HJT File. Can someone help me?

Discussion in 'Windows - Virus and spyware problems' started by Savage718, Aug 10, 2007.

  1. Savage718

    Savage718 Member

    Joined:
    May 5, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 4:45:45 PM, on 8/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\msiconf.exe
    C:\Windows\xpupdate.exe
    C:\Program Files\Magicantispy\Magicantispy.exe
    C:\Program Files\Ezdental\WebSyncReminder.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\agent64.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\sv32.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\powerhost.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\host16.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\win32.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\winpower.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\sysmon.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\winagent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\new\LOCALS~1\Temp\agentsyn.exe
    C:\Documents and Settings\new\Desktop\hijackthis_sfx.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://winsafesurf.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://winsafesurf.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1ca43a3c-2929-44b3-b864-0192cd2bcf11} - C:\WINDOWS\system32\edaavdp.dll
    O2 - BHO: (no name) - {40099E50-AEA1-49B7-A669-F15302C24ABB} - C:\Program Files\WindowsUpdate\safel83122.dll
    O2 - BHO: (no name) - {43C83ABD-B0A5-4A7A-AABB-2A84C1744E59} - C:\Program Files\WindowsUpdate\safel2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7DB69560-8207-449A-A44F-6B75FDBAF2CD} - C:\WINDOWS\system32\urspp.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
    O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
    O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\smmywgiu.dll
    O2 - BHO: (no name) - {DBDD7838-1203-44A4-8493-BF28030686C8} - C:\Program Files\WindowsUpdate\safel455101.dll
    O2 - BHO: (no name) - {EFF9B192-6A01-4D85-B7BD-9A83F17DD21A} - C:\Program Files\WindowsUpdate\safel4444.dll
    O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\fccyaya.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [bantool] C:\\ie_ban.exe
    O4 - HKLM\..\Run: [{DF-F2-21-12-ZN}] c:\windows\system32\okdsregr.exe SKY008
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [hjnszghA] C:\WINDOWS\hjnszghA.exe
    O4 - HKLM\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinlpdt.exe SKY008
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\deaevfmv.dll",forkonce
    O4 - HKLM\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O4 - HKCU\..\Run: [SystemTray.exe] C:\Program Files\Ezdental\SystemTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Rarw] "C:\WINDOWS\system32\SMBOLS~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [MSI Configuration Utility] msiconf.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Web Sync Reminder.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Security InfoCenter - {CEF2D273-7F43-4445-B9DF-FD095524C49F} - http://winsafesurf.com/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/babel/zylomplayer.cab
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: fccyaya - fccyaya.dll (file missing)
    O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
    O20 - Winlogon Notify: urspp - C:\WINDOWS\system32\urspp.dll (file missing)
    O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
     
    Savage718, Aug 10, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Download and Run ComboFix
    *Download this file from either of the two below listed places :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    *Then double click combofix.exe & follow the prompts.
    *When finished, it shall produce a log for you. Post that log in your next reply
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    ======

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    * Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
    Last edited by a moderator: Aug 10, 2007
    Auttaja, Aug 10, 2007
    #2

Share This Page