Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Help me now!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mr.Gon91

Mr.Gon91

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 11 May 2008 - 03:10 AM

Here my log
Logfile of HijackThis v1.99.1
Scan saved at 4:05:27 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe
C:\PROGRA~1\IEACCE~1\IEAccelerator.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\censtat.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xdict.exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
D:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\CTIServ.exe
C:\WINDOWS\SoundMan.exe
D:\AppServ\Apache2.2\bin\httpd.exe
D:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Microsoft\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
D:\Giganology\Gigaget\Gigaget.exe
C:\TDdownload\BHome1651.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\popo.exe
C:\TDdownload\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nhacso.net/
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: yxcsbhlp.dll - {25671234-7890-ABCD-CDEF-567801237652} - C:\WINDOWS\system32\yxcsbhlp.dll
O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F14A9773} - C:\WINDOWS\system32\mndscsrv.dll
O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - (no file)
O2 - BHO: oohxbbyt.dll - {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} - C:\WINDOWS\system32\oohxbbyt.dll
O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll
O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll
O2 - BHO: ypcqchlp.dll - {40AF1289-F140-A140-D012-C1458759FC04} - C:\WINDOWS\system32\ypcqchlp.dll
O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FFA349134} - C:\WINDOWS\system32\zywmdime.dll
O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll
O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll
O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [KillPorn] D:\KillPorn\KillPorn.exe
O4 - HKLM\..\Run: [Gigaget] "D:\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe
O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE
O4 - HKLM\..\Run: [issms32] C:\WINDOWS\issms32.exe
O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe
O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe
O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
O4 - HKLM\..\Run: [xlmdtbzw] C:\WINDOWS\ldbwibto.exe
O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe
O4 - HKLM\..\Run: [cinfonmc] C:\WINDOWS\cinfonmc.exe
O4 - HKLM\..\Run: [SoundMan] SoundMan.exe
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: censtat.exe
O4 - Global Startup: xdict.exe
O8 - Extra context menu item: &Download All by Gigaget - D:\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: English<->Vietnamese - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.bro.vn/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{662EF261-6801-4F9F-A87B-47BBEE702739}: NameServer = 203.162.0.181,203.162.0.11
O20 - AppInit_DLLs: gfcfg.dll,drthte.dll,yjrfe.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt
.dll,hfther.dll,segtrgh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll
,
xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,ser
g
hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll
,
xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.d
l
l,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,
y
dgn.dll,dbfb.dll,fjnbv.dll,rthderr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkh
j
.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ekt
v
m.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hk
f
gh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghj
k
dr.dll,hnfgs.dll,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Apache2.2 - Unknown owner - D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\system32\interne.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Have anyone help me now?PLz

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 17 May 2008 - 07:16 AM

Posted Image

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 01 June 2008 - 03:18 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users