Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smart Security - Desktop Missing[CLOSED]

Started by lwdkairos , May 24 2005 11:01 AM

  • This topic is locked This topic is locked

#1
lwdkairos
Posted 24 May 2005 - 11:01 AM

lwdkairos

    New Member

  • Member
  • Pip
  • 1 posts
Smart Security took over my laptop to the point that I could no longer use my computer. A friend took a look at my computer and was able to get me back to the desktop. However, all of my icons, except for the recycle bin, are gone, the right-click on my mouse does not work and my wall paper is gone. I've gone into control panel, display, web, but there was no security check mark to remove. I was able to run House Call and download Hijack This. Here is my log:

Logfile of HijackThis v1.99.1

Scan saved at 10:07:34 PM, on 5/23/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\WINDOWS\System32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\mcafee.com\agent\McAgent.exe

C:\Program Files\Survey Alerts Manager\skinkers.exe

C:\WINDOWS\System32\??ool32.exe

C:\Documents and Settings\LWD.YOUR-GICOY58REH.000\Application Data\usai.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Documents and Settings\LWD.YOUR-GICOY58REH.000\Local Settings\Temporary Internet Files\Content.IE5\FS99NWWG\hijackthis[1]\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ezytraffi...embers/surf.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3DA3DC80-423B-12B5-46C2-46710108D2BF} - C:\WINDOWS\System32\uwzwnh.dll

O2 - BHO: (no name) - {3DA3DCF4-423D-67B4-46B5-40717108D2CF} - C:\WINDOWS\System32\uwzwnh.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_12_0.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [ConsumerIdentity] "C:\PROGRA~1\CONSUM~1\ConsumerIdentity.exe" /s

O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe

O4 - HKCU\..\Run: [Ein] C:\WINDOWS\Olg.exe

O4 - HKCU\..\Run: [Khdzfb] C:\WINDOWS\System32\??ool32.exe

O4 - HKCU\..\Run: [Nrf] C:\WINDOWS\Cfp.exe

O4 - HKCU\..\Run: [Reg] C:\WINDOWS\System32\Ghb.exe

O4 - HKCU\..\Run: [Gkj] C:\WINDOWS\Nqa.exe

O4 - HKCU\..\Run: [Oou] C:\WINDOWS\Rqr.exe

O4 - HKCU\..\Run: [Lhr] C:\WINDOWS\System32\Hpp.exe

O4 - HKCU\..\Run: [Eas] C:\WINDOWS\System32\Kll.exe

O4 - HKCU\..\Run: [Mrd] C:\WINDOWS\System32\Fiu.exe

O4 - HKCU\..\Run: [Mad] C:\WINDOWS\System32\Ntv.exe

O4 - HKCU\..\Run: [Tdg] C:\WINDOWS\Mtn.exe

O4 - HKCU\..\Run: [Gee] C:\WINDOWS\Bah.exe

O4 - HKCU\..\Run: [Equ] C:\WINDOWS\Ilp.exe

O4 - HKCU\..\Run: [Ihp] C:\WINDOWS\Mio.exe

O4 - HKCU\..\Run: [Kur] C:\WINDOWS\Nom.exe

O4 - HKCU\..\Run: [Quo] C:\WINDOWS\System32\Bau.exe

O4 - HKCU\..\Run: [Gek] C:\WINDOWS\System32\Jtj.exe

O4 - HKCU\..\Run: [Rcs] C:\WINDOWS\System32\Fpe.exe

O4 - HKCU\..\Run: [Slt] C:\WINDOWS\System32\Gni.exe

O4 - HKCU\..\Run: [Uue] C:\WINDOWS\System32\Rue.exe

O4 - HKCU\..\Run: [Pan] C:\WINDOWS\Som.exe

O4 - HKCU\..\Run: [Lgq] C:\WINDOWS\Ipl.exe

O4 - HKCU\..\Run: [Udc] C:\WINDOWS\Ccj.exe

O4 - HKCU\..\Run: [Dgj] C:\WINDOWS\System32\Hpp.exe

O4 - HKCU\..\Run: [Sno] C:\WINDOWS\Dvp.exe

O4 - HKCU\..\Run: [Phe] C:\WINDOWS\System32\Kec.exe

O4 - HKCU\..\Run: [Srn] C:\WINDOWS\Ijq.exe

O4 - HKCU\..\Run: [Crao] C:\Documents and Settings\LWD.YOUR-GICOY58REH.000\Application Data\usai.exe

O4 - Startup: PowerReg SchedulerV2.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Microsoft AntiSpyware helper - {C9F5CB1D-D58D-4DBF-877F-9F34B3652704} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C9F5CB1D-D58D-4DBF-877F-9F34B3652704} - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.horse-active.net

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.horse-active.net (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 64.62.171.156

O15 - Trusted IP range: 64.62.171.156 (HKLM)

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\abcsp.chm::/on-line.exe

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab

O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab

O16 - DPF: {40C6FCD5-4B1E-4114-B335-9AC19B50A1D0} (Export Class) - https://www.claimsma.../ExportCtrl.ocx

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab

O16 - DPF: {8823D9EC-C1C3-46D2-B3FE-0BB23CE8AE7C} (PrintControl Class) - https://www.claimsma...n/PrintCtrl.ocx

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...yle/install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab

O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbg.ops.pl...quicksilver.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.16/ttinst.cab

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunboun...Crypt/npkcx.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...379/mcfscan.cab

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildt...ll2/install.cab

O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

O21 - SSODL: NTDBGTOOL - {A88D35AA-3921-484D-A53B-1A5DFEAC5B50} - C:\WINDOWS\System32\lfcgwdeb.dll (file missing)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

Advertisements

#2
meeeeeeeeee
Posted 31 May 2005 - 08:12 AM

meeeeeeeeee

    Visiting Staff

  • Member
  • PipPipPip
  • 172 posts
Hello there!

I'm sorry you've had such a long wait. If you still need help please post a fresh HijackThis log to this thread & I'll be right with you.

:tazz:
  • 0

#3
meeeeeeeeee
Posted 08 June 2005 - 07:49 AM

meeeeeeeeee

    Visiting Staff

  • Member
  • PipPipPip
  • 172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP