Results 1 to 8 of 8

Thread: Hijack This Again

  1. #1
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238

    Angry Hijack This Again

    hey its me again. been having some problems with spyware. so i ran hijack this. so here you go.


    Logfile of HijackThis v1.99.1
    Scan saved at 12:33:34 PM, on 5/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\PaperCut Print Logger\pcpl.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Hijack This\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: Popup Free - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - blank (file missing)
    O2 - BHO: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {F1C734A0-D7E3-483F-912B-34B146ADD6A8} - C:\WINDOWS\system32\kooqhalc.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: (no name) - {FFA6940C-EBF4-4DC7-BB16-6EFC1118C770} - C:\WINDOWS\system32\kooqhalc.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
    O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PaperCut Print Logger (PCPrintLogger) - Unknown owner - C:\Program Files\PaperCut Print Logger\pcpl.exe" PCPrintLogger (file missing)
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe


    theres this one called kooqhalc.dll i googled it and theres no info on it. i have no idea what it is. i fixed it but it came back twice. . see im having problems with what i think is spyware. theres this little blue question mark that flashes red in the system tray. click on it and it opens ie. i have mcafee site advisor. and the site it takes me to is marked red. i ran a virus scan and, im not surprised by this, picked up several more viruses. it seems as though i can not completely get rid of them. i havent been workin on this computer latley. so i havent been keepin it clean because ive been messin with this other pos that i have. i think its about time i completely cleaned this machine. so give me all of the best free antivirus antispyware antiadware or anti anything else i need to get. once this baby is clean. im jackin the wireless adapter. just to be sure.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    winwly32.dll

    crapware

    How are you cleaning your machine??

    Are you using safe mode??

    DAP..........some kinda download manager???

    Personally I have never understood how a piece of software can speed up a connection limited by hardware :?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Are you cleaning this one out in safe mode or when the system is fully up? Try removing it in safe mode..
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    oh yah...and disable system restore??

    they like to hide in there too

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    For starters, as MLF advises, you need to disable the System restore.

    Start/Control Panel/System....select the "system restore" tab, check off the box marked for "Turn off System Restore".

    Ok out and reboot, this will flush the restore points.

    Then use Ccleaner to clear out all the little crap and use the feature for your start ups (04's), you have a lot starting up.

    Then do another Hijack This scan and post it here, or you can go to http://www.trendsecure.com/portal/en...hijackthis.php

    and follow their little tutorial on what to do and then you can start to fix the log entries.

    If these show up again, go ahead and have the tool remove them.
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: Popup Free - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - blank (file missing)
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


    After you have cleaned everything out, make sure you do a manual restore point...

    HTH...
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    You should check this out http://www.hijackthis.de/

    post your log file in the box and hit 'analyze' check output. I would recommend cleaning your system.

    Cheers,CN22

  7. #7
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238
    alrighty then. thanks for the quick responses. i have ccleaner, advanced windows care, and a trial version of registry mechanic 6. i havent run any of them in safe mode until now. im not sure how to create a manual restore point. i still dont know what this kooqhalc.dll is and neither does hijackthis.de i still have this little blinking ? in the system tray. i am 100% certain that its spyware. and mcafee seems to think the same. im gonna try and run the antivirus in safe mode. but this time im gonna save a log or something of everything it picks up and post. just to know to get a little bit more info on whatever it is im infected with. that hijackthis.de site was a great help in determining what to fix. ill have to bookmark it i think i need more powerful cleaning software so if u guys know of any free ones that could be a great help. i need anti everything thanks ill keep u guys posted

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Quote Originally Posted by chaosclown
    alrighty then. thanks for the quick responses. i have ccleaner, advanced windows care, and a trial version of registry mechanic 6. i havent run any of them in safe mode until now. im not sure how to create a manual restore point. i still dont know what this kooqhalc.dll is and neither does hijackthis.de i still have this little blinking ? in the system tray. i am 100% certain that its spyware. and mcafee seems to think the same. im gonna try and run the antivirus in safe mode. but this time im gonna save a log or something of everything it picks up and post. just to know to get a little bit more info on whatever it is im infected with. that hijackthis.de site was a great help in determining what to fix. ill have to bookmark it i think i need more powerful cleaning software so if u guys know of any free ones that could be a great help. i need anti everything thanks ill keep u guys posted
    Hi

    First...WinXP handles the registry just fine, IMHO you don't need Registry Mechanic 6, if you understand what it is it does to your registry settings then fair dinkum, but all you really need to clean out the registry of orphaned files is Ccleaner (under issues).

    To create a manual restore point you need to go into Start\Programs\Accessories\System Tools\System Restore, it will open an interface where you can "create a restore point".

    kooqhalc.dll which version of messenger are you using, is it 3 or plus, and if so did you install everything that came with it....if you did then you didn't uncheck the option to not "install" 3rd party software, most notably LOP crap... http://www.spywareinfo.com/newslette...une-2003/3.php

    Also if you are having trouble deleting files try this. Killbox
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Similar Threads

  1. Hijack this forum?
    By JonnyFrond in forum Site Feedback/Questions/Suggestions
    Replies: 5
    Last Post: February 2nd, 2006, 11:13 AM
  2. Hijack This log analyzer...
    By Locked in forum Spyware / Adware
    Replies: 1
    Last Post: February 1st, 2006, 08:41 AM
  3. msconfig>startup and hijack this logs
    By kyrios in forum Spyware / Adware
    Replies: 21
    Last Post: March 22nd, 2005, 11:14 PM
  4. Hijack This usage
    By Soda_Popinsky in forum The Security Tutorials Forum
    Replies: 7
    Last Post: August 6th, 2004, 06:30 AM
  5. Browser hijack method
    By Soda_Popinsky in forum Microsoft Security Discussions
    Replies: 6
    Last Post: May 20th, 2004, 08:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •