My Hijack-this log

Discussion in 'adware, spyware & hijack cleaning' started by Moreno325, Jun 22, 2004.

Thread Status:
Not open for further replies.
  1. Moreno325

    Moreno325 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    5
    Thank you guys for your help :D

    Logfile of HijackThis v1.97.7
    Scan saved at 3:04:53 PM, on 6/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\sony\giga pocket\shwserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Sony\giga pocket\RM_SV.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wapisvtr.exe
    C:\Documents and Settings\authorized user\Application Data\iptl.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Sony\giga pocket\ReserveModule.exe
    C:\WINDOWS\System32\dwwin.exe
    C:\Program Files\sony\giga pocket\gps.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Logitech\Profiler\LWEmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\avmebdvd.exe
    C:\WINDOWS\System32\xciava.exe
    C:\Program Files\SysAI\SysAI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\authorized user\Desktop\HijackThis.exe

    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
    O4 - HKLM\..\Run: [ngx] C:\WINDOWS\ngx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tav] C:\WINDOWS\tav.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [MTZAGNT] C:\WINDOWS\MTZAGNT.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ryb] C:\WINDOWS\ryb.exe
    O4 - HKLM\..\Run: [DefaultBind] C:\PROGRA~1\GPLMET~1\nurb fast bin.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [3] C:\documents and settings\authorized user\local settings\temp\3.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [GsqLmok] C:\documents and settings\authorized user\local settings\temp\GsqLmok.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Uninstall_WinTools] C:\DOCUME~1\AUTHOR~1\LOCALS~1\Temp\WTuninst.exe remove
    O4 - HKLM\..\Run: [AutoLoaderp0tt1KWTKJPJ] "C:\WINDOWS\System32\brodm.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [p72R38j] avmebdvd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [WTST] C:\WINDOWS\System32\wapisvtr.exe
    O4 - HKCU\..\Run: [Ywt5RUH7R] xciava.exe
    O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe
    O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\authorized user\Application Data\iptl.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Search cracks at CrackSpider.NET (HKCU)
    O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Moreno325

    Moreno325 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    5
    ahhhhhhhhh HELP! I cant take it anymore :blink:
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    We are very limited considering the enormous numbers of users being infected. Please understand the experts will get to each and everyone as quickly as possible. Hopefully the delay is satisfactory but do understand they are doing this service Freely as volunteers as quickly as possible.
     
  4. Moreno325

    Moreno325 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    5
    Sorry about that, I waited this time.
     
  5. Moreno325

    Moreno325 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    5
    [MOVE]Ok this is loltastic[/MOVE]
     
  6. Moreno325

    Moreno325 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    5
    LOL K LOL
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Moreno325,

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. These will now end up on your desktop..

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

    O4 - HKLM\..\Run: [ngx] C:\WINDOWS\ngx.exe

    O4 - HKLM\..\Run: [tav] C:\WINDOWS\tav.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [MTZAGNT] C:\WINDOWS\MTZAGNT.exe

    O4 - HKLM\..\Run: [ryb] C:\WINDOWS\ryb.exe
    O4 - HKLM\..\Run: [DefaultBind] C:\PROGRA~1\GPLMET~1\nurb fast bin.exe

    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [3] C:\documents and settings\authorized user\local settings\temp\3.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [GsqLmok] C:\documents and settings\authorized user\local settings\temp\GsqLmok.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

    O4 - HKLM\..\Run: [Uninstall_WinTools] C:\DOCUME~1\AUTHOR~1\LOCALS~1\Temp\WTuninst.exe remove
    O4 - HKLM\..\Run: [AutoLoaderp0tt1KWTKJPJ] "C:\WINDOWS\System32\brodm.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKLM\..\Run: [p72R38j] avmebdvd.exe

    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [WTST] C:\WINDOWS\System32\wapisvtr.exe
    O4 - HKCU\..\Run: [Ywt5RUH7R] xciava.exe
    O4 - HKCU\..\Run: [monitor] Explorer.exe monitor.exe
    O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\authorized user\Application Data\iptl.exe

    O9 - Extra button: Search cracks at CrackSpider.NET (HKCU)
    O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET (HKCU)

    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

    Then reboot into safe mode and delete:
    C:\Program Files\TV Media <= entire folder
    C:\Program Files\AutoUpdate <= entire folder
    C:\Program Files\SysAI <= entire folder
    C:\Documents and Settings\authorized user\Application Data\iptl.exe
    C:\WINDOWS\System32\wapisvtr.exe
    C:\Program Files\GPLMET~1 <= entire folder that holds nurb fast bin.exe
    c:\program files\altnet\points manager <= entire folder
    C:\Program Files\Common Files\Dpi <= entire folder
    C:\WINDOWS\system32\pcs <= entire folder
    C:\WINDOWS\System32\IEHost.exe
    C:\Program Files\Common files\updmgr <= entire folder

    And (still in safe mode) use the DiskCleanup Tool to empty all your Temp folders.

    When you are done, run HijackThis again and post the new log, so we can see if it all worked out as planned.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.