Forum Home
Press F1
Thread ID: 94736	2008-11-10 12:21:00	HijackThis-result. Help plz	TheSecondSun (14300)	Press F1

Post ID	Timestamp	Content	User
719216	2008-11-10 12:21:00	Which ones to delete? thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:12:24, on 2008-11-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll (file missing) O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKLM\..\Run: [\YUR1B.exe] C:\Windows\system32\YUR1B.exe O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe O4 - HKLM\..\Policies\Explorer\Run: [F9TaciZkDU] C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: jenckf.dll O21 - SSODL: strdsc - {0BF78E20-F952-DA10-A777-0234D2541496} - C:\Program Files\qyhqunb\strdsc.dll O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- End of file - 3943 bytes	TheSecondSun (14300)
719217	2008-11-10 13:55:00	Hello SecondSun. It is 2.54am in New Zealand at the moment, so you won't be expecting any helpful reply for the next four / five hours. If you wish to have a general idea of your computer condition, you can take a peek here: http://www.hijackthis.de/ Cheers :)	Renmoo (66)
719218	2008-11-10 16:45:00	Remove all these, Then download www.malwarebytes.org and do a FULL scan P.S Upgrade you IE6 to version 7 C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll (file missing) O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKLM\..\Run: [\YUR1B.exe] C:\Windows\system32\YUR1B.exe O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe O4 - HKLM\..\Policies\Explorer\Run: [F9TaciZkDU] C:\Documents andSettings\All Users\Application Data\dgjklcts\rcncfipk.exe O20 - AppInit_DLLs: jenckf.dll O21 - SSODL: strdsc - {0BF78E20-F952-DA10-A777-0234D2541496} - C:\Program Files\qyhqunb\strdsc.dll	apsattv (7406)
719219	2008-11-10 18:25:00	These can be ticked as well O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Since you've installed trojan remover, update it if its not 6.7.4 (it was updated the other day) Then click on scan, then select all options under utilities	Speedy Gonzales (78)
1