Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis log as requested

Started by Jazz340 , Nov 20 2007 06:16 AM

  • Please log in to reply

#1
Jazz340
Posted 20 November 2007 - 06:16 AM

Jazz340

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:10:11, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Dan\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\sfbdaouc.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186855048500
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe




I have so many viruses on this thing, it's rediculous. My original post is:

http://www.geekstogo...up-t177230.html

Thanks :)
  • 0

Advertisements

#2
Jazz340
Posted 20 November 2007 - 05:43 PM

Jazz340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Shall I run any further checks in anticipation of someone coming along to help?! I've read a lot about various online programs. Anything to speed up the process.
  • 0

#3
Jazz340
Posted 21 November 2007 - 08:34 AM

Jazz340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I got the loop sorted by running the built in advent system recovery. Still got my files etc, and have to reinstall a few programs. But, AVG, the log I will post here, finds some things it cannot remove. Here it is. I didn't think I'd have to wait all this time. My HJT log is half the size of most others.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:23:22 21/11/2007

+ Scan result:



C:\WINDOWS\system32\Isass.exe -> Backdoor.IRCBot.afm : Error during cleaning.
C:\WINDOWS\system32\algs.exe -> Backdoor.IRCBot.afm : Error during cleaning.
C:\WINDOWS\system32\explorer.exe -> Backdoor.IRCBot.afm : Error during cleaning.
C:\WINDOWS\system32\winamp.exe -> Backdoor.IRCBot.afm : Error during cleaning.
C:\WINDOWS\system32\bwcdz.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\czhcko.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\ddnwxl.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\eceprtgj.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\guhrb.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\jcvz.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\kopuurkl.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\ppcwjd.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\rbyzngdp.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\riele.exe -> Dropper.Small : Error during cleaning.
C:\WINDOWS\system32\smpzwee.exe -> Dropper.Small : Error during cleaning.
:mozilla.137:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.360:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.410:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.422:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.457:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.485:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.502:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.506:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.549:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.574:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.680:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.120:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.184:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.273:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.361:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.374:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.401:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.402:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.499:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.508:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.525:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.631:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.536:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.253:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.78:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.559:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.11:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.610:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.616:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.713:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.661:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.693:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\yb8082us.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.


::Report end
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP