I need help plz - Free Antivirus Forum

I need help plz

BullGuard Antivirus Forum > Virus Removal > Removal Tools > I need help plz

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

efekt101
New Member

Date Joined Feb 2008
Total Posts : 35

Posted 7-6-2008 4:50 (GMT +2)

my computer is laggin very hard all of a sudden.

here my hijck log

Logfile of HijackThis v1.99.1
Scan saved at 7:49:14 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Inventory+.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\444.471
C:\WINDOWS\system32\uoyzsydz.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\21798.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\21798.exe
C:\WINDOWS\system32\bwbgtmvo.exe
C:\Documents and Settings\All Users\Application Data\fmdilwru\xwdgbmrq.exe
C:\WINDOWS\system32\olixds06\olixds061083.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\rhc36oj0eedv\rhc36oj0eedv.exe
C:\WINDOWS\system32\pphc76oj0eedv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: targetedbanner browser optimizer - {259e5650-e4a2-7ad6-b974-4410cbfbc525} - C:\WINDOWS\system32\xkjmglcpnkhyjwb.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [lphc76oj0eedv] C:\WINDOWS\system32\lphc76oj0eedv.exe
O4 - HKLM\..\Run: [SMrhc36oj0eedv] C:\Program Files\rhc36oj0eedv\rhc36oj0eedv.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [{39ed34db-d875-a077-10eb-13fb0d2c27ea}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xkjmglcpnkhyjwb.dll" DllStart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\21798.exe
O4 - HKCU\..\Run: [bzfuqspe] C:\WINDOWS\system32\bwbgtmvo.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntmkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jlwnw64n.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: ComHlp - {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\ComHlp.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-6-2008 5:16 (GMT +2)

Hello

scool

Download LSPFix from:

LSP-Fix Download Link

1. Once LSP-Fix is downloaded, extract the file to c:\lspfix.

2. Close all windows on your computer.

3. Navigate to c:\lspfix and run the lspfix.exe program.

4. Put a checkmark in the I know what I'm doing checkbox.

5. Now move all instances of WebHancer into the remove section by clicking on the button that points to the right (>>). Make sure that you ONLY move the particular file we identified previously and no other files as it can cause problems with your computer afterwards.

6. Press the finish button.

7. Then Reboot.

Click here - ->> http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-6-2008 8:00 (GMT +2)

Have lspfix to Remove - webhdll

Post your comments/questions in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Forum Information

Currently it is Friday, September 05, 2008 7:14 PM (GMT +2)
There are a total of 61.804 posts in 15.428 threads.
In the last 3 days there were 19 new threads and 61 reply posts. View Active Threads

Who's Online

This forum has 26353 registered members. Please welcome our newest member, mysterious_.
34 Guest(s), 0 Registered Member(s) are currently online. Details

5 Latest Threads

Choose you like (0)	05-09-2008 16:31:25 (cheap air jordan)
Removal of download misleadapp -what to do with hijackthis log- (8)	05-09-2008 13:19:11 (selflerner)
ROOTKIT PROBLEM, HELP PLEASE (5)	05-09-2008 12:44:35 (glass chameleon)
Google redirect virus and others (0)	05-09-2008 12:02:53 (k12k)
A lot of malwares and now my laptop don't run (1)	05-09-2008 11:05:23 (Touch)

Main: Antivirus | Antivirus Download | Buy Antivirus | Antivirus Info | Antivirus Support | Affiliates | Antivirus News | Press Releases | Virus Information

Others: Antivirus Software | Free Antivirus Download | Free Firewall | Online Backup | Computer Virus | Virus Scan

Copyright ©2001-2008 BullGuard Ltd., All rights reserved. Legal Terms & Privacy Policy

Need Support? Write to:

| Forum Help Manual

Download free trial version of Bullguard