Need help removing Trojan [RESOLVED], HTproc32.dll trojan found and cannot clean or delete |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Feb 6 2006, 04:05 PM
Post
#1
|
|
|
Member  Posts: 16 OS: Windows 2000 prof.  |
Here is Hijack log, can someone please help me. Thanks Steve Logfile of HijackThis v1.99.1 Scan saved at 5:01:37 PM, on 2/6/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\CTSvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Network Monitor\netmon.exe C:\WINNT\System32\nvsvc32.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINNT\System32\RunDll32.exe C:\WINNT\System32\hpsw.exe C:\WINNT\System32\RUNDLL32.EXE C:\WINNT\System32\wgse.exe C:\WINNT\System32\svchost.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe C:\WINNT\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\weoi\acoa.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\j?vaw.exe C:\WINNT\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINNT\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gocarolinas.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.gocarolinas.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {50C924B9-9C53-BAFA-2C00-B7CE6DCCE2ED} - (no file) F3 - REG:win.ini: run=C:\WINNT\inet20010\winlogon.exe O2 - BHO: ohb - {22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB} - (no file) O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [0o8w0320.dll] RUNDLL32.EXE 0o8w0320.dll,b 1745791655 O4 - HKLM\..\Run: [susse] "C:\WINNT\System32\hpsw.exe" O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Steve Mayne\My Documents\msconfig.exe /auto O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WinMedia] C:\WINNT\System32\wwwloader.exe O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Cant] "C:\Program Files\weoi\acoa.exe" -vt mt O4 - HKCU\..\Run: [Cqmajpi] C:\WINNT\System32\j?vaw.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone O16 - DPF: {0a454840-7232-11d5-b63d-00c04faedb18} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131416927801 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} - O16 - DPF: {A0B8AC59-2D8B-4F23-A1B2-69770BC2CC1F} (Iecontrol Control) - https://eaccess/e1357_bin/iecontrol.CAB O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O16 - DPF: {DAB941D8-BC94-4819-AB4D-5598C65FA3FE} - http://gpstool.globaladserver.com/v30/gpstool.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/er...FreeInstall.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usps.gov O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usps.gov O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usps.gov O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O20 - Winlogon Notify: DateTime - C:\WINNT\system32\kt6ul7j91.dll (file missing) O20 - Winlogon Notify: htproc - C:\WINNT\SYSTEM32\htproc32.dll O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) O20 - Winlogon Notify: ssldr - C:\WINNT\SYSTEM32\ssldr32.dll O20 - Winlogon Notify: winonm32 - C:\WINNT\SYSTEM32\winonm32.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\U3RldmUgTWF5bmU\command.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe |
 |
 
|
Posts in this topic
smayne Need help removing Trojan [RESOLVED] Feb 6 2006, 04:05 PM
Daemon We can help you, but first you need to help us. Th... Feb 6 2006, 05:44 PM smayne Logfile of HijackThis v1.99.1
Scan saved at 6:44:4... Feb 7 2006, 05:45 PM Daemon Click here to download ewido anti-malware - it is ... Feb 8 2006, 01:14 PM smayne ewido anti-malware - Scan report
-----------------... Feb 8 2006, 04:12 PM Daemon Download L2mfix from one of these two locations:
... Feb 8 2006, 04:16 PM smayne L2MFIX find log 010406
These are the registry keys... Feb 8 2006, 04:41 PM Daemon Close any programs you have open since this step r... Feb 9 2006, 02:26 AM smayne L2mfix 010406
Creating Account.
The command comple... Feb 9 2006, 05:08 AM Daemon Make sure that you have no browser windows open as... Feb 10 2006, 04:59 AM smayne Logfile of HijackThis v1.99.1
Scan saved at 10:42:... Feb 11 2006, 09:43 PM Daemon Right click Here and select Save As to download Wi... Feb 12 2006, 02:43 AM smayne Logfile of HijackThis v1.99.1
Scan saved at 8:24:0... Feb 12 2006, 07:24 AM Daemon Apologies - missed this reply. Do you still requir... Feb 25 2006, 02:20 AM
Daemon As this problem has been resolved the topic will b... Mar 3 2006, 01:46 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
9 / 523 | 12th July 2006 - 11:21 AM epilgren started - last by Daemon |
|||||
|
3 / 933 | 6th August 2008 - 07:13 PM coq started - last by fenzodahl512 |
|||||
|
13 / 775 | 12th August 2008 - 02:32 PM RoninJai started - last by Mike |
|||||
|
13 / 890 | 26th November 2008 - 07:18 PM FrustratedScott started - last by Rorschach112 |
|||||
|
Time is now: 21st November 2009 - 01:00 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising