Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Reply to this topicStart new topic
Windows XP - trojan infected files - problem with the Add / Remove Pro, the "Add / Remove Programs " window in the Control Panel doe
prafull_roy
post Jan 15 2006, 12:57 AM
Post #1


New Member
*
Posts: 3
OS: windows XP



hi,

i had accidently deleted 1/2 files ( cannot recollect the file names though ! ) in the system32 folder ( OS - Windows XP ) as they had been infected by virus.

Since then , the following issues have cropped up :-

1. " Add / Remove Programs " window is not coming up when clicked ( Start -> Control Panel )
2. Cannot open Windows Media Player.
3. No sound ...when the media files are played using the Real Player ( even though I can see the files being played in real player . ( it does not seem to be the issue with the sound card as i can listen the songs when i use I-tunes to play the songs


I read about the Hijackthis utility and hence pasting the output logs in this forum . Any help in this reagrd is much appreciated.....


Logfile of HijackThis v1.99.1
Scan saved at 2:09:20, on 2006/01/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\odlmrx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fujitsu\AH-F401U ユーティリティ\AH-F401U_Watch.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
D:\Program Files\realplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\prk\downloads\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC673.tmp
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dndrgy] C:\WINDOWS\system32\odlmrx.exe r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Casa 3rdPty - Misc - http://citidirect-eb.citicorp.com:/cabs/casathrdpty.cab
O16 - DPF: Casa 3rdPty - Swing 1 - http://citidirect-eb.citicorp.com:/cabs/casaswing1.cab
O16 - DPF: Casa 3rdPty - Swing 2 - http://files.citidirect.com/files/citidire.../casaswing2.cab
O16 - DPF: Casa Audit - http://citidirect-eb.citicorp.com:/cabs/casaaudit.cab
O16 - DPF: Casa AWT - http://citidirect-eb.citicorp.com:/cabs/casaawt.cab
O16 - DPF: Casa Broadcast - http://citidirect-eb.citicorp.com:/cabs/casabrdcast.cab
O16 - DPF: Casa BTR - http://citidirect-eb.citicorp.com:/cabs/casabtr.cab
O16 - DPF: Casa Cab Verifier - https://citidirect-eb.citicorp.com/CasaCabVerifier.cab
O16 - DPF: Casa Code Pages - http://citidirect-eb.citicorp.com:/cabs/casacodepage.cab
O16 - DPF: Casa Default - http://citidirect-eb.citicorp.com:/cabs/casadefault.cab
O16 - DPF: Casa Framework - http://citidirect-eb.citicorp.com:/cabs/casaframework.cab
O16 - DPF: Casa Images - http://citidirect-eb.citicorp.com:/cabs/casaimages.cab
O16 - DPF: Casa Infrastructure - http://citidirect-eb.citicorp.com:/cabs/casainfr.cab
O16 - DPF: Casa Language ja_JP - http://citidirect-eb.citicorp.com:/cabs/casa_ja_jp.cab
O16 - DPF: Casa Libraries - http://citidirect-eb.citicorp.com:/cabs/casalibs.cab
O16 - DPF: Casa List Manager - http://citidirect-eb.citicorp.com:/cabs/casalistmgr.cab
O16 - DPF: Casa Misc - http://citidirect-eb.citicorp.com:/cabs/casamisc.cab
O16 - DPF: Casa Payments Banamex - http://citidirect-eb.citicorp.com:/cabs/casapmtsbanamex.cab
O16 - DPF: Casa Payments Common - http://citidirect-eb.citicorp.com:/cabs/casapmtscomm.cab
O16 - DPF: Casa Payments Detail - http://citidirect-eb.citicorp.com:/cabs/casapmtsdtl.cab
O16 - DPF: Casa Payments Libraries - http://citidirect-eb.citicorp.com:/cabs/casapmtslibs.cab
O16 - DPF: Casa Payments Misc - http://citidirect-eb.citicorp.com:/cabs/casapmtsmisc.cab
O16 - DPF: Casa Pref Mgr - http://citidirect-eb.citicorp.com:/cabs/casaprefmgr.cab
O16 - DPF: Casa Report - http://citidirect-eb.citicorp.com:/cabs/casareport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...rInstall_jp.cab
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - d:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)



Thanks and Regards,
-Prafull
Go to the top of the page
 
+Quote Post
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 7th January 2009 - 10:17 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Powered By IP.Board © 2009  IPS, Inc.