HijackThis log

  1. 01-02-2005  #1
    elGaveeno
    elGaveeno is offline Newbie

    HijackThis log

    Hi,
    Here's the HijackThis log that I'm posting for a friend...thanks on his behalf for any help!

    ************************************************** *****

    Logfile of HijackThis v1.99.0
    Scan saved at 12:29:03 AM, on 2/1/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\default\Application Data\area.exe
    C:\WINDOWS\System32\??xplore.exe
    C:\WINDOWS\SYSfit.exe
    C:\WINDOWS\FSScrCtl.exe
    C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp3\winamp3.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\windows\system32\pdgcyc.exe
    c:\windows\system32\calc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\wifpack.exe
    C:\WINDOWS\System32\wmaava.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mulberry\Mulberry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
    C:\Program Files\CxtPls\CxtPls.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\Documents and Settings\default\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\mnldpoff.slt\prefs.j s)
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O2 - BHO: SDWin32 Class - {3B48C816-DE38-4FB6-966B-8EE9C783D7DF} - C:\WINDOWS\System32\unjrq.dll
    O2 - BHO: (no name) - {7FCF2CC9-C154-F782-2F31-9EDC4863B394} - C:\WINDOWS\System32\klv.dll
    O2 - BHO: SDWin32 Class - {D72111DC-596F-4F9F-8268-B4CBA8F23331} - C:\WINDOWS\System32\givvm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [givvmc] C:\WINDOWS\System32\givvmc.exe
    O4 - HKLM\..\Run: [unjrqc] C:\WINDOWS\System32\unjrqc.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [pdgcyc] c:\windows\system32\pdgcyc.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [p4mW37V] wmaava.exe
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch. exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Moas] C:\Documents and Settings\default\Application Data\area.exe
    O4 - HKCU\..\Run: [Oop] C:\WINDOWS\System32\??xplore.exe
    O4 - HKCU\..\Run: [Y356RXZ6i] wifpack.exe
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [SYSfit] C:\WINDOWS\SYSfit.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Dell Home - {DE9F7D9E-71AE-44E3-8DE5-D741FBFD7B86} - http://www.dellnet.com/ (file missing) (HKCU)
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud14.sports.yahoo.com/java/y/nflgcst1008_x.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24ad3c57...p/RdxIE601.cab
    O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minib...ginstaller.cab
    O16 - DPF: {C9B08199-657A-468D-A26B-692137572131} (FFHostContainer Class) - http://www.focusfocus.com/download/windows/ffhost.cab
    O16 - DPF: {D59931FE-DC91-11D2-88D5-000000000000} (FocusFocusChat Class) - http://www.focusfocus.com/download/windows/ffcall.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.microgaming.com/r...le/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA6F046-E1A2-4F39-8A04-C02A8D39B618}: Domain = virginia.edu
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA6F046-E1A2-4F39-8A04-C02A8D39B618}: NameServer = 128.143.2.7,128.143.22.119,128.143.3.7
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = virginia.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = virginia.edu
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = virginia.edu
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
    O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  2. 03-02-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O2 - BHO: SDWin32 Class - {3B48C816-DE38-4FB6-966B-8EE9C783D7DF} - C:\WINDOWS\System32\unjrq.dll
    O2 - BHO: (no name) - {7FCF2CC9-C154-F782-2F31-9EDC4863B394} - C:\WINDOWS\System32\klv.dll
    O2 - BHO: SDWin32 Class - {D72111DC-596F-4F9F-8268-B4CBA8F23331} - C:\WINDOWS\System32\givvm.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [givvmc] C:\WINDOWS\System32\givvmc.exe
    O4 - HKLM\..\Run: [unjrqc] C:\WINDOWS\System32\unjrqc.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [pdgcyc] c:\windows\system32\pdgcyc.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [p4mW37V] wmaava.exe
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch. exe
    O4 - HKCU\..\Run: [Moas] C:\Documents and Settings\default\Application Data\area.exe
    O4 - HKCU\..\Run: [Oop] C:\WINDOWS\System32\??xplore.exe
    O4 - HKCU\..\Run: [Y356RXZ6i] wifpack.exe
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [SYSfit] C:\WINDOWS\SYSfit.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24ad3c5...ip/RdxIE601.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...uginstaller.cab

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\Program Files\CxtPls
    C:\Program Files\CSBB
    C:\WINDOWS\System32\givvmc.exe
    C:\WINDOWS\System32\unjrqc.exe
    C:\PROGRA~1\VBOUNCER
    C:\WINDOWS\System32\wsxsvc
    C:\WINDOWS\farmmext.exe
    c:\windows\system32\pdgcyc.exe
    C:\WINDOWS\wupdt.exe
    C:\Program Files\AutoUpdate
    C:\WINDOWS\System32\wmaava.exe
    C:\PROGRA~1\COMMON~1\System\MOSearch
    C:\Documents and Settings\default\Application Data\area.exe
    C:\WINDOWS\System32\??xplore.exe
    C:\WINDOWS\System32\wifpack.exe
    C:\Program Files\DR_S
    C:\WINDOWS\SYSfit.exe

    Reboot and post a fresh log
+ Reply to Thread
« Task Manager won't show | MSConfig Taskmon and others closing, HJ Log »