hijack this long file.. plz help :)

**shortii8221** · 18-05-2005

sorry i put my thread in the wrong place.... plz help when you can

Logfile of HijackThis v1.99.0
Scan saved at 4:29:27 PM, on 05/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\AmericanIdol\MECA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Voodoo\voodoo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bacca\My Documents\Exe files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FFDA2BCC-B228-D3DB-2026-9F5B542933C4} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Lfszxj] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [MECA] C:\Program Files\AmericanIdol\MECA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: STOPzilla Service - Unknown - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

thanks

**HJThis** · 19-05-2005

Hello,shortii8221 & Welcome

First

Go for free online Virus scans here:

http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

then post us new logfile & till us if anything was found

HGD

**shortii8221** · 19-05-2005

okie i used ewido security suite and this is the log file i got .... do i have to use online scans?

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:43:31 PM, 05/18/2005
+ Report-Checksum: 9EAF1B3E

+ Date of database: 05/18/2005
+ Version of scan engine: v3.0

+ Duration: 147 min
+ Scanned Files: 116585
+ Speed: 13.18 Files/Second
+ Infected files: 33
+ Removed files: 22
+ Files put in quarantine: 22
+ Files that could not be opened: 0
+ Files that could not be cleaned: 11

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\WINDOWS\system32
C:\Documents and Settings\bacca\Desktop

+ Scan result:
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Spyware.SaveNow.z -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\DeskAdX.dll -> Spyware.WinAD.f -> Cleaned with backup
C:\WINDOWS\IEMenuExtension.exe -> Spyware.Ucmore.a -> Cleaned with backup
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.ISearch.e -> Cleaned with backup
C:\WINDOWS\mm21.ocx -> TrojanDownloader.VB.ez -> Cleaned with backup
C:\WINDOWS\mmwork.exe -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\sskb5.exe -> TrojanDropper.SurfSide.a -> Cleaned with backup
C:\WINDOWS\SSK_B5.EXE -> TrojanDropper.SurfSide.a -> Cleaned with backup
C:\WINDOWS\suploads.exe -> Spyware.VB.ei -> Cleaned with backup
C:\WINDOWS\system32\adupdater.exe -> Spyware.Adstart.b -> Cleaned with backup
C:\WINDOWS\system32\akcore.dll -> Spyware.Coreak -> Cleaned with backup
C:\WINDOWS\system32\aklsp.dll -> TrojanDownloader.Agent.br -> Cleaned with backup
C:\WINDOWS\system32\akupd.dll -> Spyware.Ezula -> Cleaned with backup
C:\WINDOWS\system32\calsp.dll -> TrojanDownloader.Agent.br -> Cleaned with backup
C:\WINDOWS\system32\carules.dll -> Spyware.CouponAge -> Cleaned with backup
C:\WINDOWS\system32\hticons.exe -> TrojanDownloader.Agent.am -> Cleaned with backup
C:\WINDOWS\system32\ksfbjd.exe -> Spyware.Adstart.b -> Cleaned with backup
C:\WINDOWS\system32\ksfbjf.exe -> Spyware.Adstart.b2 -> Cleaned with backup
C:\WINDOWS\system32\newdevin.exe -> Spyware.BookedSpace.c -> Cleaned with backup
C:\WINDOWS\system32\PlayBingoOnline.exe -> TrojanDownloader.Small.zh -> Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\system32\adupdater.exe -> Spyware.Adstart.b -> Error during cleaning
C:\WINDOWS\system32\akcore.dll -> Spyware.Coreak -> Error during cleaning
C:\WINDOWS\system32\aklsp.dll -> TrojanDownloader.Agent.br -> Error during cleaning
C:\WINDOWS\system32\akupd.dll -> Spyware.Ezula -> Error during cleaning
C:\WINDOWS\system32\calsp.dll -> TrojanDownloader.Agent.br -> Error during cleaning
C:\WINDOWS\system32\carules.dll -> Spyware.CouponAge -> Error during cleaning
C:\WINDOWS\system32\hticons.exe -> TrojanDownloader.Agent.am -> Error during cleaning
C:\WINDOWS\system32\ksfbjd.exe -> Spyware.Adstart.b -> Error during cleaning
C:\WINDOWS\system32\ksfbjf.exe -> Spyware.Adstart.b2 -> Error during cleaning
C:\WINDOWS\system32\newdevin.exe -> Spyware.BookedSpace.c -> Error during cleaning
C:\WINDOWS\system32\PlayBingoOnline.exe -> TrojanDownloader.Small.zh -> Error during cleaning

::Report End

Thank you very much for ur help

**shortii8221** · 19-05-2005

this is my new log file from hijack

Logfile of HijackThis v1.99.0
Scan saved at 1:16:43 AM, on 05/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\AmericanIdol\Meca.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bacca\My Documents\Exe files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FFDA2BCC-B228-D3DB-2026-9F5B542933C4} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "bacca"
O4 - HKCU\..\Run: [Lfszxj] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [MECA] C:\Program Files\AmericanIdol\MECA.EXE
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "bacca"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: STOPzilla Service - Unknown - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

thanks

**HJThis** · 19-05-2005

Hi,shortii8221

Wow i'm glad we went over there nice work

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {FFDA2BCC-B228-D3DB-2026-9F5B542933C4} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKCU\..\Run: [Lfszxj] C:\WINDOWS\System32\d?dplay.exe

O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/...erInstaller.exe

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
C:\WINDOWS\System32\d?dplay.exe<---This file

Then reboot now i get to give a way some toy's hehe

but first

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.

& Then

* Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
1. Change the Download signed ActiveX controls to Prompt
2. Change the Download unsigned ActiveX controls to Disable
3. Change the Initialize and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

# Next press the Apply button and then the OK to exit the Internet Properties page.

& weeeeee the toy's

SpywareBlaster - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
http://www.javacoolsoftware.com/spywareguard.html

IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

This prog here keeps the PC nice & clean

popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.

& as always i say use Firefox & Mozilla use IE only for updates

Get your Firefox here

Mo who

HGD

**shortii8221** · 20-05-2005

Thank you very much... if i have anymore problems i will let you know

**HJThis** · 20-05-2005

Hi,shortii8221

I have one thing to add here

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.

now as i said if you have any problems you know where
we are just ask one of the Admins/Mods & thank you for
having as at D-A-L help you with this logfile.

HGD

hijack this long file.. plz help :)

hijack this long file.. plz help :)

Similar Threads

Hijack this log file

system32 file opens at startup -and my hijack file

Dl.exe Hijack This File

Help!! Hijack this log file

My Hijack This log file