Avohir

Members
  • Content Count

    3
  • Joined

  • Last visited

About Avohir

  • Rank
    HJT Team
  1. thanks flash4, but I can handle it myself... I'm a Trusted Advisor at SpywareInfo... i just posted the log here to show everyone so they could be appropriately horrified at how bad it is. You also missed a couple key infections...
  2. Logfile of HijackThis v1.99.1 Scan saved at 5:36:34 PM, on 6/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\clww\jedn.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\Program Files\NaviSearch\bin\nls.exe C:\Program Files\CashBack\bin\cashback.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Kekxieu\Ztifd.exe C:\WINDOWS\System32\exp.exe C:\WINDOWS\System32\wintask.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Media Access\MediaAccK.exe C:\WINDOWS\IEXPLORER.exe C:\WINDOWS\IEXPLORER.exe C:\WINDOWS\IEXPLOR.EXE C:\WINDOWS\system32\fxssvc.exe C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe C:\WINDOWS\System32\rvvxp\gaprft.exe C:\temp\salm.exe C:\PROGRA~1\Toolbar\PIB.exe C:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe C:\WINDOWS\System32\3e3lvhs5.exe C:\WINDOWS\System32\winupdt.exe C:\WINDOWS\System32\RUNDLL32.exe C:\Documents and Settings\All Users\Application Data\msst\mssts.exe C:\WINDOWS\logon.exe C:\WINDOWS\System32\rpnkup.exe C:\WINDOWS\System32\nsvsvc\nsvsvc.exe C:\WINDOWS\System32\picsvr\picsvr.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system\mnpcsgage.exe C:\WINDOWS\sfita.exe C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe C:\PROGRA~1\Web Offer\wo.exe C:\Program Files\America Online 7.0\aoltray.exe C:\PROGRA~1\COMMON~1\mmuz\mmuza.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\Toolbar\radio.exe C:\Program Files\Norton AntiVirus\navapsvc.exe c:\windows\system32\ifndsp.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\clb-vb-eginwl.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\Program Files\Aprps\CxtPls.exe C:\Program Files\Media Access\MediaAccess.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\PROGRA~1\eZula\mmod.exe C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe C:\HJT\HijackThis.exe C:\WINDOWS\System32\dumprep.exe C:\WINDOWS\System32\dwwin.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20fd7ffc9508b72d744f8dcd51816ea9\update\update.exe C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxifiles.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected] O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bjarubj.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Stfpjq.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [spamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe O4 - HKLM\..\Run: [spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe O4 - HKLM\..\Run: [twjbujpy] C:\WINDOWS\System32\qxtiqspd.exe O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [Qqdygs] C:\Program Files\Kekxieu\Ztifd.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe" O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ywdwf] C:\WINDOWS\System32\ptvux\ywdwf.exe O4 - HKLM\..\Run: [kaelmwe] C:\WINDOWS\System32\kcae\kaelmwe.exe O4 - HKLM\..\Run: [jedn] C:\WINDOWS\System32\clww\jedn.exe O4 - HKLM\..\Run: [arntej] C:\WINDOWS\System32\gtrwkk\arntej.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLORER.exe] C:\WINDOWS\IEXPLORER.exe O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLORER.exe O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [PopMark] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [gaprft] C:\WINDOWS\System32\rvvxp\gaprft.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [rot] C:\WINDOWS\rot.exe O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitetuv32.exe O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe O4 - HKLM\..\Run: [idgenp] C:\WINDOWS\System32\idgenp.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe" O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [3e3lvhs5] C:\WINDOWS\System32\3e3lvhs5.exe O4 - HKLM\..\Run: [mpdfuc] C:\WINDOWS\System32\mpdfuc.exe O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected] O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpnkup.exe reg_run O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [cjeqmo] c:\windows\system32\ifndsp.exe O4 - HKLM\..\Run: [o73g3qV] clb-vb-eginwl.exe O4 - HKLM\..\Run: [sh32upt] C:\WINDOWS\sh32upt.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1 O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe O4 - HKCU\..\Run: [ZwsmRkZsO] tjpanage.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [mmuz] C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe O4 - HKCU\..\RunOnce: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/jabber.ocx O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/ins...ckerutility.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0003.exe O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing) O23 - Service: jednclww - Unknown owner - C:\WINDOWS\System32\clww\jedn.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
  3. Welcome to BestTechie Your log looks clean for the most part. You have a couple of minor resource hogs you can get rid of if you are having performance problems, but no parasites in evidence. What kind of problems are you having?