Messy Log.

meowman01

By meowman01,
in Malware Removal

 Share Followers 0

Recommended Posts

meowman01

meowman01

Posted
Posted

I showed this log to a friend of mine and he said it was pretty messy, and to ask you guys for help. Could someone guide me through what I should do?

Logfile of HijackThis v1.99.1

Scan saved at 2:34:23 PM, on 7/21/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINDOWS\System32\t?skmgr.exe

C:\WINDOWS\System32\hnetmon.exe

C:\WINDOWS\System32\wuauclt.exe

D:\Azureus\Azureus.exe

C:\Program Files\Java\j2re1.4.0_03\bin\javaw.exe

C:\WINDOWS\System32\igfxsrvc.exe

C:\WINDOWS\System32\erwe.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\erwe.exe

C:\WINDOWS\System32\erwe.exe

C:\WINDOWS\System32\erwe.exe

C:\WINDOWS\System32\erwe.exe

C:\WINDOWS\System32\erwe.exe

C:\WINDOWS\System32\vvvr.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\ocmpt32.exe

C:\WINDOWS\System32\odetsn32.exe

C:\Program Files\AIM\aim.exe

C:\Documents and Settings\Raffi\My Documents\My Pictures\Bike\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O1 - Hosts: indows.

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){

O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;

O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;

O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);

O4 - HKLM\..\Run: [ TOOL4AME] c:\WINDOWS\System32\ TOOL4AME.COM

O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<head>

O4 - HKLM\..\Run: [<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</html>

O4 - HKLM\..\Run: [<frame src="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=o] c:\WINDOWS\System32\<frame src="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">

O4 - HKLM\..\Run: [</frame] c:\WINDOWS\System32\</frameset>

O4 - HKLM\..\Run: [<nofra] c:\WINDOWS\System32\<noframes>

O4 - HKLM\..\Run: [<body bgcolor="#ffffff" text="#0000] c:\WINDOWS\System32\<body bgcolor="#ffffff" text="#000000">

O4 - HKLM\..\Run: [<a href="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">Click here to go to beneditutti.com</a>.

O4 - HKLM\..\Run: [</b] c:\WINDOWS\System32\</body>

O4 - HKLM\..\Run: [</nofra] c:\WINDOWS\System32\</noframes>

O4 - HKLM\..\Run: [<frame src="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.c] c:\WINDOWS\System32\<frame src="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">

O4 - HKLM\..\Run: [<a href="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">Click here to go to beneditutti.com</a>.

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [rcctratas] vvvr.exe

O4 - HKLM\..\Run: [779T35O] odetsn32.exe

O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitefmj32.exe

O4 - HKLM\..\RunServices: [rcctratas] vvvr.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O4 - HKCU\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){

O4 - HKCU\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;

O4 - HKCU\..\Run: [var strP] c:\WINDOWS\System32\var strPort;

O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);

O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe

O4 - HKCU\..\Run: [Mqwjjskp] C:\WINDOWS\System32\t?skmgr.exe

O4 - HKCU\..\Run: [hnetmon] C:\WINDOWS\System32\hnetmon.exe

O4 - HKCU\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);

O4 - HKCU\..\Run: [ TOOL4AME] c:\WINDOWS\System32\ TOOL4AME.COM

O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<head>

O4 - HKCU\..\Run: [<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</html>

O4 - HKCU\..\Run: [<frame src="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=o] c:\WINDOWS\System32\<frame src="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">

O4 - HKCU\..\Run: [</frame] c:\WINDOWS\System32\</frameset>

O4 - HKCU\..\Run: [<nofra] c:\WINDOWS\System32\<noframes>

O4 - HKCU\..\Run: [<body bgcolor="#ffffff" text="#0000] c:\WINDOWS\System32\<body bgcolor="#ffffff" text="#000000">

O4 - HKCU\..\Run: [<a href="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://landing.domainsponsor.com/?a_id=761&domainname=beneditutti.com&adultfilter=off">Click here to go to beneditutti.com</a>.

O4 - HKCU\..\Run: [</b] c:\WINDOWS\System32\</body>

O4 - HKCU\..\Run: [</nofra] c:\WINDOWS\System32\</noframes>

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [<frame src="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.c] c:\WINDOWS\System32\<frame src="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">

O4 - HKCU\..\Run: [<a href="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://apps5.oingo.com/apps/domainpark/domainpark.cgi?cid=XCTR5165&s=beneditutti.com">Click here to go to beneditutti.com</a>.

O4 - HKCU\..\Run: [Mwq3RRi7U] ocmpt32.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [rcctratas] vvvr.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm075YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12a374f03c1e2c...ip/RdxIE601.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winfixer.com/files/install...nnerInstall.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing