PDA

View Full Version : Hijack This Logfile analysis


Duecey93
Jul 9, 2008, 01:54 PM
What should I do about the items I cut/paste from my Hijack This Logfile analysis below? :confused:

O2 - BHO: (no name) - {378ABD4E-1471-46AB-A35E-B04EE10AD7A0} - C:\WINDOWS\system32\fccyxwWm.dll (file missing)
Unknown application. Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {4E59D533-8183-4891-B657-D1ED8E8ED5CB} - C:\WINDOWS\system32\hgGyvstU.dll (file missing)
(http://www.hijackthis.de/)Unknown application. Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
02 - BHO: (no name) - {8F8CEEF1-3393-47B5-A5E5-94AE8C71979A} - C:\WINDOWS\system32\iifCVlmm.dll (file missing)
(http://www.hijackthis.de/)Unknown application. Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUmMCRI.dll (file missing)
(http://www.hijackthis.de/)Must be fixed!
Unnecessary (deactivated) entry that can be fixed. [random filename] - ConHook, http://research.sunbelt-software.com/thr eatdisplay.aspx?threatid=45786 aka Chisyne, CA Global Security Advisor - CA (http://www3.ca.com/securityadvisor/virus) info/virus.aspx?id=48117 trojan variant - VirtuMonde/Vundo, http://www.symantec.com/security_resp
O2 - BHO: (no name) - {B2DD45E2-0B28-4FF3-B257-AEB5A3A11BD0} - C:\WINDOWS\system32\byXoomKb.dll (file missing)
(http://www.hijackthis.de/)Unknown application. Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {E2BAA01F-EE6F-431E-8EFC-A9907B678560} - C:\WINDOWS\system32\tuvUNgGw.dll (file missing)
(http://www.hijackthis.de/)Unknown application. Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {EA219909-B178-40A3-ACE2-7DD209447DA3} - C:\WINDOWS\system32\qoMfcdEw.dll (file missing)
(http://www.hijackthis.de/)Unknown application. Unnecessary (deactivated) entry that can be fixed.
O4 - HKCU\..\Run: [yrjlentu] C:\WINDOWS\system32\tmfopcxk.exe
(http://www.hijackthis.de/)Unknown application.
O4 - HKCU\..\Run: [yuqgfcmn] C:\WINDOWS\system32\gpydutkp.exe
(http://www.hijackthis.de/)Unknown application.
O4 - HKCU\..\Run: [oidcivqj] C:\WINDOWS\system32\orcvqpkz.exe
(http://www.hijackthis.de/)Unknown application.
O20 - Winlogon Notify: wvUmMCRI - wvUmMCRI.dll (file missing)
(http://www.hijackthis.de/)Unnecessary (deactivated) entry that can be fixed.
O21 - SSODL: qdnkewfa - {65217AB2-022E-4E8C-8885-42A772381977} - C:\WINDOWS\qdnkewfa.dll (file missing)
(http://www.hijackthis.de/)O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
This entry was classified from our visitors as bad.

JBeaucaire
Jul 9, 2008, 03:48 PM
Try running a cleanup utility like CCleaner (Download Here (www.ccleaner.com/download)) instead of manually fiddling with all of these entries.

jstrike
Jul 9, 2008, 04:09 PM
For those entries that have file missing you can use Hijack This to remove the entry. For those that you're not sure of you can go into IE7 and disable them to see what happens but based on those file names I wouldn't trust anything on that list other than the entry for Java 6. (C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll) If you're in doubt try googling the file name before you delete it/disable it.

seahwk83
Jul 9, 2008, 05:38 PM
Mark the boxes next to All these items and choose the option to fix, bottom left

After restarting the PC, run a full Anitvirus scan on your PC

Here are some links for Online scans if you do not have an antivirus application that is updated

Free online Virus scans
Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA (http://housecall.trendmicro.com/)
http://www.thepcmanwebsite.com/virus_help.shtml
http://www.ravantivirus.com/scan/
Virus File Scanner (http://www.kaspersky.com/scanforvirus)
Free AntiVirus Software and Free Online Virus Scanning Services (thefreecountry.com) (http://www.thefreecountry.com/security/antivirus.shtml)

I would suggest using 2 of these.


O2 - BHO: (no name) - {378ABD4E-1471-46AB-A35E-B04EE10AD7A0} - C:\WINDOWS\system32\fccyxwWm.dll (file missing)
Unknown application. Unnecessary (deactivated) entry that can be fixed.

02 - BHO: (no name) - {8F8CEEF1-3393-47B5-A5E5-94AE8C71979A} - C:\WINDOWS\system32\iifCVlmm.dll (file missing)
Unknown application. Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {B2DD45E2-0B28-4FF3-B257-AEB5A3A11BD0} - C:\WINDOWS\system32\byXoomKb.dll (file missing)
Unknown application. Unnecessary (deactivated) entry that can be fixed.

O4 - HKCU\.. \Run: [yrjlentu] C:\WINDOWS\system32\tmfopcxk.exe
Unknown application.
O4 - HKCU\.. \Run: [yuqgfcmn] C:\WINDOWS\system32\gpydutkp.exe
Unknown application.
O4 - HKCU\.. \Run: [oidcivqj] C:\WINDOWS\system32\orcvqpkz.exe
Unknown application.

O20 - Winlogon Notify: wvUmMCRI - wvUmMCRI.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.
O21 - SSODL: qdnkewfa - {65217AB2-022E-4E8C-8885-42A772381977} - C:\WINDOWS\qdnkewfa.dll (file missing)

And as suggested run CCleaner

Download CCleaner 2.09.600 - FileHippo.com (http://www.filehippo.com/download_ccleaner/)
On the right hand side, click download latest version
When done, run another Hijack and see what kind of info may come up