hijack this log, pls tell me what to fix

Status
Not open for further replies.
M

maximus600

my comp is very screwed up i need some help deleting the things that i need to could someone please reply or send an email to max_mcconchie69@hotmail.com telling me what i need to fix which wuld be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:11:05 PM, on 8/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\winwt32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINNT\system32\appxg32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Documents and Settings\Remy Gorgolon\Application Data\iatr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Remy Gorgolon\My Documents\Max\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\fesns.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7BA9C52F-3A0D-2815-6A75-5375F628455D} - C:\WINNT\d3ym.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Update] apjxzjm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [addlb.exe] C:\WINNT\system32\addlb.exe
O4 - HKLM\..\Run: [apiel.exe] C:\WINNT\system32\apiel.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] crxvymk.exe
O4 - HKLM\..\Run: [Configuration Loader] svschost.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [appxg32.exe] C:\WINNT\system32\appxg32.exe
O4 - HKLM\..\Run: [fvvelxdbb] C:\WINNT\System32\gzcpgwt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [block buster] C:\Documents and Settings\Remy Gorgolon\Local Settings\Temp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Update] apjxzjm.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] crxvymk.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] apjxzjm.exe
O4 - HKCU\..\Run: [Aoia] C:\Documents and Settings\Remy Gorgolon\Application Data\iatr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] crxvymk.exe
O4 - HKCU\..\Run: [Configuration Loader] svschost.exe
O4 - HKCU\..\Run: [nsdriver] C:\WINNT\system32\nssys32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\dioccvhj.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...d639ebbf2e73:e135dfcf3e8658d4c1290992e9c18074
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://67.72.100.27/dialerhost/download/NqnUWJyI/sexsoftware.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{81480E50-7D25-4D07-B9F8-D71769BA749D}: NameServer = 192.189.54.17 203.8.183.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINNT\system32\winwt32.exe
 
What are you, a masochist? Half your log is about CRAP. You have to be a LOT more responsible WHERE you serve!
I think you should update your Antivirus program, which dates from 2002!
If money is an issue, try the free AVG from www.grisoft.com ==>> UNinstall the old AV first!!

Boot in Safe Mode.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
winwt32.exe
winampa.exe
appxg32.exe
WinTaskAd.exe
WinSched.exe
iatr.exe
internat.exe
WebRebates1.exe
WebRebates0.exe
apjxzjm.exe
addlb.exe
apiel.exe
crxvymk.exe
svschost.exe ==>> watch the SPELLING <<==
mslaugh.exe
appxg32.exe
gzcpgwt.exe
nssys32.exe
angelex.exe

Next, UNinstall anything to do with this crap:
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Web_Rebates\WebRebates1.exe

Next, run HJT on its own and let it 'fix':
Running processes:
C:\WINNT\system32\winwt32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\appxg32.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Documents and Settings\Remy Gorgolon\Application Data\iatr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\fesns.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\fesns.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7BA9C52F-3A0D-2815-6A75-5375F628455D} - C:\WINNT\d3ym.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Update] apjxzjm.exe
O4 - HKLM\..\Run: [addlb.exe] C:\WINNT\system32\addlb.exe
O4 - HKLM\..\Run: [apiel.exe] C:\WINNT\system32\apiel.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] crxvymk.exe
O4 - HKLM\..\Run: [Configuration Loader] svschost.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [appxg32.exe] C:\WINNT\system32\appxg32.exe
O4 - HKLM\..\Run: [fvvelxdbb] C:\WINNT\System32\gzcpgwt.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [block buster] C:\Documents and Settings\Remy Gorgolon\Local Settings\Temp
O4 - HKLM\..\RunServices: [Microsoft Update] apjxzjm.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] crxvymk.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] apjxzjm.exe
O4 - HKCU\..\Run: [Aoia] C:\Documents and Settings\Remy Gorgolon\Application Data\iatr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] crxvymk.exe
O4 - HKCU\..\Run: [Configuration Loader] svschost.exe
O4 - HKCU\..\Run: [nsdriver] C:\WINNT\system32\nssys32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

ALL lines with O15 - Trusted ...
ALL lines with O16 - DPF ...

Unless these IP-addresses are from your ISP, also 'fix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{81480E50-7D25-4D07-B9F8-D71769BA749D}: NameServer = 192.189.54.17 203.8.183.1

O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINNT\system32\winwt32.exe

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
You MUST clean your Temp directory as well.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni
N
  • Locked
Inactive Possible remote control virus
Replies
2
Views
3K
Broni
Broni

Latest posts

Back