hijack log...please help

Discussion in 'Windows Desktop Systems' started by bfontz, Aug 21, 2006.

  1. bfontz

    bfontz OSNN One Post Wonder

    Messages:
    9
    i do the scans and fix them but when i restart or shutdown my laptop they still are there...and i also have this annoying like sound clip sounds like an advertisement...you hear the sound but no pic...i also have this werid little white line on the top of my desktop..can get rid of it...please help thank you so much.. sorry somehow i cant attach the file i think...

    Logfile of HijackThis v1.99.1
    Scan saved at 11:33:13 PM, on 8/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ACS.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Byran Fontz\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe
    O4 - HKLM\..\Run: [kmxkeicA] C:\WINDOWS\kmxkeicA.exe
    O4 - HKLM\..\Run: [wzh3b525] RUNDLL32.EXE w88a9409.dll,n 0033b5220000000388a9409
    O4 - HKLM\..\Run: [sys010154555882] C:\WINDOWS\sys010154555882.exe
    O4 - HKLM\..\Run: [newname] c:\\nwnmff_11.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
    O4 - HKLM\..\RunOnce: [wXsX56B0n] cmd /c IF EXIST "C:\WINDOWS\system32\iqqr.exe" del /s /q "C:\WINDOWS\system32\iqqr.exe"
    O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154506927343
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\System32\ACS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
     
  2. BouncingSoul

    BouncingSoul Stranger Than Fiction Political User

    Messages:
    1,299
    Location:
    Sioux Falls, SD
    O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe
    O4 - HKLM\..\Run: [kmxkeicA] C:\WINDOWS\kmxkeicA.exe
    O4 - HKLM\..\Run: [wzh3b525] RUNDLL32.EXE w88a9409.dll,n 0033b5220000000388a9409
    O4 - HKLM\..\Run: [sys010154555882] C:\WINDOWS\sys010154555882.exe
    O4 - HKLM\..\Run: [newname] c:\\nwnmff_11.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
    O4 - HKLM\..\RunOnce: [wXsX56B0n] cmd /c IF EXIST "C:\WINDOWS\system32\iqqr.exe" del /s /q "C:\WINDOWS\system32\iqqr.exe"

    The Duce.exe entry is a trojan, the others I can't find much info on but they look like spyware. Generally if its a bunch of random letters and numbers .exe its spyware. The only thing you can do is google the name and see what comes up. You'll probably have to remove these in safe mode and then I'd do a spybot scan as well. Let us know what kind of results you get.