PDA

View Full Version : All sorts of infections that I'm not able to remove. Please Help.


Sitnam
2006-07-16, 07:17
HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 10:08:20 PM, on 7/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\rhcbx.exe
H:\WINDOWS\System32\bxlwxc.exe
H:\WINDOWS\System32\rhcbx.exe
H:\WINDOWS\System32\rhcbx.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\wdfmgr.exe
H:\WINDOWS\thiselt.exe
H:\WINDOWS\System32\bdpn.exe
H:\Program Files\Common Files\{985A82FF-0729-1033-0722-041104040001}\Update.exe
H:\Program Files\TClock\TClock.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
H:\Program Files\Trillian\trillian.exe
H:\Program Files\Winamp\Winamp.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Blake Womick\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - H:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, H:\WINDOWS\System32\rhcbx.exe
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe,ddjfihw.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - H:\WINDOWS\System32\v199.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {80052934-5614-EBEB-4203-D1EC44D35EDA} - H:\WINDOWS\rlzbjdik.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - H:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - H:\Program Files\Lycos\sst.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {9E33E206-4948-538C-D8EF-D4A2FE93FD1F} - H:\WINDOWS\rlzbjdik.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - H:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebInstall2] H:\Program Files\FreeWire\WebInstall.exe /R
O4 - HKLM\..\Run: [outlook] H:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [IpWins] H:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [pop06apelt] H:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [bppoxa] H:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [ftexc] H:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [kSPYv] "H:\WINDOWS\System32\bdpn.exe"
O4 - HKLM\..\Run: [TheMonitor] H:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [SurfSideKick 3] H:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] H:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [wmwpy] H:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKCU\..\Run: [Aort] "H:\PROGRA~1\COMMON~1\ASKS~1\regedit.exe" -vt ndrv
O4 - HKCU\..\Run: [Enxwg] H:\Program Files\??stem32\w?nword.exe
O4 - HKCU\..\Run: [SurfSideKick 3] H:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: BitTorrent.lnk = H:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Registration-PCTV Deluxe.lnk = H:\Program Files\Pinnacle\Pinnacle PCTV Deluxe\Online Registration\RegTool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = ?
O4 - Global Startup: tfwxe.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - H:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - H:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - H:\WINDOWS\System32\v199.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Sitnam
2006-07-16, 07:40
BTW, the taskmanager has ceased to function.
LonnyRJones
2006-07-19, 13:08
Hello

Is this your PC ?
Filesharring programs and no antivirus or firewall, not a good combination
For now post a uninstall list


Create a hijackthis uninstall list
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread
tashi
2006-07-24, 10:04
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.