Question:
Hijack this log. What is wrong with my computer?
Acrosstheuniverse2393
2008-07-03 00:30:42 UTC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:29:04, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080616
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {48ABE9D7-B8CD-470A-BA1E-CA66CB6FEEF0} - C:\WINDOWS\system32\khfCvttt.dll (file missing)
O2 - BHO: (no name) - {4AAE8F69-E0CE-4391-9D08-D41F94F12972} - C:\WINDOWS\system32\urqomjig.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {96d596de-4844-852b-b744-5badaa51b357} - {753b15aa-dab5-447b-b258-4484ed695d69} - C:\WINDOWS\system32\btxvwwug.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9831CBC1-E21D-4F7E-BCF4-243845B1769D} - C:\WINDOWS\system32\ljJYsQig.dll (file missing)
O2 - BHO: (no name) - {9F5F33BD-1831-491C-9A2B-6B69FDFA1EEB} - C:\WINDOWS\system32\qoMdEXPH.dll (file missing)
O2 - BHO: (no name) - {A3AD2494-3CEF-4026-8E79-89B37D4ABF48} - C:\WINDOWS\system32\ddcYqopM.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\opnlMgfg.dll (file missing)
O2 - BHO: (no name) - {C10748D9-AFBB-4021-917D-53161357D8A0} - C:\WINDOWS\system32\opnnkjgG.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [80cd3102] rundll32.exe "C:\WINDOWS\system32\ykadnfuu.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SMrhctrpj0erc1] C:\Program Files\rhctrpj0erc1\rhctrpj0erc1.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA806] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC13] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4767] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2038] cmd /c del "C:\WINDOWS\pskt.ini"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6740] command /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7644] cmd /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3067] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7391] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1849] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4141] cmd /c del "C:\WINDOWS\pskt.ini"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214496151625
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8204 bytes
Five answers:
DavidSr P
2008-07-03 01:26:51 UTC
When in doubt go to the source. The following should help. I have included the web page link.



Each line in a HijackThis log starts with a section name. (For technical information on this, click ‘Info’ in the main window and scroll down. Highlight a line and click ‘More info on this item’.) For practical information, click the section name you need help with:



* R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs

* F0, F1 - Autoloading programs

* F2, F3 - Autoloading programs mapped to the Registry

* N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs

* O1 - Hosts file redirection

* O2 - Browser Helper Objects

* O3 - Internet Explorer toolbars

* O4 - Autoloading programs from Registry

* O5 - IE Options icon not visible in Control Panel

* O6 - IE Options access restricted by Administrator

* O7 - Regedit access restricted by Administrator

* O8 - Extra items in IE right-click menu

* O9 - Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’ menu

* O10 - Winsock hijacker

* O11 - Extra group in IE ‘Advanced Options’ window

* O12 - IE plugins

* O13 - IE DefaultPrefix hijack

* O14 - ‘Reset Web Settings’ hijack

* O15 - Unwanted site in Trusted Zone

* O16 - ActiveX Objects (aka Downloaded Program Files)

* O17 - Lop.com domain hijackers

* O18 - Extra protocols and protocol hijackers

* O19 - User style sheet hijack

* O20 - AppInit_DLLs Registry value autorun

* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key

* O22 - SharedTaskScheduler autorun Registry key

* O23 - Services

* O24 - ActiveX Desktop Components
2016-12-11 14:13:00 UTC
properly, before everything, we could desire to appreciate greater approximately your computing device. how briskly is it? How lots reminiscence? How lots area is left on your not undemanding stress? What utility did you employ to examine it? distinctive issues impact the cost of your computing device. What classes do you have commencing at boot-up? all of them use equipment materials, so in case you have not lots reminiscence, then you definately could be drained that way. What scanning utility did you employ? Did you attempt basically one? maximum unfastened secret agent ware utility do not locate all the situations, so it particularly is wise to run a pair of different ones. i'm exceptionally fortunate working adaware and spybot the two. have you ever accomplished an entire anti-virus test? in case you have not have been given the utility, attempt downloading the unfastened ClamAV. it particularly is open source, and very properly maintained.
dafrawg
2008-07-03 00:43:36 UTC
These entries look bad to me, but I'm not sure what the entries marked SpybotDeleting are meant for.



O2 - BHO: (no name) - {48ABE9D7-B8CD-470A-BA1E-CA66CB6FEEF0} - C:\WINDOWS\system32\khfCvttt.dll (file missing)

O2 - BHO: (no name) - {4AAE8F69-E0CE-4391-9D08-D41F94F12972} - C:\WINDOWS\system32\urqomjig.dll (file missing)

O2 - BHO: {96d596de-4844-852b-b744-5badaa51b357} - {753b15aa-dab5-447b-b258-4484ed695d69} - C:\WINDOWS\system32\btxvwwug.dll (file missing)

O2 - BHO: (no name) - {9831CBC1-E21D-4F7E-BCF4-243845B1769D} - C:\WINDOWS\system32\ljJYsQig.dll (file missing)

O2 - BHO: (no name) - {9F5F33BD-1831-491C-9A2B-6B69FDFA1EEB} - C:\WINDOWS\system32\qoMdEXPH.dll (file missing)

O2 - BHO: (no name) - {A3AD2494-3CEF-4026-8E79-89B37D4ABF48} - C:\WINDOWS\system32\ddcYqopM.dll (file missing)

O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\opnlMgfg.dll (file missing)

O2 - BHO: (no name) - {C10748D9-AFBB-4021-917D-53161357D8A0} - C:\WINDOWS\system32\opnnkjgG.dll (file missing)

O4 - HKLM\..\Run: [80cd3102] rundll32.exe "C:\WINDOWS\system32\ykadnfuu.dll",b

O4 - HKLM\..\Run: [SMrhctrpj0erc1] C:\Program Files\rhctrpj0erc1\rhctrpj0erc1.exe

O4 - HKLM\..\RunOnce: [SpybotDeletingA806] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"

O4 - HKLM\..\RunOnce: [SpybotDeletingC13] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"

O4 - HKLM\..\RunOnce: [SpybotDeletingA4767] command /c del "C:\WINDOWS\pskt.ini"

O4 - HKLM\..\RunOnce: [SpybotDeletingC2038] cmd /c del "C:\WINDOWS\pskt.ini"

O4 - HKCU\..\RunOnce: [SpybotDeletingB6740] command /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"

O4 - HKCU\..\RunOnce: [SpybotDeletingD7644] cmd /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"

O4 - HKCU\..\RunOnce: [SpybotDeletingB3067] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"

O4 - HKCU\..\RunOnce: [SpybotDeletingD7391] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"

O4 - HKCU\..\RunOnce: [SpybotDeletingB1849] command /c del "C:\WINDOWS\pskt.ini"

O4 - HKCU\..\RunOnce: [SpybotDeletingD4141] cmd /c del "C:\WINDOWS\pskt.ini"
David Carter
2008-07-03 00:36:54 UTC
spy bot and the logs that say file missing and stuff that looks like it shouldnt be there its a virus spy boot i think i sa virus it self
Blåck
2008-07-03 00:36:03 UTC
restart computer immediately, and run both virus scanner, ad-aware, and spybot, something is ******* with your registry, (BAD **** IS HAPPENING)


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...