Need help with possible virus (with hijackthis log)

bmxrider · May 3, 2006

ok, it started out with a "Search" toolbar suddendly appearing and i got rid of that, but now I get pop ups everyonce in a while just out of nowhere even if no windows r open and the comp is just sitting there :wink: and some pages when they load they will have an ad on the top and bottom of the page, it looks like it added right into the page but for example, i open up "Media Forum" there wont be these ads, but then i open a topic in that forum and boom they appear on the page (picture of this at bottom of post)

i use windows 2000 and here is a hijackthis log

Logfile of HijackThis v1.99.1

Scan saved at 7:37:55 PM, on 5/3/2006

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss[Caution: Executable File]

C:\WINNT\system32\winlogon[Caution: Executable File]

C:\WINNT\system32\services[Caution: Executable File]

C:\WINNT\system32\lsass[Caution: Executable File]

C:\WINNT\system32\svchost[Caution: Executable File]

C:\WINNT\system32\spoolsv[Caution: Executable File]

C:\WINNT\System32\svchost[Caution: Executable File]

C:\WINNT\system32\regsvc[Caution: Executable File]

C:\WINNT\system32\MSTask[Caution: Executable File]

C:\WINNT\uqjoyxw[Caution: Executable File]

C:\WINNT\System32\WBEM\WinMgmt[Caution: Executable File]

C:\WINNT\Explorer[Caution: Executable File]

C:\WINNT\loadqm[Caution: Executable File]

C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau[Caution: Executable File]

C:\WINNT\uqjoyxwA[Caution: Executable File]

C:\WINNT\SYSC00[Caution: Executable File]

C:\WINNT\ms0502916-7360[Caution: Executable File]

C:\Program Files\McAfee\McAfee VirusScan\alogserv[Caution: Executable File]

C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]

C:\PROGRA~1\AIM\aim[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray[Caution: Executable File]

C:\Documents and Settings\Wally\My Documents\My Received Files\HijackThis[Caution: Executable File]

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {CC0E0EB1-69B3-48C0-B4C3-2C5FD137E762} - C:\Program Files\Internet Explorer\hozemo.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: Executable File] /logon

O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: Executable File]

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau[Caution: Executable File]"

O4 - HKLM\..\Run: [keyboard] c:\\keyboard16[Caution: Executable File]

O4 - HKLM\..\Run: [mousepad] c:\\mousepad16[Caution: Executable File]

O4 - HKLM\..\Run: [uqjoyxwA] C:\WINNT\uqjoyxwA[Caution: Executable File]

O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00[Caution: Executable File]

O4 - HKLM\..\Run: [ms0502916-7360] C:\WINNT\ms0502916-7360[Caution: Executable File]

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv[Caution: Executable File]

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1[Caution: Executable File]" -quiet

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim[Caution: Executable File] -cnetwait.odl

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File]

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: Executable File]

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger[Caution: Executable File]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6282923123

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr[Caution: Executable File]

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: Executable File]

O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield[Caution: Executable File]

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon[Caution: Executable File] (file missing)

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\uqjoyxw[Caution: Executable File]

so if anybody could help me get rid of this id be so grateful

Mercifull · May 4, 2006

I would love to help but alas i cant read your post because you have done it in a stupid colour.

I'll presume you have already scanned for viruses in safemode, scanned with Ad-aware and also with spybot before making this topic as it says in the stickies.

Also note that you have NO firewall installed on your PC and your version of Windows is horribly out of date (i dont mean 2000/XP i mean in security patch sense)

Ctrl+Alt+Delete and end these...

C:\WINNT\uqjoyxw[Caution: Executable File]

C:\WINNT\uqjoyxwA[Caution: Executable File]

C:\WINNT\SYSC00[Caution: Executable File]

C:\WINNT\ms0502916-7360[Caution: Executable File]

Fix the following