1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

thank you for looking at my hjiack log

Discussion in 'Windows - Virus and spyware problems' started by G_WNIT, Aug 28, 2007.

  1. G_WNIT

    G_WNIT Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 2:06:59 PM, on 8/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\bXIuZGlyZWN0b3I\command.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\retadpu1000106.exe
    c:\windows\system32\ljdsrngp.exe
    C:\WINDOWS\system32\lwinkmdt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\regscan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IDETOOL\IDETOOL.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\b122.exe
    C:\Program Files\WinPop\winpop.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "C:\DOCUME~1\MR0198~1.DIR\LOCALS~1\Temp\WinAntiSpyware2007FreeInstall.exe" -nag
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RunMe] C:\DOCUME~1\MR0198~1.DIR\LOCALS~1\Temp\WZSE0.TMP\setup.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [{4F-F5-5C-C6-ZN}] c:\windows\system32\ljdsrngp.exe CHD003
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [horyf] C:\Program Files\MSN Gaming Zone\horyf22011.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinkmdt.exe CHD003
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hafiubkm.dll",forkonce
    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ljdsrngp.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinkmdt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bXIuZGlyZWN0b3I\command.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
     
    G_WNIT, Aug 28, 2007
    #1
  2. PeaInAPod

    PeaInAPod Active member

    Joined:
    Nov 28, 2005
    Messages:
    3,050
    Likes Received:
    0
    Trophy Points:
    66
    Alright first delete everything I have listed below. Then reboot and rename HijackThis.exe to ABCD.exe(you probably won't see the exe part). Then rescan and post a new log here.

    C:\WINDOWS\bXIuZGlyZWN0b3I\command.exe

    C:\Program Files\Network Monitor\netmon.exe

    C:\WINDOWS\retadpu1000106.exe

    c:\windows\system32\ljdsrngp.exe

    C:\WINDOWS\system32\lwinkmdt.exe

    C:\WINDOWS\system32\regscan.exe

    C:\Program Files\IDETOOL\IDETOOL.EXE (unsure of this, if you know what is it/is for then leave it. Otherwise remove it)

    C:\Program Files\WinPop\winpop.exe

    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "C:\DOCUME~1\MR0198~1.DIR\LOCALS~1\Temp\WinAntiSpyware2007FreeInstall.exe" -nag

    O4 - HKLM\..\Run: [{4F-F5-5C-C6-ZN}] c:\windows\system32\ljdsrngp.exe CHD003

    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    O4 - HKLM\..\Run: [horyf] C:\Program Files\MSN Gaming Zone\horyf22011.exe

    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinkmdt.exe CHD003

    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hafiubkm.dll",forkonce

    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe

    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe

    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ljdsrngp.exe

    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinkmdt.exe

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bXIuZGlyZWN0b3I\command.exe

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
     
    PeaInAPod, Aug 28, 2007
    #2

Share This Page