and Settings\IBM\Local Settings\Temporary Internet Files\Content.IE5\PG07X1WT\KillBox[1].exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\IBM\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F3 - REG:win.ini: run=C:\WINDOWS\inet20126\winlogon.exe
    O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINDOWS\inet20126\126152842.dll
    O2 - BHO: (no name) - {67F7AD97-39B3-8ABC-E4D4-016A5193ABD1} - C:\WINDOWS\System32\ehqijdj.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
    O4 - HKLM\..\Run: [bjiqbepx] C:\WINDOWS\System32\bjiqbepx.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
    O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20126\svchost.exe
    O4 - HKLM\..\Run: [lhrqufk.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\IBM\Local Settings\Application Data\lhrqufk.dll",qnvkjfg
    O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20126\free.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels1118.exe
    O4 - HKCU\..\Run: [bjiqbepx] C:\WINDOWS\System32\bjiqbepx.exe
    O4 - HKCU\..\Run: [WinUpdate] "C:\DOCUME~1\IBM\LOCALS~1\Temp\110108.exe "
    O4 - HKCU\..\Run: [WinUpgrade] "C:\DOCUME~1\IBM\LOCALS~1\Temp\110669.exe "
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\IBM\LOCALS~1\Temp\108355.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/068c650111f44ef3bb22/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162779807396
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162779792394
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
    O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\wvenwa.dll (file missing)
    O21 - SSODL: System - {C8F63D03-9ED1-4AD4-9FC3-246AEA37303D} - dgflib.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ieupdate.exe (file missing)
    O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - C:\WINDOWS\System32\update00822631.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,348
    Hi and welcome to TSG,


    I see you don't have any MS service packs installed. Can you tell me why that is?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538540

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice