My Log...Please Help! [RESOLVED], AdClicker.CS trojan has invaded |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Jun 9 2005, 10:13 PM
Post
#1
|
|
|
Member  Posts: 92 OS: Windows XP  |
AdClicker.CS trojan has invaded my girlfreinds computer. We have ran all the regular anti virus stuff, but it's still there even though the virus scan says it is not. Please help us repair without a re-install.
Here is her log: Logfile of HijackThis v1.99.1 Scan saved at 2:24:38 PM, on 5/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\ERDCENC.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Embqtu.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8B803716-123A-4635-BBAA-E278921CC92E}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks, peace out...daddy |
 |
 
|
Posts in this topic
daddy My Log...Please Help! [RESOLVED] Jun 9 2005, 10:13 PM
Excal Hi daddy and welcome to GeeksToGo! My name is ... Jun 14 2005, 09:46 PM daddy Hi Excalibur190! Thanks for getting to me. Als... Jun 14 2005, 10:08 PM Excal Hi daddy and welcome to GeeksToGo! My name is... Jun 14 2005, 10:21 PM daddy Ok...here we go. Followed directions and ran Ewido... Jun 16 2005, 11:12 PM Excal Hi Daddy,
I can see that you have some malware is... Jun 17 2005, 07:20 PM daddy Excalibur...couple things before I begin.
You ask... Jun 17 2005, 08:09 PM Excal Hi Daddy, (that feels soooo wrong saying that...lo... Jun 17 2005, 08:31 PM daddy Ok....I did everything and things were looking rea... Jun 18 2005, 05:02 AM Excal Daddy,
I need you to run HiJackThis Again. and gi... Jun 18 2005, 06:42 AM daddy Hey Excalibur...thank you for being so prompt. I w... Jun 18 2005, 03:56 PM Excal Hi Daddy,
Now thats much better!!! P... Jun 18 2005, 05:05 PM daddy 1st) Ran scan with housecall...no infected files..... Jun 19 2005, 01:53 AM daddy wow...guess too much info to fit in one post. Here... Jun 19 2005, 01:59 AM Excal Hi Daddy,
Everything is looking good Most of t... Jun 19 2005, 08:39 AM daddy Hi Excalibur...
Ok...I ran Regseeker 3 times and ... Jun 19 2005, 02:32 PM Excal Hi Daddy,
Download ETRemover Here
save it to you... Jun 19 2005, 06:01 PM daddy Thank you bro...everything is back to normal and r... Jun 20 2005, 02:35 PM Excal Hi Daddy!
Great to hear its back to normal... Jun 20 2005, 02:48 PM
Excal Since this issue appears to be resolved ... this T... Jun 30 2005, 09:34 PM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
2 / 541 | 16th April 2005 - 10:17 AM ThePcGuy started - last by thatman |
||||
 |
14 / 861 | 2nd January 2006 - 06:09 AM samcrewe started - last by didom |
|||||
|
22 / 1,038 | 29th March 2008 - 07:34 AM rayrayc5 started - last by Essexboy |
|||||
|
25 / 613 | 26th October 2008 - 09:29 AM Fallenone27 started - last by Rorschach112 |
|||||
|
Time is now: 21st November 2009 - 01:23 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising