Could someone look at my hijack this log

Forums: Computers
Email this Topic • Print this Page

My computer has had somthing on it for some time now. It started by taking over my browser. It put some pictures scroling on my desktop. It said somthing to the effect of "you are in trouble". I will double check with my brother.
any help would be great
thanks

Logfile of HijackThis v1.97.7
Scan saved at 12:56:43 PM, on 11/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Hobson\Desktop\AboutBuster\AboutBuster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Hobson\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6D4097E2-E32A-4E3E-A270-070E73AF19AC} - C:\WINDOWS\sysqc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe
O4 - HKLM\..\Run: [mskp.exe] C:\WINDOWS\mskp.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101684771687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F0998-BCD1-4DA9-AD44-48CE2DE0B0F7}: NameServer = 207.172.3.8 207.172.3.9

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 18

Removed Data Streams:
C:\WINDOWS\Blue Lace 16.bmp:nyzyo
C:\WINDOWS\bootstat.dat:kcxsp
C:\WINDOWS\Bringer.INI:nxwio
C:\WINDOWS\cdplayer.ini:eiwsy
C:\WINDOWS\Coffee Bean.bmp:gponq
C:\WINDOWS\control.ini:sdcpb
C:\WINDOWS\crxi.dll:kdnuv
C:\WINDOWS\CTDV10K1.CDF:cefzx
C:\WINDOWS\DIIUnin.pif:gapjo
C:\WINDOWS\eReg.dat:kziro
C:\WINDOWS\FaxSetup.log:datwi
C:\WINDOWS\fpiiv.dat:vbmbk
C:\WINDOWS\iewq32.dll:ivlbn
C:\WINDOWS\INRES.DLL:cbera
C:\WINDOWS\javaac.dll:fdhjw
C:\WINDOWS\javaud32.dll:viwqh
C:\WINDOWS\javavx.dll:xvapz
C:\WINDOWS\KB828035.log:ffcob
C:\WINDOWS\kvojs.dat:qwsut
C:\WINDOWS\mfchy.dll:ojigf
C:\WINDOWS\MININU.LOG:unuzl
C:\WINDOWS\MozillaUninstall.exe:cqcsa
C:\WINDOWS\msdg.dll:uqvxd
C:\WINDOWS\msoz32.dll:mrfcx
C:\WINDOWS\netfxocm.log:movvb
C:\WINDOWS\netxh32.dll:phtgp
C:\WINDOWS\nhrct.dat:xhgnx
C:\WINDOWS\ntbtlog.txt:ajeql
C:\WINDOWS\ntpz.dll:sbowf
C:\WINDOWS\ODBCINST.INI:kawju
C:\WINDOWS\OEWABLog.txt:ytidy
C:\WINDOWS\Q321178.log:iusjs
C:\WINDOWS\READREG.EXE:noxcb
C:\WINDOWS\regopt.log:ocsht
C:\WINDOWS\Rhododendron.bmp:zlksq
C:\WINDOWS\River Sumida.bmp:drxvl
C:\WINDOWS\Santa Fe Stucco.bmp:smcxl
C:\WINDOWS\SchedLgU.Txt:nytmk
C:\WINDOWS\setup.log:wvpnl
C:\WINDOWS\setuperr.log:pwisg
C:\WINDOWS\snzdx.dat:hxbyi
C:\WINDOWS\sysjl.dll:nkysd
C:\WINDOWS\TASKMAN.EXE:ylixx
C:\WINDOWS\tmoxy.dat:qmblz
C:\WINDOWS\uneng.exe:bnmvw
C:\WINDOWS\Zapotec.bmp:temim
C:\WINDOWS\_delis32.ini:psavp

Removed 4 Random Key Entries
Removed! : C:\WINDOWS\aoohd.dat
Removed! : C:\WINDOWS\cmiqw.dll
Removed! : C:\WINDOWS\dicwg.dat
Removed! : C:\WINDOWS\elkuo.dat
Removed! : C:\WINDOWS\fpiiv.dat
Removed! : C:\WINDOWS\kbavh.dat
Removed! : C:\WINDOWS\kvojs.dat
Removed! : C:\WINDOWS\mitvw.dat
Removed! : C:\WINDOWS\nhrct.dat
Removed! : C:\WINDOWS\ptcyx.dat
Removed! : C:\WINDOWS\qcuvh.dat
Removed! : C:\WINDOWS\raahj.dat
Removed! : C:\WINDOWS\snzdx.dat
Removed! : C:\WINDOWS\snzme.dat
Removed! : C:\WINDOWS\ssnxa.dat
Removed! : C:\WINDOWS\stykz.dll
Removed! : C:\WINDOWS\tmoxy.dat
Removed! : C:\WINDOWS\zfcfx.dll
Removed! : C:\WINDOWS\system32\aizhp.dll
Removed! : C:\WINDOWS\system32\aoliw.dll
Removed! : C:\WINDOWS\system32\asvfc.dat
Removed! : C:\WINDOWS\system32\emimo.dat
Removed! : C:\WINDOWS\system32\fjcch.dat
Removed! : C:\WINDOWS\system32\letod.dat
Removed! : C:\WINDOWS\system32\lheme.dat
Removed! : C:\WINDOWS\system32\nvper.dat
Removed! : C:\WINDOWS\system32\omxob.dat
Removed! : C:\WINDOWS\system32\osagi.dat
Removed! : C:\WINDOWS\system32\pxamc.dat
Removed! : C:\WINDOWS\system32\rrhkp.dat
Removed! : C:\WINDOWS\system32\slgji.dat
Removed! : C:\WINDOWS\system32\xgnje.dat
Removed! : C:\WINDOWS\system32\xisil.dat
Removed! : C:\WINDOWS\system32\ymjqs.dat
Removed! : C:\WINDOWS\system32\zkwyf.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 18

Removed Data Streams:
C:\WINDOWS\Blue Lace 16.bmp:nyzyo
C:\WINDOWS\bootstat.dat:kcxsp
C:\WINDOWS\Bringer.INI:nxwio
C:\WINDOWS\cdplayer.ini:eiwsy
C:\WINDOWS\Coffee Bean.bmp:gponq
C:\WINDOWS\control.ini:sdcpb
C:\WINDOWS\crxi.dll:kdnuv
C:\WINDOWS\CTDV10K1.CDF:cefzx
C:\WINDOWS\DIIUnin.pif:gapjo
C:\WINDOWS\eReg.dat:kziro
C:\WINDOWS\FaxSetup.log:datwi
C:\WINDOWS\fpiiv.dat:vbmbk
C:\WINDOWS\iewq32.dll:ivlbn
C:\WINDOWS\INRES.DLL:cbera
C:\WINDOWS\javaac.dll:fdhjw
C:\WINDOWS\javaud32.dll:viwqh
C:\WINDOWS\javavx.dll:xvapz
C:\WINDOWS\KB828035.log:ffcob
C:\WINDOWS\kvojs.dat:qwsut
C:\WINDOWS\mfchy.dll:ojigf
C:\WINDOWS\MININU.LOG:unuzl
C:\WINDOWS\MozillaUninstall.exe:cqcsa
C:\WINDOWS\msdg.dll:uqvxd
C:\WINDOWS\msoz32.dll:mrfcx
C:\WINDOWS\netfxocm.log:movvb
C:\WINDOWS\netxh32.dll:phtgp
C:\WINDOWS\nhrct.dat:xhgnx
C:\WINDOWS\ntbtlog.txt:ajeql
C:\WINDOWS\ntpz.dll:sbowf
C:\WINDOWS\ODBCINST.INI:kawju
C:\WINDOWS\OEWABLog.txt:ytidy
C:\WINDOWS\Q321178.log:iusjs
C:\WINDOWS\READREG.EXE:noxcb
C:\WINDOWS\regopt.log:ocsht
C:\WINDOWS\Rhododendron.bmp:zlksq
C:\WINDOWS\River Sumida.bmp:drxvl
C:\WINDOWS\Santa Fe Stucco.bmp:smcxl
C:\WINDOWS\SchedLgU.Txt:nytmk
C:\WINDOWS\setup.log:wvpnl
C:\WINDOWS\setuperr.log:pwisg
C:\WINDOWS\snzdx.dat:hxbyi
C:\WINDOWS\sysjl.dll:nkysd
C:\WINDOWS\TASKMAN.EXE:ylixx
C:\WINDOWS\tmoxy.dat:qmblz
C:\WINDOWS\uneng.exe:bnmvw
C:\WINDOWS\Zapotec.bmp:temim
C:\WINDOWS\_delis32.ini:psavp

Attempted Clean Of Temp folder.
Pages Reset... Done!

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 4,593 • Replies: 1

No top replies

Hi mojoe128 Welcome to A2K.
Need you to do a couple things please,
1 - Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt. Unzip HijackThis into this folder.
Remove the older version your currently using,

2 - First, reboot into 'SAFE MODE'. (By tapping the F8 key on start up)
Next:
Run About Buster twice in safe Mode Save the logs it generates,
While still in safe mode,
Please restart HJT put a check next to the following if they still exist, close all open windows and click "fix.checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cmiqw.dll/sp.html#29126
O2 - BHO: (no name) - {6D4097E2-E32A-4E3E-A270-070E73AF19AC} - C:\WINDOWS\sysqc.dll
O4 - HKLM\..\Run: [mskp.exe] C:\WINDOWS\mskp.exe
make sure you can view all View all Hidden Files/Folders search for and delete the following in BOLD if still present
C:\WINDOWS\sysqc.dll
C:\WINDOWS\mskp.exe
Restart your computer,

Run About Buster twice again please, Again save the log from it and post back all the logs from AboutBuster and a fresh HJT log please.

0 Replies

Could someone look at my hijack this log

Related Topics

Quick Links

My Account

able2know