Computers| Computers |
|
05-05-2007, 08:42 AM
| #1 (permalink) |
| True Techie Join Date: Nov 2005
Posts: 173
 |  hijack this(log) C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\golnhjfb.dll",realset O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe ive been having a lot of spam and pop-ups, ive ran ccleaner, spybot search and destroy along with clean up. |
|
|
05-06-2007, 07:24 AM
| #3 (permalink) |
| True Techie Join Date: Nov 2005
Posts: 173
| Re: hijack this(log) Logfile of HijackThis v1.99.1 Scan saved at 8:24:23 AM, on 5/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\golnhjfb.dll",realset O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe there ya go, had program in wrong area lol. |
|
|
|
05-08-2007, 09:17 PM
| #5 (permalink) |
| True Techie Join Date: Nov 2005
Posts: 173
| Re: hijack this(log) they open in IE most of the time, some are blocked some are just ads for like ipods and stuff.. sometimes i get ads for virus blocker. once in a while it will open a tab in my firefox (wat i use, i dont ever use IE) i deleted that entry, i will let you know if im fixed. |
|
|
|
05-08-2007, 09:23 PM
| #7 (permalink) |
| True Techie Join Date: Nov 2005
Posts: 173
| Re: hijack this(log) here is a link that just poped up in firefox.... Code: http://www.systemdoctor.com/download/2006/?p=19&ax=1&ex=1&ed=2&mpt=1178677360&aid=ffnm_ik_fixersff_kw&lid=windows%3E&affid=ffnm_67308_68825048F28E11DBB8B8003048895BFC_747f8fd0+23E846EC01544B1A85BAB647869CF120 Code: http://89.188.16.10/trafc-2/rfe.php?cmp=wavff_kw&uid=68825048F28E11DBB8B8003048895BFC&nid=ik&guid=747f8fd0+23E846EC01544B1A85BAB647869CF120&url=%3Ca%20href=%22http:%2F%2Fwww.filehippo.com%2Fdownload_cpuz%2F%22%3EDownload%20CPU-Z%20from%20FileHippo.com%3C%2Fa%3E&affid=67308&lid=download%3E Code: http://www.broadcaster.com/video/index.php?bcsrtkr=a85d2&utm_campaign=Traffic&utm_source=Adon_for&utm_medium=popunder Last edited by Skeeg; 05-09-2007 at 09:40 AM. |
|
|
|
05-09-2007, 05:58 PM
| #8 (permalink) |
| Security/Hacking Mod  Join Date: Jan 2005 Location: USA
Posts: 24,664
| Re: hijack this(log) Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Please download the following program and save it to your desktop: http://noahdfear.geekstogo.com/FindAWF.exe Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic. Post: - a fresh HijackThis log - vundofix report - findawf report |
|
|
|
05-10-2007, 11:22 AM
| #9 (permalink) |
| True Techie Join Date: Nov 2005
Posts: 173
| Re: hijack this(log) Find AWF report by noahdfear ©2006 bak folders found ~~~~~~~~~~~ Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ end of report ------------------------------------------------------------------ VundoFix V6.3.21 Checking Java version... Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 11:35:06 AM 5/10/2007 Listing files found while scanning.... C:\WINDOWS\system32\cbxvusp.dll C:\WINDOWS\system32\iiffcda.dll C:\WINDOWS\system32\ijkmp.bak1 C:\WINDOWS\system32\ijkmp.bak2 C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\ijkmp.ini2 C:\WINDOWS\system32\ijkmp.tmp C:\WINDOWS\system32\jsajxvim.dll C:\WINDOWS\system32\pmkji.dll C:\WINDOWS\system32\qomjkkk.dll C:\WINDOWS\system32\xxyvvwt.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cbxvusp.dll C:\WINDOWS\system32\cbxvusp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iiffcda.dll C:\WINDOWS\system32\iiffcda.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkmp.bak1 C:\WINDOWS\system32\ijkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkmp.bak2 C:\WINDOWS\system32\ijkmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\ijkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkmp.ini2 C:\WINDOWS\system32\ijkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkmp.tmp C:\WINDOWS\system32\ijkmp.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\jsajxvim.dll C:\WINDOWS\system32\jsajxvim.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkji.dll C:\WINDOWS\system32\pmkji.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qomjkkk.dll C:\WINDOWS\system32\qomjkkk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyvvwt.dll C:\WINDOWS\system32\xxyvvwt.dll Has been deleted! Performing Repairs to the registry. Done! ---------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:22:05 PM, on 5/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Computers & Home Electronics: Laptops, Notebooks, Monitors, Desktops O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\uarxport.dll O2 - BHO: (no name) - {40C6C345-7084-4E2A-B946-12C3C364B1A7} - C:\WINDOWS\system32\pmkji.dll (file missing) O2 - BHO: (no name) - {94790318-D459-40A1-B7A7-28347A1D8970} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\xwewuorb.dll",realset O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe all the pop ups have stopped so far, i think this was my problem... thanks a ton. |
|
|
|
05-10-2007, 10:13 PM
| #10 (permalink) |
| Security/Hacking Mod Join Date: Jan 2005 Location: USA
Posts: 24,664
| Re: hijack this(log) good now see if you can remove these entries O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\uarxport.dll O2 - BHO: (no name) - {40C6C345-7084-4E2A-B946-12C3C364B1A7} - C:\WINDOWS\system32\pmkji.dll (file missing) O2 - BHO: (no name) - {94790318-D459-40A1-B7A7-28347A1D8970} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\xwewuorb.dll",realset O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ |
|
|
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hijack this(log) | rocafella99 | HijackThis Logs (finished) | 3 | 05-05-2007 10:25 PM |
| Hijack this log | SHNAPPS | HijackThis Logs (finished) | 15 | 05-02-2007 09:08 AM |
| Hijack This log | Xskull | HijackThis Logs (finished) | 17 | 04-25-2007 12:33 PM |
| hijack this log | soulafien | Virus - Spyware Protection / Detection | 4 | 04-24-2007 10:55 PM |
| Please Help with Hijack Log, spywarelocked?? | gsumax | HijackThis Logs (finished) | 6 | 04-10-2007 07:38 AM |
Linear Mode
