Bugs[INACTIVE]


Recommended Posts

this is my hijack this log please help me

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:34:21 PM, on 10/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\vifiudeb.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\whrohouu.dll",sitypnow

O4 - HKLM\..\RunOnce: [spybotDeletingA8975] command /c del "C:\WINDOWS\system32\usqtoaqr.exe_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC2800] cmd /c del "C:\WINDOWS\system32\usqtoaqr.exe_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingA2065] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC5864] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA1204] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC743] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingA9306] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC5575] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\RunOnce: [spybotDeletingB809] command /c del "C:\WINDOWS\system32\usqtoaqr.exe_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingD9651] cmd /c del "C:\WINDOWS\system32\usqtoaqr.exe_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingB7739] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingD7097] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingB2384] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingD4224] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingB7307] command /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O4 - HKCU\..\RunOnce: [spybotDeletingD296] cmd /c del "C:\WINDOWS\system32\hggdcba.dll_tobedeleted"

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Filter hijack: text/html - {F9E8FA45-13A2-487F-88EF-E8D6CCC62D94} - C:\WINDOWS\System32\pjdg.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5740 bytes

Link to post
Share on other sites

damian,

Hello, and welcome to Besttechie.net. Your log tells me that Spybot has been trying to delete files on reboot, but either you haven't rebooted or it's not been able to do so. I believe you also have a vundo infection. Please do the following for me:

Go to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe, right click on it, and rename it to hjt.exe. Please scan again and post the new hijackthis log for me.

Thanks,

sari

Link to post
Share on other sites

i hope i renamed it right. thanx for the help

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:00:56 PM, on 10/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\flooptnk.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {2632CB6A-0A81-1938-807B-74129546BC9B} - C:\WINDOWS\System32\ekzwdgor.dll (file missing)

O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\System32\hggdcba.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: (no name) - {B8A8BB13-5FC8-4ED8-9A79-9EA42A43DFF7} - C:\WINDOWS\system32\lgaavcrl.dll

O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\System32\gswdbqii.dll

O2 - BHO: (no name) - {D2740E58-F1E1-4A95-A305-DF80CDC78938} - C:\WINDOWS\System32\jkklk.dll

O2 - BHO: (no name) - {D5F55E01-73FA-4DED-905A-96C1FCF615A1} - C:\WINDOWS\System32\pjdg.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\sojesfeb.dll",sitypnow

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Filter hijack: text/html - {F9E8FA45-13A2-487F-88EF-E8D6CCC62D94} - C:\WINDOWS\System32\pjdg.dll

O20 - Winlogon Notify: hggdcba - C:\WINDOWS\SYSTEM32\hggdcba.dll

O20 - Winlogon Notify: jkklk - C:\WINDOWS\System32\jkklk.dll

O20 - Winlogon Notify: winpez32 - winpez32.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\flooptnk.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5786 bytes

Link to post
Share on other sites

damian,

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks,

sari

Link to post
Share on other sites

here goes thank you

ComboFix 07-10-23.2 - Front Desk 2007-10-23 17:18:10.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT -7:00]

Running from: C:\Documents and Settings\Front Desk\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Front Desk\My Documents\FNTS~1

C:\Documents and Settings\Front Desk\My Documents\SEMBLY~1

C:\Program Files\Common Files\{307EA~1

C:\Program Files\Common Files\{307EA~1\Activate.exe

C:\Program Files\Common Files\{307EA~1\Uninst.exe

C:\Program Files\Common Files\{307EA~1\UnInstall.exe

C:\Program Files\Common Files\racle~1

C:\Program Files\oin search

C:\Program Files\oin search\OINSearch.dll

C:\Program Files\oin search\Uninstall.exe

C:\Program Files\outerinfo

C:\Program Files\outerinfo\OiUninstaller.exe

C:\Program Files\outerinfo\outerinfo.ico

C:\Program Files\outerinfo\Terms.rtf

C:\Program Files\safety bar

C:\Program Files\safety bar\Uninstall.bat

C:\WA6P

C:\WINDOWS\cookies.ini

C:\WINDOWS\curity~1

C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe

C:\WINDOWS\hosts

C:\WINDOWS\racle~1

C:\WINDOWS\racle~1\?racle\

C:\WINDOWS\sks~1

C:\WINDOWS\stem32~1

C:\WINDOWS\stem32~1\??stem32\

C:\WINDOWS\system32\airggcro.exe

C:\WINDOWS\system32\aobikaba.exe

C:\WINDOWS\system32\befsejos.ini

C:\WINDOWS\system32\components

C:\WINDOWS\system32\dcnbwmvs.exe

C:\WINDOWS\system32\ddaba.dll

C:\WINDOWS\system32\efngdgne.ini

C:\WINDOWS\system32\engdgnfe.dll

C:\WINDOWS\system32\epwkdphg.ini

C:\WINDOWS\system32\esqygmbu.dll

C:\WINDOWS\system32\fabfshxr.exe

C:\WINDOWS\system32\fftskkat.exe

C:\WINDOWS\system32\flooptnk.exe

C:\WINDOWS\system32\ghpdkwpe.dll

C:\WINDOWS\system32\gjkogynq.dll

C:\WINDOWS\system32\gswdbqii.dll

C:\WINDOWS\system32\hggdcba.dll

C:\WINDOWS\system32\ihxiorct.dll

C:\WINDOWS\system32\jkklk.dll

C:\WINDOWS\system32\jrfpcpyq.dll

C:\WINDOWS\system32\juypdfjd.exe

C:\WINDOWS\system32\klkkj.bak1

C:\WINDOWS\system32\klkkj.bak2

C:\WINDOWS\system32\klkkj.ini

C:\WINDOWS\system32\klkkj.ini2

C:\WINDOWS\system32\klkkj.tmp

C:\WINDOWS\system32\kpanfmty.exe

C:\WINDOWS\system32\leohrovo.dll

C:\WINDOWS\system32\lgaavcrl.dll

C:\WINDOWS\system32\lqnrsdux.ini

C:\WINDOWS\system32\lqwgixod.exe

C:\WINDOWS\system32\lwlhdqxa.exe

C:\WINDOWS\system32\mcjtjvwy.dll

C:\WINDOWS\system32\mfjmofqw.exe

C:\WINDOWS\system32\mjfkwpeu.exe

C:\WINDOWS\system32\ocnyajps.dll

C:\WINDOWS\system32\oewmemik.exe

C:\WINDOWS\system32\oonqtouu.dll

C:\WINDOWS\system32\ovorhoel.ini

C:\WINDOWS\system32\ovqcrsad.exe

C:\WINDOWS\system32\oxwvyian.dll

C:\WINDOWS\system32\pskxxbrd.dll

C:\WINDOWS\system32\qgtfeajc.exe

C:\WINDOWS\system32\qnygokjg.ini

C:\WINDOWS\system32\qpwbkwvq.exe

C:\WINDOWS\system32\qydawuus.exe

C:\WINDOWS\system32\qypcpfrj.ini

C:\WINDOWS\system32\rdbjfdfp.exe

C:\WINDOWS\system32\sctrgnpe.exe

C:\WINDOWS\system32\sks~1

C:\WINDOWS\system32\sojesfeb.dll

C:\WINDOWS\system32\spjaynco.ini

C:\WINDOWS\system32\stbqbqqm.dll

C:\WINDOWS\system32\txsvslhi.exe

C:\WINDOWS\system32\ubmgyqse.ini

C:\WINDOWS\system32\upgnovqu.exe

C:\WINDOWS\system32\utmyimgn.exe

C:\WINDOWS\system32\uuohorhw.ini

C:\WINDOWS\system32\uuotqnoo.ini

C:\WINDOWS\system32\vfomowcq.exe

C:\WINDOWS\system32\vifiudeb.exe

C:\WINDOWS\system32\vtutt.dll

C:\WINDOWS\system32\wblpgdua.dll

C:\WINDOWS\system32\whrohouu.dll

C:\WINDOWS\system32\wnstssv.exe

C:\WINDOWS\system32\xudsrnql.dll

C:\WINDOWS\system32\xukpitki.dll

C:\WINDOWS\system32\xwwgccln.exe

C:\WINDOWS\system32\ywvjtjcm.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_COM+_MESSAGES

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_FOPN

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))

.

2007-10-23 17:07 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-23 12:30 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-10-22 12:51 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys

2007-10-22 12:51 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe

2007-10-22 12:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll

2007-10-22 10:39 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-21 22:19 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-23 19:29 --------- d-----w C:\Program Files\Common Files\Real

2007-10-04 05:48 --------- d-----w C:\Documents and Settings\Front Desk\Application Data\MSN6

2001-07-26 23:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini

2001-07-05 19:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB

2001-05-11 18:39 53,248 -c--a-w C:\Program Files\ACMonitor_X73.exe

2001-05-08 23:36 114,688 -c--a-w C:\Program Files\lxarscan.dll

2001-04-23 21:22 1,437 -c--a-w C:\Program Files\gtx73.ini

2001-02-22 16:54 768 -c--a-w C:\Program Files\x73_lut.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2632CB6A-0A81-1938-807B-74129546BC9B}]

C:\WINDOWS\System32\ekzwdgor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5F55E01-73FA-4DED-905A-96C1FCF615A1}]

C:\WINDOWS\System32\pjdg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-07-31 17:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpez32]

winpez32.dll

R2 SonyFKC;Keyboard State Detection Service;C:\WINDOWS\system32\Drivers\SonyFKC.sys

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys

R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS

S3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys

.

Contents of the 'Scheduled Tasks' folder

"2005-03-22 22:47:05 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

"2005-03-22 22:47:05 C:\WINDOWS\Tasks\Registration reminder 2.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

"2005-03-22 22:47:05 C:\WINDOWS\Tasks\Registration reminder 3.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-23 17:37:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-23 17:39:11 - machine was rebooted

.

--- E O F ---

Link to post
Share on other sites

you are an angel. new hjt log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:57:36 PM, on 10/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {2632CB6A-0A81-1938-807B-74129546BC9B} - C:\WINDOWS\System32\ekzwdgor.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: (no name) - {D5F55E01-73FA-4DED-905A-96C1FCF615A1} - C:\WINDOWS\System32\pjdg.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: winpez32 - winpez32.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5107 bytes

Link to post
Share on other sites

damian,

I'm sure there are people that would say I'm no angel! My kids, especially. :lol:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

HJT Entries go here

Now close all windows other than HiJackThis, then click Fix Checked.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please post a new hijackthis log and let me know how things are running.

sari

Link to post
Share on other sites

damian,

Sorry about that. :blush:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {2632CB6A-0A81-1938-807B-74129546BC9B} - C:\WINDOWS\System32\ekzwdgor.dll (file missing)

O2 - BHO: (no name) - {D5F55E01-73FA-4DED-905A-96C1FCF615A1} - C:\WINDOWS\System32\pjdg.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O20 - Winlogon Notify: winpez32 - winpez32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

I have 2 teenage girls (and no sanity left).

sari

Link to post
Share on other sites

here is my new log file. thanks again.

2 teens wow thats rough. i have a 3 yr boy and and am expecting twins!!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:38:12 PM, on 10/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 4704 bytes

Link to post
Share on other sites
Guest
This topic is now closed to further replies.