Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Not sure exactly what is happening [CLOSED]


  • This topic is locked This topic is locked

#1
STXPKTRKT

STXPKTRKT

    Member

  • Member
  • PipPip
  • 32 posts
I followed the steps on before posting a Hijack Log. My computer was infected with .rar files that filled up my hard drive (30g). I followed the steps and instructions and the computer is totally different. all the desktops icons are gone and in the start menu there are only a handful of programs. Here is the log, thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:34:10 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: InfoDocReader Object - {39D36F7F-81ED-45DC-87A3-A51824966B06} - C:\WINDOWS\system32\geede.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O15 - Trusted IP range: http://85.12.25.95
O15 - Trusted IP range: http://202.67.220.227
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...dd084361d36488e
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...dd084361d36488e
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\p6r40g9qe6.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi STXPKTRKT and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


A. Please run the following program:
  • Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As": DelDomains.inf to your Desktop
    http://www.mvps.org/.../DelDomains.inf

  • Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.
  • Then please restart your computer.

    Note: You will have to reimmunize with SpywareBlaster, IE-SPYADS, and/or Spybot after doing this if you were using these features before.

B. 1. Please download this file - combofix.exe by sUBs

2. Extract it to your desktop.

3. Now go Start>>Run and type the following:

"%userprofile%\desktop\combofix.exe" /v geede

That will run the tool in a special way.

4. When finished, it will produce a log for you. Please save that log to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.



Trevuren

  • 0

#3
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks for your help. Ran the programs you asked me to run here are the results

Logfile of HijackThis v1.99.1
Scan saved at 9:23:45 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Martin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...dd084361d36488e
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...dd084361d36488e
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe





Martin - 06-09-26 21:18:45.48 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Martin\desktop"
Command switches used :: /v geede

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\InprocServer32]
@="C:\\WINDOWS\\system32\\eU00bmsg.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\LMCMGR10.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPFTEDIT.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\InprocServer32]
@="C:\\WINDOWS\\system32\\PQOTOWIZ.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\InprocServer32]
@="C:\\WINDOWS\\system32\\iPlmuFRA.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\IGSECSNP.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\InprocServer32]
@="C:\\WINDOWS\\system32\\MEHTMLER.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\InprocServer32]
@="C:\\WINDOWS\\system32\\HZCOIN.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\InprocServer32]
@="C:\\WINDOWS\\system32\\hwsetup.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\aza0l1fm1.dll
C:\WINDOWS\SYSTEM32\c6002gdmg60a2.dll
C:\WINDOWS\SYSTEM32\dnj2011oe.dll
C:\WINDOWS\SYSTEM32\e4jm0e11eh.dll
C:\WINDOWS\SYSTEM32\eb.dll
C:\WINDOWS\SYSTEM32\en0sl1d71.dll
C:\WINDOWS\SYSTEM32\en20l1fm1.dll
C:\WINDOWS\SYSTEM32\en4ml1h11.dll
C:\WINDOWS\SYSTEM32\f82mlif1182.dll
C:\WINDOWS\SYSTEM32\fpp2037oe.dll
C:\WINDOWS\SYSTEM32\g0400ahmed4a0.dll
C:\WINDOWS\SYSTEM32\g2lm0c31ef.dll
C:\WINDOWS\SYSTEM32\gpp2l37o1.dll
C:\WINDOWS\SYSTEM32\hr2q05f5e.dll
C:\WINDOWS\SYSTEM32\hrl8053ue.dll
C:\WINDOWS\SYSTEM32\HZCOIN.DLL
C:\WINDOWS\SYSTEM32\i624lgfq162e.dll
C:\WINDOWS\SYSTEM32\IGSECSNP.DLL
C:\WINDOWS\SYSTEM32\iPlmuFRA.dll
C:\WINDOWS\SYSTEM32\j04olah31d4.dll
C:\WINDOWS\SYSTEM32\j60slgd7160.dll
C:\WINDOWS\SYSTEM32\jtju0719e.dll
C:\WINDOWS\SYSTEM32\jtp8077ue.dll
C:\WINDOWS\SYSTEM32\k0620ajoedoc0.dll
C:\WINDOWS\SYSTEM32\k226lcfs1f26.dll
C:\WINDOWS\SYSTEM32\k680lglm16qa.dll
C:\WINDOWS\SYSTEM32\kt46l7hs1.dll
C:\WINDOWS\SYSTEM32\ktp6l77s1.dll
C:\WINDOWS\SYSTEM32\l42s0ef7eh2.dll
C:\WINDOWS\SYSTEM32\ldwmf13n.dll
C:\WINDOWS\SYSTEM32\lvn6095se.dll
C:\WINDOWS\SYSTEM32\lvpq0975e.dll
C:\WINDOWS\SYSTEM32\LYCMGR10.DLL
C:\WINDOWS\SYSTEM32\m4820eloehqc0.dll
C:\WINDOWS\SYSTEM32\m8rmli9118.dll
C:\WINDOWS\SYSTEM32\MEHTMLER.DLL
C:\WINDOWS\SYSTEM32\MEWEBDVD.DLL
C:\WINDOWS\SYSTEM32\MPFTEDIT.DLL
C:\WINDOWS\SYSTEM32\mvn2l95o1.dll
C:\WINDOWS\SYSTEM32\n24s0ch7ef4.dll
C:\WINDOWS\SYSTEM32\n2r2lc9o1f.dll
C:\WINDOWS\SYSTEM32\n68olgl316q.dll
C:\WINDOWS\SYSTEM32\n6p40g7qe6.dll
C:\WINDOWS\SYSTEM32\o0840alqedqe0.dll
C:\WINDOWS\SYSTEM32\o2lu0c39ef.dll
C:\WINDOWS\SYSTEM32\o684lglq16qe.dll
C:\WINDOWS\SYSTEM32\o8ns0i57e8.dll
C:\WINDOWS\SYSTEM32\q0nula591d.dll
C:\WINDOWS\SYSTEM32\s288lclu1fq8.dll
C:\WINDOWS\SYSTEM32\t48ulel91hq.dll
C:\WINDOWS\SYSTEM32\TQPI.DLL


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\drivers\dp.sys


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\outlook

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?canregw.exe
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\winspool.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?canregw.exe
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\winspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-26 20:40 -------- d-------- C:\Program Files\BFG
2006-09-26 02:25 -------- d-------- C:\Program Files\Internet Explorer
2006-09-26 01:04 -------- d-------- C:\Program Files\Ares Music
2006-09-26 01:00 -------- d-------- C:\Documents and Settings\Martin\Application Data\TrojanHunter
2006-09-26 00:53 -------- d-------- C:\Program Files\Common Files
2006-09-26 00:39 -------- d-------- C:\Program Files\CleanUp!
2006-09-26 00:23 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-09-26 00:08 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-25 22:58 -------- d-------- C:\Program Files\Lavasoft
2006-09-20 11:16 -------- d--h----- C:\Documents and Settings\Martin\Application Data\Identities
2006-08-20 15:17 0 --a------ C:\WINDOWS\SYSTEM32\ir4sl5h71.dll
2006-08-20 15:16 0 --a------ C:\WINDOWS\SYSTEM32\h02o0af3ed2.dll
2006-08-20 12:20 0 --a------ C:\WINDOWS\SYSTEM32\azaolgl316q.dll
2006-08-20 12:18 0 --a------ C:\WINDOWS\SYSTEM32\l68mlgl116q.dll
2006-08-20 11:54 0 --a------ C:\WINDOWS\SYSTEM32\n2n6lc5s1f.dll
2006-08-20 11:02 0 --a------ C:\WINDOWS\SYSTEM32\p2n80c5uef.dll
2006-08-20 10:26 0 --a------ C:\WINDOWS\SYSTEM32\azaslgd7160.dll
2006-08-20 10:25 0 --a------ C:\WINDOWS\SYSTEM32\n0n6la5s1d.dll
2006-08-20 10:22 0 --a------ C:\WINDOWS\SYSTEM32\OLUNINST.DLL
2006-08-20 10:20 0 --a------ C:\WINDOWS\SYSTEM32\n48o0el3ehq.dll
2006-08-20 10:19 0 -r--s---- C:\WINDOWS\SYSTEM32\hrps0577e.dll
2006-08-20 10:05 0 --a------ C:\WINDOWS\SYSTEM32\kt0ul7d91.dll
2006-08-20 10:03 0 --a------ C:\WINDOWS\SYSTEM32\dn4q01h5e.dll
2006-08-20 10:00 0 --a------ C:\WINDOWS\SYSTEM32\d6j0lg1m16.dll
2006-08-19 14:59 0 --a------ C:\WINDOWS\SYSTEM32\irn0l55m1.dll
2006-08-19 14:38 0 --a------ C:\WINDOWS\SYSTEM32\irp6l57s1.dll
2006-08-19 14:35 0 --a------ C:\WINDOWS\SYSTEM32\mxwt.dll
2006-08-19 14:31 0 --a------ C:\WINDOWS\SYSTEM32\r2p80c7uef.dll
2006-08-18 11:01 13844 --a------ C:\WINDOWS\SYSTEM32\uwimxyvy.exe
2006-08-18 11:00 0 --a------ C:\WINDOWS\SYSTEM32\o866lijs18o6.dll
2006-08-18 00:18 -------- d---s---- C:\Documents and Settings\Martin\Application Data\Microsoft
2006-08-16 00:16 12308 --a------ C:\WINDOWS\SYSTEM32\woyctyrq.exe
2006-08-15 13:15 12308 --a------ C:\WINDOWS\SYSTEM32\ismcolrs.exe
2006-08-14 16:23 12308 --a------ C:\WINDOWS\SYSTEM32\ndgdupsu.exe
2006-08-14 13:11 12308 --a------ C:\WINDOWS\SYSTEM32\puslpdus.exe
2006-08-12 00:25 0 --a------ C:\WINDOWS\SYSTEM32\m482lelo1hqc.dll
2006-08-10 20:18 -------- d-------- C:\Program Files\Windows Media Player
2006-08-08 18:22 85248 --ah----- C:\Documents and Settings\Martin\Application Data\GDIPFONTCACHEV1.DAT
2006-08-08 14:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-08 14:28 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-08 14:27 -------- d-------- C:\Program Files\Dell
2006-08-08 14:23 -------- d-------- C:\Program Files\Yahoo!
2006-08-08 14:17 -------- d-------- C:\Program Files\MUSICMATCH
2006-08-08 14:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-08 14:11 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-08-04 19:35 -------- d-------- C:\Program Files\HP
2006-08-04 11:39 -------- d-------- C:\Program Files\QuickTime
2006-07-31 14:03 -------- d--h----- C:\Documents and Settings\Martin\Application Data\Morpheus
2006-07-27 08:24 679424 --------- C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-25 20:21 65556 --a--c--- C:\WINDOWS\SYSTEM32\pgqviwwl.exe
2006-07-25 14:08 65556 --a--c--- C:\WINDOWS\SYSTEM32\jqnkthqf.exe
2006-07-24 23:34 24304 --a--c--- C:\WINDOWS\icont.exe
2006-07-24 15:08 17750 --a--c--- C:\WINDOWS\SYSTEM32\owculjyw.exe
2006-07-24 06:37 17750 --a--c--- C:\WINDOWS\SYSTEM32\chyvfdvj.exe
2006-07-23 21:57 17750 --a--c--- C:\WINDOWS\SYSTEM32\afopxgxn.exe
2006-07-23 21:03 17750 --a--c--- C:\WINDOWS\SYSTEM32\gxlgolgy.exe
2006-07-23 18:53 17750 --a--c--- C:\WINDOWS\SYSTEM32\nprwlnvr.exe
2006-07-23 16:33 17750 --a--c--- C:\WINDOWS\SYSTEM32\xtpsyobe.exe
2006-07-23 00:48 17750 --a--c--- C:\WINDOWS\SYSTEM32\uqjkovix.exe
2006-07-22 23:32 17750 --a--c--- C:\WINDOWS\SYSTEM32\vvmnkure.exe
2006-07-22 13:25 17750 --a--c--- C:\WINDOWS\SYSTEM32\bukxyjmv.exe
2006-07-22 11:47 17750 --a--c--- C:\WINDOWS\SYSTEM32\mitpmllc.exe
2006-07-22 11:30 17750 --a--c--- C:\WINDOWS\SYSTEM32\durrdmro.exe
2006-07-22 10:54 17750 --a--c--- C:\WINDOWS\SYSTEM32\odoacwba.exe
2006-07-22 05:39 17750 --a--c--- C:\WINDOWS\SYSTEM32\hqnqfgwh.exe
2006-07-21 22:40 17750 --a--c--- C:\WINDOWS\SYSTEM32\cmbkvxmt.exe
2006-07-21 21:00 17750 --a--c--- C:\WINDOWS\SYSTEM32\obqhdmrb.exe
2006-07-21 19:10 17750 --a--c--- C:\WINDOWS\SYSTEM32\rxitgobl.exe
2006-07-21 12:54 17750 --a--c--- C:\WINDOWS\SYSTEM32\fjheybal.exe
2006-07-21 03:24 72704 --------- C:\WINDOWS\SYSTEM32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"tbon"="C:\\Program Files\\TBONBin\\tbon.exe /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Titanium Antivirus 2005\\APVXDWIN.EXE\" /s"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,02,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"StarwareUninstall"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"StarwareUninstall"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LUCKYCOMPUTER-Martin).job

Completion time: Tue 09/26/2006 21:21:46.96
ComboFix.txt
ComboFix2.txt
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I need to get you to move HijackThis to a folder of its own (not in a Temporay Folder) so that nothing gets deleted by mistake

1. Right click in an empty space on your desktop.

2. From the Menu, click New, then Folder and a folder will appear on your desktop.

3. Name the folder HJT

4. Cut/Paste your current version of HijackThis into the new Folder that was just created.

5. Now, run the program and post a fresh HJT log for review.

6. In addition, please provide a list of uninstallable programs.

To Provide a List of Installed Programs
  • Run HijackThis.
  • Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
  • Save list to Desktop
  • Copy the Notepad list and Paste it into this thread.

Trevuren
  • 0

#5
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:35:25 AM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...dd084361d36488e
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...dd084361d36488e
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


3D Home Architect® Deluxe 3.0
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9
Adobe Reader 6.0.1
Autodesk DWF Viewer
CleanUp!
Compresor WinRAR
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
HijackThis 1.99.1
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee SecurityCenter
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Word 2002
Microsoft Works 2005 Setup Launcher
Modem Event Monitor
Mozilla Firefox (1.5)
MSN Messenger 7.5
My Way Search Assistant
Need2Find Bar
OpenMG Limited Patch 4.2-05-07-27-01
OpenMG Secure Module 4.2.00
Panda Titanium Antivirus 2005
SBC Yahoo! DSL Home Networking Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Shockwave
Sonic RecordNow!
SonicStage 3.2
Sony USB Driver
Spybot - Search & Destroy 1.4
TrojanHunter 4.5
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Weather Add-in for MSN Search Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
Yahoo! Install Manager
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I am strongly suggesting that you UNINSTALL the following programs that are either malware or come bundled with malware or they are foistware, i-e programs that are usually installed without the user's consent.

My Way Search Assistant
Need2Find Bar



See the following if you want a more in-depth explanation:

http://www.bleepingc...nstall/all.html

and/or

http://www.spywarewa...re.htm#products



A. I need you to temporarily diable the following program for it may interfere with our fix:

TrojanHunter Guard

1. Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
2. Make sure that the program, TrojanHunter itself, is also closed/not running.


B. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...dd084361d36488e
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...dd084361d36488e
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using the Add/Remove Programs module in your Control Panel, please UNINSTALL the following program(s):

    My Way Search Assistant
    Need2Find Bar


  • Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

    C:\Program Files\TBONBin<==Folder and all its content
    C:\Program Files\RXToolBar<==Folder and all its content
    C:\WINDOWS\system32\alg.dll<==File
    C:\Program Files\MyWay Search Assistant<==Folder and all its content
    C:\Program Files\Need2Find Bar<==Folder and all its content


  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in this thread so we can check how everything looks now.
Regards,

Trevuren

  • 0

#7
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi,

I am trying to remove the my way search assistant and need2find bar.

when i use the control panel option to remove the program i get the following error

Error Loading C:|PROGRA~\Need2f~1\var\1.bin\nd2fnbar.dll

and C:\PROGRA~1\MYWAYSA\SRCHASDE\1.BIN\DESCRAS.DLL
  • 0

#8
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
this error was given after i pressed the Fix Checked key in HJT

An unexpected error has occurre at procedure: modBackup_MakeaBackup(sitem_P20 - AppOmot_dlls: C:\windows|system32\alg.dll)
Error #5- Invalid Procedure call or argument

I re scanned the system using HJT all the entries you had previously advised to remove and they were gone.
  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please post a fresh HJT log

Trevuren

Edited by Trevuren, 27 September 2006 - 07:11 PM.

  • 0

#10
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:10:37 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

Advertisements


#11
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
i accidently ran the HJT from a temp folder

here is the correct log:


Logfile of HijackThis v1.99.1
Scan saved at 8:29:26 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

#12
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry noticed that Trojan Hunter was running during the last log



8:37 PM 9/27/2006Logfile of HijackThis v1.99.1
Scan saved at 8:34:03 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
That log sure looks a lot better.!!

Please do an online scan with Kaspersky Online Virus Scanner (Use Internet Explorer as your Browser)

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Next Click on Free Virus Scanner, then Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information into your next post.
Regards

Trevuren

  • 0

#14
STXPKTRKT

STXPKTRKT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well I tried to connect to teh internet.
I get the limited or no connectivity error.

I ran winsocks, still no connection.


I noticed that there is a morpheus shared folder named ..\martin\shared\_

in this folder there is lots of .rar files

i ran virus scanners and can not seem to find any.

i searched online on how to remove Morphues and removed it from the registry.

After i did this some desktop items were hidden, when i try and run word it asks for the installation disc. I press cancel installation and word works normal.

:whistling:
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Do you remember what registry keys/values you were playing with?

Are you now using another computer?

Trevuren

Edited by Trevuren, 28 September 2006 - 10:04 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP