Hjt Log *updated*[RESOLVED]


Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 3:41:01 PM, on 4/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Gizmo Project\mDNSResponder.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\aim\aim.exe

C:\Program Files\Valve\Steam\Steam.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Application Data\F?nts\ati2evxx.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\DOCUME~1\OWNERY~1.001\MYDOCU~1\MANTEC~1\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-XHTR8HVC4P.001\DESKTOP\HijackThis-1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pougtaq.exe

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [w2cf522d.dll] RUNDLL32.EXE w2cf522d.dll,I2 0003c3ab02cf522d

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [iwqwxrx] C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Application Data\F?nts\ati2evxx.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [rurq] C:\PROGRA~1\COMMON~1\rurq\rurqm.exe

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\OWNERY~1.001\MYDOCU~1\MANTEC~1\rundll32.exe" -vt ndrv

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MsnFixer.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140928647593

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab

O20 - AppInit_DLLs: repairs303169569.dll

O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\wknbrand.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

Link to post
Share on other sites

sorry guys but i would really appreciate help ASAP. basically, my computer is messed up as of right now. i cant enable widows firewall and nortans is disabled already and i cant enable it. pop-ups come up all the time and i am screwed. i would appreciate any help before i reformat.

Edited by GrundleLove
Link to post
Share on other sites

Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

SurfSideKick 3

new.net

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

Link to post
Share on other sites
Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

SurfSideKick 3

new.net

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

both of those arent in my "add/remove" programs list.

Link to post
Share on other sites

ok i know i shouldn't of...but when i saw the files that were trojens/malware, i hit delete thinking it would delete the file, but it just deleted it from the list...so...umm heres the one after i did that stupid stuff

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 7.0

Adobe Stock Photos 1.0

ArcSoft ShowBiz 2

avast! Antivirus

AVS VideoConverter 3.1.1.151

Battlefield 2

Battlefield2 Bocage Dogfight Bot Support

Blackhawk Striker from Hewlett-Packard Desktops (remove only)

Blasterball 2 from Hewlett-Packard Desktops (remove only)

Bounce from Hewlett-Packard Desktops (remove only)

Cannonballs from Hewlett-Packard Desktops (remove only)

Command

DeadAIM

DH

Doom 3

DOOM 3: Resurrection of Evil

Dragon NaturallySpeaking 7.0

Easy Internet Sign-up

Enhanced Ads by Zeno removal

ewido anti-malware

Excavation from Hewlett-Packard Desktops (remove only)

Far Cry

FEAR

Five Card Frenzy from Hewlett-Packard Desktops (remove only)

GameSpy Arcade

GemMaster 3 from Hewlett-Packard Desktops (remove only)

Gizmo Project 1.3

Half-Life® 2

HijackThis 1.99.1

Honeycombs from Hewlett-Packard Desktops (remove only)

hp deskjet 3600

HP Deskjet Preloaded Printer Drivers

HP Instant Support

HP Organize

HP Photo & Imaging 3.0

HP Photo and Imaging 2.0 - Photosmart Cameras

HP Software Update

HPImageZone

Intel® Extreme Graphics Driver

IntelliMover Data Transfer Demo

InterVideo WinDVD Player

iTunes

J2SE Runtime Environment 5.0 Update 3

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.1_02

Java Web Start

KBD

LimeWire 4.10.9

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Macromedia Flash Player 8

Mars Rover from Hewlett-Packard Desktops (remove only)

MediaTickets by OIN

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft Money 2003

Microsoft Money 2003 System Pack

Microsoft Plus! Digital Media Edition

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Works 7.0

Mini Putt

mIRC

MSN Music Assistant

MUSICMATCH® Jukebox

Nero 7 Demo

Norton AntiVirus 2003

NVIDIA Drivers

OmniPass

OpenOffice.org 2.0

Orbital from Hewlett-Packard Desktops (remove only)

Otto from Hewlett-Packard Desktops (remove only)

PC-Doctor for Windows

Photosmart 140,240,7200,7600,7700,7900 Series

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

Quicken 2003 New User Edition

QuickTime

QuickTime SDK

RealOne Player

RecordNow!

S3Display

S3Gamma2

S3Info2

S3Overlay

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Slyder from Hewlett-Packard Desktops (remove only)

Sonic Update Manager

SpamSubtract

Spybot - Search & Destroy 1.4

Steam

STX from Hewlett-Packard Desktops (remove only)

System Requirements Lab

TmSunriseDemoMag 1.4.5

toolkit

Update for Windows XP (KB898461)

Update for Windows XP (KB910437)

Updates from HP

Virtual Warfare from Hewlett-Packard Desktops (remove only)

Weblink

Winamp (remove only)

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Service Pack 2

WordPerfect Office 11

Link to post
Share on other sites

therock247uk will help you clean your system and show you how to help yourself stay protected when he's done cleaning your system. By doing a system restore you won't be helping yourself any, chances are you'll end up reinfected without proper protection, etc. He should post with new directions soon. B)

B

Link to post
Share on other sites

Can you please click start > run type this

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot.

Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites
  • 2 weeks later...

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.