Mobius Forum Archive

So who wants to hel...
 
Notifications
Clear all

So who wants to help me get rid of some spyware?

6 Posts
6 Users
0 Reactions
71 Views
(@divinedragoonkain)
Posts: 530
Honorable Member
Topic starter
 

Having annoying pop-ups constantly whether I'm surfing or not. Here's my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 5:49:42 PM, on 5/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: WINNTSystem32smss.exe
C: WINNTsystem32winlogon.exe
C: WINNTsystem32services.exe
C: WINNTsystem32lsass.exe
C: WINNTsystem32svchost.exe
C: WINNTSystem32svchost.exe
C: WINNTExplorer.EXE
C: WINNTsystem32spoolsv.exe
C: WINNTsystem32LxrJD31s.exe
C: Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C: WINNTgdzxuyw.exe
C: WINNTSystem32wltrysvc.exe
C: WINNTSystem32bcmwltry.exe
C: WINNTSystem32ctfmon.exe
C: Program FilesSynapticsSynTPSynTPLpr.exe
C: Program FilesSynapticsSynTPSynTPEnh.exe
C: Program FilesDigital Media Readershwicon2k.exe
C: Program FilesQuickTimeqttask.exe
C: Program FilesBroadJumpClient FoundationCFD.exe
C: Program FilesNetopiaC3kWEPn.exe
C: WINNTSystem32igfxtray.exe
C: WINNTSystem32hkcmd.exe
C: Program FilesJavajre1.5.0_03binjusched.exe
C: Program Filesoutlookoutlook.exe
C: WINNTgdzxuywA.exe
C: WINNTSYSC00.exe
C: WINNTms076312-105974.exe
C: WINNTSystem32rundll32.exe
C: WINNTSystem32RUNDLL32.EXE
C: winntsystem32pndsregk.exe
C: WINNTSystem32kwinoqaf.exe
C: PROGRA~1MOZILL~1FIREFOX.EXE
C: Program FilesLimeWireLimeWire.exe
C: Program FilesInternet Exploreriexplore.exe
C: Documents and SettingsOwnerLocal SettingsTempTemporary Directory 3 for hijackthis.zipHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.sleekcom.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gateway.net
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Sleekcom.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 218.234.165.55:8080
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C: WINNTSystem32fipct.exe
F2 - REG:system.ini: UserInit=C: WINNTsystem32userinit.exe,pdvgeqj.exe
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C: Program FilesNewDotNetnewdotnet6_38.dll
O2 - BHO: SDWin32 Class - {D29AAD01-FEB6-480C-846A-37FF1FB7319E} - C: WINNTSystem32oyeyg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: WINNTSystem32msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C: Program FilesSave FlashSaveFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SynTPLpr] C: Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C: Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SunKist] C: Program FilesDigital Media Readershwicon2k.exe
O4 - HKLM..Run: [Gateway Extended Warranty] "C: Program FilesGatewayGWCaresGWCares.exe"
O4 - HKLM..Run: [QuickTime Task] "C: Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BJCFD] C: Program FilesBroadJumpClient FoundationCFD.exe
O4 - HKLM..Run: [C2kWep] C: Program FilesNetopiaC3kWEPn.exe
O4 - HKLM..Run: [igfxtray] C: WINNTSystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C: WINNTSystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C: WINNTSystem32igfxpers.exe
O4 - HKLM..Run: [HotKeysCmds] C: WINNTSystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C: Program FilesJavajre1.5.0_03binjusched.exe
O4 - HKLM..Run: [outlook] C: Program Filesoutlookoutlook.exe /auto
O4 - HKLM..Run: [gdzxuywA] C: WINNTgdzxuywA.exe
O4 - HKLM..Run: [TheMonitor] C: WINNTSYSC00.exe
O4 - HKLM..Run: [ms076312-105974] C: WINNTms076312-105974.exe
O4 - HKLM..Run: [New.net Startup] rundll32 C: PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM..Run: [wd836248.dll] RUNDLL32.EXE wd836248.dll,I2 000b7dd20d836248
O4 - HKLM..Run: [{58-8D-DF-F8-ZN}] C: winntsystem32pndsregk.exe CORN004
O4 - HKLM..Run: [oyeygc] C: WINNTSystem32oyeygc.exe
O4 - HKLM..Run: [BrowserUpdateSched] C: WINNTSystem32kwinoqaf.exe CORN004
O4 - HKLM..Run: [winlog] winlog.exe
O4 - HKLM..RunServices: [winlog] winlog.exe
O4 - HKCU..Run: [ctfmon.exe] C: WINNTSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C: Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Windows Update] C: WINNTSystem32winupd.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Zeno.lnk = C: WINNTsystem32kwinoqaf.exe
O4 - Startup: Z_Start.lnk = C: WINNTsystem32dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C: Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C: PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C: Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C: Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C: Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: WINNTSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: WINNTSystem32msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C: WINNTSystem32dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C: WINNTSystem32dmonwv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C: Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: WINNTSystem32Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=www.sleekcom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C: Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - mathxl.com/wizmodules/tes...nstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - s/PearsonInstallAsst.cab">www.mathxl.com/***s/Pe...llAsst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/act...asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C: Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C: PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C: WINNTSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: MCD - C: WINNTsystem32mnbsync.dll (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C: WINNTSYSTEM32LxrJD31s.exe
O23 - Service: mstlsapi32 - Unknown owner - C: WINNTmstlsapi32.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C: Program FilesNetwork Monitornetmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C: WINNTgdzxuyw.exe
O23 - Service: WLTRYSVC - Unknown owner - C: WINNTSystem32wltrysvc.exe

 
(@weirdo)
Posts: 131
Estimable Member
 

MDM.Exe seems to be a virus. It shouldn't be in the location it is. o_O Mind you I'm not certain...

EDIT: Yeah, finding conflicting info about it all over the shop. Best leave it alone.

As for gdzxuyw.exe and similar random letter ones, I can't find any information about them...... I'd suggest doing the standard procedure and see if that helps first. IE, boot in safe mode, run adaware or similar anti spyware software and antivirus software ( I recommend AVG for that. ).

 
(@dreamer-of-nights)
Posts: 2354
Noble Member
 

You can also try Anti Vir as well. It's somewhat better than AVG.

 
(@Anonymous)
Posts: 0
New Member Guest
 

o_____O
JESUS CHRIST.

 
(@sandygunfox)
Posts: 3468
Famed Member
 

Disable emoticons. XD

 
(@hiro0015)
Posts: 2915
Famed Member
 

XD...

Why are you so happy DDK?

 
Share: