Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > System32 problems & gibberish exe's

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

System32 problems & gibberish exe's

Reply to Message Icon

Name: Bejesus
Date: January 7, 2004 at 11:49:38 Pacific
OS: Windows XP
CPU/Ram: Athlon 2400/256MB
Comment:

Right, well.. Ad-aware & Spybot haven't worked for me. I'm posting a hijackthis log if it'll help. I currently have three niggling problems that won't go away. Namely:

1: Gibberish exe's (dobbxj, aiqkwlze, etc) that persist in hanging around, slowing my computer's startup. I couldn't guess where they came from, nor how to properly get rid of them.

2: The System32 folder opening at startup for no particular reason.

3: Comwiz.exe & Winnet.exe will NOT LEAVE ME BE. I just can't get rid of the damn things.

Any help would be appreciated.

---

Logfile of HijackThis v1.97.7
Scan saved at 3:28:20 PM, on 07/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\nhrqfwhv.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\System32\dobbxj.exe
C:\WINDOWS\System32\aiqkwlze.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nerrde.exe
C:\WINDOWS\system32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\xseventf.exe
C:\Program Files\ICQPlus\vplus.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aintitcoolnews.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aintitcoolnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.aintitcoolnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://game%20channel/
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {35FA871F-0D56-80B5-016C-CF5BBE3AFAF2} - C:\WINDOWS\system32\ppqlsafy.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {7E600446-2123-4CC9-A69D-7EEC55AB9956} - C:\Program Files\Popup killer for IE\PUK.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\System32\ssurf022.dll
O2 - BHO: (no name) - {d9a1d9cb-9d57-4ce4-a260-83de46e9b12f} - C:\DOCUME~1\Owner\APPLIC~1\esttfcrboo.dll
O2 - BHO: (no name) - {FBD193BF-DADE-D7DA-93CC-EFB8791CB05E} - C:\WINDOWS\system32\vrivbkvq.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\BCNT.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [svchosts] svchosts.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [kyasdazc] C:\WINDOWS\nhrqfwhv.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [FHC] C:\Program Files\Free History Cleaner\FreeHistoryCleaner.exe
O4 - HKLM\..\Run: [f] C:\WINDOWS\System32\dobbxj.exe
O4 - HKLM\..\Run: [h] C:\WINDOWS\System32\mlaytl.exe
O4 - HKLM\..\Run: [kfgirfcs] C:\WINDOWS\System32\aiqkwlze.exe
O4 - HKLM\..\Run: [NEUHUYPP] C:\WINDOWS\NEUHUYPP.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
O4 - HKLM\..\Run: [ELOU] C:\WINDOWS\ELOU.exe
O4 - HKLM\..\Run: [MTZGQK] C:\WINDOWS\MTZGQK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nerrde] C:\WINDOWS\System32\nerrde.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [xseventf] C:\WINDOWS\System32\xseventf.exe
O4 - HKLM\..\RunServices: [svchosts] svchosts.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - Startup: Drempels Desktop.lnk = C:\WINDOWS\drempels.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://directplugin.com/dialers/111832.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {445DCF30-5EBE-25CF-DD26-A286CDC57DA3} (DownloadUL Class) - http://public.searchbarcash.com/cab/015/aqqunrih.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9D3676C7-5297-45BB-8124-5A76D95DBB1F} (shizmoo2 Class) - http://www.kungfuchess.com/activex/web2_39.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FE2D272-61F4-470E-82D4-A393BB809B77}: NameServer = 142.177.1.2 142.177.129.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FE2D272-61F4-470E-82D4-A393BB809B77}: NameServer = 142.177.1.2 142.177.129.11



Sponsored Link
Ads by Google

Response Number 1
Name: hacad
Date: January 7, 2004 at 12:49:55 Pacific
Reply:

This is a good site for startup applications

http://www.windowsstartup.com/wso/search.php


0

Response Number 2
Name: sxshep
Date: January 7, 2004 at 15:26:24 Pacific
Reply:

Bejesus,

You have one boatload of viruses, too numerous to name. HiJack removal won't help till you take care of them.

Get yourself a free online scan @http://housecall.trendmicro.com/.

Repost a new log when done. A real mess ya got there.


Shep




0

Response Number 3
Name: sxshep
Date: January 7, 2004 at 15:35:06 Pacific
Reply:

Bejesus,

ADLCICKER.G

SDBOT varient

To name a couple.

Shep


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: System32 problems & gibberish exe's
Problem with twunk_32t.exe www.computing.net/answers/security/problem-with-twunk32texe/15282.html

can't run exe's www.computing.net/answers/security/cant-run-exes/6655.html

Problem loading certain .exe files www.computing.net/answers/security/problem-loading-certain-exe-files/1586.html