Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infection but won't tell me what


  • Please log in to reply

#1
Chip1035

Chip1035

    New Member

  • Member
  • Pip
  • 8 posts
I have a friend with a little problem, little red icon in the tray which if clicked brings up My Computer but changes to a scan of infections.
McAfee Virus scan doesn't find anything and Microsoft Defender won't get rid of it. Scans done in safe mode. SpyBot Search and Destroy found infections and cleaned them up (trying to get that log but friend unavailable right now). But they are still there. iexplorer.exe keeps loading in the background, taking a good chuck of memory even with IE closed. Below is the HiJackThis log and I have ComboFix as well except it's long and apparently won't fit in one post.

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:27 AM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\Ko3C11T6.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co.../aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
O16 - DPF: Alibaba Slots - http://game3.pogo.co...ibaba-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.co...hlinx-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.co...wling-en_US.cab
O16 - DPF: Bump by pogo - http://www.pogo.com/.../bump-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.co...inner-en_US.cab
O16 - DPF: Cribbage by pogo - http://game3.pogo.co...bbage-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game3.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game3.pogo.co...rvest-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game3.pogo.co...poker-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.co...h/jth-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.co.../gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.co...dkeno-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.co...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.co...shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.co...opoly-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.co...cell2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.co...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.co...treak-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.co...abble-en_US.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C9 - http://order.blindst...lk/jwalk_ie.cab
O16 - DPF: Showbiz Slots by pogo - http://game3.pogo.co...owbiz-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.co...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.co...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.co...eeper-en_US.cab
O16 - DPF: Swashbucks by pogo - http://game3.pogo.co...sgold-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.co...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.co...peaks-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.co...ivial-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game3.pogo.co...abble-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.co...class-en_US.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://www.gamehouse...ureball/abx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - http://a759.g.akamai..._see_larger.gif
O24 - Desktop Component 1: (no name) - http://www.elmsforda...directions.htm#
O24 - Desktop Component 2: (no name) - http://images.thekno...0531_02howh.jpg
O24 - Desktop Component 3: (no name) - http://jamster.com/s...w_Year_2006.gif
O24 - Desktop Component 4: (no name) - https://webmail2.opt...s...4&number=16
O24 - Desktop Component 5: (no name) - http://whobut.wbmaso...s/AddToCart.gif
O24 - Desktop Component 6: (no name) - http://www.elyrics.n.../phone_left.gif
O24 - Desktop Component 7: (no name) - http://www.deere.com...on/clearpix.gif

--
End of file - 13983 bytes

Edited by Chip1035, 23 December 2008 - 09:27 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP