[Closed] Help me now!

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] Help me now!

Options

Mr.Gon91 View Member Profile	May 11 2008, 03:10 AM Post #1
New Member Group: New Member Posts: 7 Joined: 9-February 08 Member No.: 76,706 Operating System: Windows XP SP3	Here my log Logfile of HijackThis v1.99.1 Scan saved at 4:05:27 PM, on 5/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe C:\PROGRA~1\IEACCE~1\IEAccelerator.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\censtat.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xdict.exe C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe D:\AppServ\Apache2.2\bin\httpd.exe C:\WINDOWS\CTIServ.exe C:\WINDOWS\SoundMan.exe D:\AppServ\Apache2.2\bin\httpd.exe D:\AppServ\MySQL\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\find.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\Microsoft\svchost.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe C:\WINDOWS\system32\net1.exe D:\Giganology\Gigaget\Gigaget.exe C:\TDdownload\BHome1651.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe C:\WINDOWS\system32\net1.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\popo.exe C:\TDdownload\hijackthis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nhacso.net/ F2 - REG:system.ini: UserInit=Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: yxcsbhlp.dll - {25671234-7890-ABCD-CDEF-567801237652} - C:\WINDOWS\system32\yxcsbhlp.dll O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F14A9773} - C:\WINDOWS\system32\mndscsrv.dll O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - (no file) O2 - BHO: oohxbbyt.dll - {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} - C:\WINDOWS\system32\oohxbbyt.dll O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll O2 - BHO: ypcqchlp.dll - {40AF1289-F140-A140-D012-C1458759FC04} - C:\WINDOWS\system32\ypcqchlp.dll O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FFA349134} - C:\WINDOWS\system32\zywmdime.dll O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto O4 - HKLM\..\Run: [KillPorn] D:\KillPorn\KillPorn.exe O4 - HKLM\..\Run: [Gigaget] "D:\Giganology\Gigaget\GigagetShell.exe" /s O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE O4 - HKLM\..\Run: [issms32] C:\WINDOWS\issms32.exe O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe O4 - HKLM\..\Run: [xlmdtbzw] C:\WINDOWS\ldbwibto.exe O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe O4 - HKLM\..\Run: [cinfonmc] C:\WINDOWS\cinfonmc.exe O4 - HKLM\..\Run: [SoundMan] SoundMan.exe O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: censtat.exe O4 - Global Startup: xdict.exe O8 - Extra context menu item: &Download All by Gigaget - D:\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - D:\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: English<->Vietnamese - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm O9 - Extra 'Tools' menuitem: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.bro.vn/com/EGamesPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{662EF261-6801-4F9F-A87B-47BBEE702739}: NameServer = 203.162.0.181,203.162.0.11 O20 - AppInit_DLLs: gfcfg.dll,drthte.dll,yjrfe.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt .dll,hfther.dll,segtrgh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll , xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,ser g hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll , xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.d l l,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll, y dgn.dll,dbfb.dll,fjnbv.dll,rthderr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkh j .dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ekt v m.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hk f gh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghj k dr.dll,hnfgs.dll, O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Apache2.2 - Unknown owner - D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing) O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\system32\interne.exe (file missing) O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe Have anyone help me now?PLz

LDTate View Member Profile	May 17 2008, 07:16 AM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

LDTate View Member Profile	Jun 1 2008, 03:18 PM Post #3
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] How do I get rid of OFFERFORTODAY	8	ron_d	127	Today, 02:26 PM Last post by: Tomk
HijackThis™ Logs and Infections Removal [Resolved] Pretty sure Koobface virus has a hold of my laptop 12	20	xesist	183	Today, 01:42 PM Last post by: jpshortstuff
HijackThis™ Logs and Infections Removal [Resolved] Trojan.Vundo + Fixed part of it and now I get BUNCH of 12	15	Parth	124	Today, 10:29 AM Last post by: Rorschach112
HijackThis™ Logs and Infections Removal [Closed] HJT Log - Please help, so so many popups	6	Pepito00	79	Today, 09:00 AM Last post by: BHowett