well heres my Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 3:48:48 PM, on 3/31/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\mousepad7.exe
C:\WINDOWS\jukrrmoA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\ms05894241383.exe
C:\WINDOWS\zifmidiA.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\David\MYDOCU~1\PPPATC~1\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\lwinqrag.exe
C:\DOCUME~1\David\LOCALS~1\Temp\cinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\jukrrmo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Documents and Settings\David\Desktop\Hijack This\HijackThis.exe

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bxhyi.exe
F2 - REG:system.ini: UserInit=userinit.exe,msndshg.exe
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp808B.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{AA-AE-E5-5E-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [jukrrmoA] C:\WINDOWS\jukrrmoA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKLM\..\Run: [636766696F6F6B71] CCD0CFD2D8D8D4.exe
O4 - HKLM\..\Run: [ms05894241383] C:\WINDOWS\ms05894241383.exe
O4 - HKLM\..\Run: [w00086a5.dll] RUNDLL32.EXE w00086a5.dll,I2 000008d1000086a5
O4 - HKLM\..\Run: [zifmidiA] C:\WINDOWS\zifmidiA.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\System32\expload.exe
O4 - HKLM\..\Run: [w00092ee.dll] RUNDLL32.EXE w00092ee.dll,I2 000008d1000092ee
O4 - HKLM\..\Run: [w00099da.dll] RUNDLL32.EXE w00099da.dll,I2 000008d1000099da
O4 - HKLM\..\Run: [w0009aca.dll] RUNDLL32.EXE w0009aca.dll,I2 000008d100009aca
O4 - HKLM\..\Run: [w0008b1b.dll] RUNDLL32.EXE w0008b1b.dll,I2 000008d100008b1b
O4 - HKLM\..\Run: [w000d1df.dll] RUNDLL32.EXE w000d1df.dll,I2 000008d10000d1df
O4 - HKLM\..\Run: [w0009a20.dll] RUNDLL32.EXE w0009a20.dll,I2 000008d100009a20
O4 - HKLM\..\Run: [w0008ee6.dll] RUNDLL32.EXE w0008ee6.dll,I2 000008d100008ee6
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinqrag.exe CORN001
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Setm] "C:\DOCUME~1\David\MYDOCU~1\PPPATC~1\explorer.exe" -vt yazr
O4 - HKCU\..\Run: [Sbuvhol] C:\WINDOWS\??sks\n?tepad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinqrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qpdsregp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142007700038
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143484037814
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\iEsacct.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\t08u0al9edq.dll
O20 - Winlogon Notify: winbjf32 - C:\WINDOWS\SYSTEM32\winbjf32.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\jukrrmo.exe

That has got to be one of the worst malware infestations I've seen in a long time. :eek:

No wonder! How come no service packs on XP or IE??
You're a p2p user but you aren't running an Antivirus program? Got a firewall?

What happened here? Has this PC had any security considerations at all?

I really only asking because to try to clean all that, you're still a huge risk for reinfection with NO windows security updates, and it's not advisable to do that until you are clean. So keep this computer off the network (if it is on one) and off the net - using another PC to access instructions here.

I'm not even sure cleaning is the best option for this PC as a reformat/reinstall would probably be much quicker for you and for me. But if you want us to try to clean you'll need to start here:

SpywareQuake/SpywareFalcon HiJack
http://forums.spybot.info/showthread.php?t=3261

And then these steps here:
Before you post a log
http://forums.spybot.info/showpost.php?p=1150&postcount=2

When you are done with all of that, rescan and post a fresh HijackThis log.

That has got to be one of the worst malware infestations I've seen in a long time. :eek:

No wonder! How come no service packs on XP or IE??
You're a p2p user but you aren't running an Antivirus program? Got a firewall?

What happened here? Has this PC had any security considerations at all?

I really only asking because to try to clean all that, you're still a huge risk for reinfection with NO windows security updates, and it's not advisable to do that until you are clean. So keep this computer off the network (if it is on one) and off the net - using another PC to access instructions here.

I'm not even sure cleaning is the best option for this PC as a reformat/reinstall would probably be much quicker for you and for me. But if you want us to try to clean you'll need to start here:

SpywareQuake/SpywareFalcon HiJack
http://forums.spybot.info/showthread.php?t=3261

And then these steps here:
Before you post a log
http://forums.spybot.info/showpost.php?p=1150&postcount=2

When you are done with all of that, rescan and post a fresh HijackThis log.


I've tried installing windows service packs and antivirus software, the service packs can't finish installing, I get an error messege and it dosn't let me finish the installation. How would I reformat\reinstall though, if its an easier option? :confused:

It's an easier option if you know how to do it :(
It means backing up your important data files (not software) and wiping the Hard Drive clean, then reinstalling the operating system. Not a project for the novice however.

Do you have your original Windows Installation CDs?

If you don't have someone who can help you there, start with the steps I recommended above. I'm not sure how much damage has been done to this PC and not sure we can restore it to a trustworthy condition, but we can try to clean it as best we can.

We can't install any windows updates with all that malware on there at the moment, so it's best to limit any online activity. Do you have another PC you can communicate from and get directions from here?

I've been using a friend's computer to acess the directions here, and I don't have a windows XP CD, but he does, and said he knows what to do :)

Thanks for the advice though, I think the gesture of trying to help can be appreceated greatly even if it isn't always what works out. Well, I guess we can close this thread, thanks for everything :bigthumb:

Ah, good. Ok glad you have a knowledgeable friend there that can help you, however using his copy of Windows means you will not have the genuine version and will not be able to get the windows security updates you need. You really do need SP2 to be protected from the latest nasties that take advantage of unpatched systems. Wherever you bought your computer, should be able to supply replacements for you or, if OEM, your computer manufacturer. Which is what I would strongly advise so that you can get the updates you need.

I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).

"So, how did I get infected in the first place?" (by Tony Klein)
http://forums.spybot.info/showthread.php?t=279

Service Pack 2 for XP is now available and it will address numerous security issues in your Operating System and IE :)
http://v5.windowsupdate.microsoft.com/en/default.asp
But you will need a valid version of Windows to get this.

You may have gotten infected downloading files from Limewire, you need to use caution using p2p programs, as many of the files are infected with various malware.

See Tashi's great article on p2p programs here:
File Sharing, otherwise known as Peer To Peer (P2P)
http://forums.spybot.info/showthread.php?t=282

I'll go ahead and archive this thread now. If you should need it reopened for any reason, please feel free to send a PM request with a link to this thread to any of the Moderators :)

Good luck, and stay safe!