Hijack this log...please help!!!!!!!!

[evilrodyle]

Alright well Im not sure if i got a keylogger on my comp so cdub reffered me to this. Well he told me to scan...post the log here on tip and maybe somoene can kindly tell me if I have one of these vicious loggers....

 

 

 

 

 

well..here it is...do ur work and if u get rid of the logger I will eternily love u!!!!

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 4:24:21 PM, on 8/23/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: Executable File]

 

c:\progra~1\mcafee\mcafee antispyware\massrv[Caution: Executable File]

 

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService[Caution: Executable File]

 

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: Executable File]

 

C:\Program Files\Digital Media Reader\shwiconem[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\Program Files\Common Files\AOL\1133115981\ee\AOLSoftware[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

C:\WINDOWS\system32\rundll32[Caution: Executable File]

 

C:\Program Files\Microsoft IntelliType Pro\type32[Caution: Executable File]

 

C:\Program Files\Microsoft IntelliPoint\point32[Caution: Executable File]

 

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent[Caution: Executable File]

 

C:\progra~1\mcafee\MCAFEE~1\masalert[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: Executable File]

 

C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: Executable File]

 

C:\WINDOWS\SOUNDMAN[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\McAfee\McAfee QuickClean\Plguni[Caution: Executable File]

 

C:\Program Files\BigFix\BigFix[Caution: Executable File]

 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

 

C:\Program Files\HP\Digital Imaging\bin\hpqgalry[Caution: Executable File]

 

C:\Program Files\Ares\Ares[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI[Caution: Executable File]

 

c:\program files\common files\aol\1133115981\ee\aim6[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: Executable File]

 

C:\WINDOWS\system32\NOTEPAD[Caution: Executable File]

 

C:\WINDOWS\system32\NOTEPAD[Caution: Executable File]

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

 

O2 - BHO: (no name) - {5ba33e5f-db68-4131-87f0-10d965a51330} - C:\WINDOWS\system32\fsust10.dll

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: Executable File]"

 

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem[Caution: Executable File]

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: Executable File]

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

 

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133115981\ee\AOLSoftware[Caution: Executable File]

 

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BYC7J1WD\WinFixerScannerInstall[1][Caution: Executable File]" -nag

 

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent

 

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32[Caution: Executable File]"

 

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32[Caution: Executable File]"

 

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct[Caution: Executable File] /startup

 

O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert[Caution: Executable File]

 

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

 

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: Executable File]"

 

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: Executable File]"

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: Executable File]

 

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins[Caution: Executable File] /v=3 /cleanup

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni[Caution: Executable File] /START

 

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix[Caution: Executable File]

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08[Caution: Executable File]

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

 

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

 

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

 

O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/downl ... st_Win.cab

 

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab

 

O20 - Winlogon Notify: fsust10 - C:\WINDOWS\SYSTEM32\fsust10.dll

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: Executable File]

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv[Caution: Executable File]

 

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService[Caution: Executable File]

 

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr[Caution: Executable File]

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: Executable File]

 

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

[weezcake]

O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BYC7J1WD\WinFixerScannerInstall[1][Caution: Executable File]" -nag

 

 

 

That's an annoying piece of spyware there. :x Your norton or mcafee didn't pick it up? Try removing it through add/remove and deleting your temp. internet files. Do this in safe mode.

 

 

 

And also, try this:

 

 

 

http://vil.nai.com/vil/content/v_127690.htm

 

 

 

-----------------------

 

 

 

O2 - BHO: (no name) - {5ba33e5f-db68-4131-87f0-10d965a51330} - C:\WINDOWS\system32\fsust10.dll

 

 

 

I'm not exactly sure what this is.. but it looks a bit suspicious to me. I couldn't find anything on it on google. Anyone else?

[evilrodyle]

O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BYC7J1WD\WinFixerScannerInstall[1][Caution: Executable File]" -nag

 

 

 

That's an annoying piece of spyware there. :x Your norton or mcafee didn't pick it up? Try removing it through add/remove and deleting your temp. internet files. Do this in safe mode.

 

 

 

And also, try this:

 

 

 

http://vil.nai.com/vil/content/v_127690.htm

 

 

 

-----------------------

 

 

 

O2 - BHO: (no name) - {5ba33e5f-db68-4131-87f0-10d965a51330} - C:\WINDOWS\system32\fsust10.dll

 

 

 

I'm not exactly sure what this is.. but it looks a bit suspicious to me. I couldn't find anything on it on google. Anyone else?

 

 

 

Ty but how do i remove this vicious spywary like thingy :-s I know what you said but...lol I forget how to do it. Yup im computer illiterate :

[evilrodyle]

anyone else hellllp??? cdub said albosky is good at this so plzz come.. :pray:

[evilrodyle]

bump...cmon someone give me a lil more help :pray:

[weezcake]

Try this.

 

 

 

http://www.symantec.com/security_respon ... 10-3747-99

 

 

 

WinFixer should be the Vundo virus, if I read correctly. That page should have step by step instructions.

[evilrodyle]

 

 

 

 

 

: : :

[weezcake]

I assume you've run anti-spyware and anti-virus programs?

 

 

 

If so, please post another hijackthis log and I'll check it again.

[mrflea]

Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

Just coming from experience, I would clean my Java/Sun folder, found more than a few goodies there

[evilrodyle]

Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

Just coming from experience, I would clean my Java/Sun folder, found more than a few goodies there

 

 

 

phats???? :D