My computer was infected with malware a few days ago.
I have run Adaware, Spybot, Spyware Doctor, Cleanup40, CWShredder and trojan hunter. I have removed/fixed each line item that shows up.
I then sought to load Hijack This and get a log file. Because I am unable to get onto the internet without my machine becoming unusable (Processor Pegged 100%) , I am unable to load SP1a or any other applications.
I downloaded HijackThis on another computer and transferred it with a USB thumbdrive. When I open the thumbdrive contents, the HijackThis binary disappears.
I tried 6 or 7 times, I renamed the file and I also zipped it up. Regardless, as soon as I open the folder containing the HijackThis binary, it vanishes.
I started the PC in safemode and was able to run the application. The contents of the logfile are below.
I will appreciate any guidance on this topic.
Logfile of HijackThis v1.99.1
Scan saved at 9:59:04 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\rundll32.exe
C:\ashley\hijack\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intraweb.bcbsnc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINXP\System32\rnsnxwrv.dll
O2 - BHO: (no name) - {7ED11B12-A6F5-B554-D71D-D21855F090BD} - C:\WINXP\System32\lwakteiq.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hclean32.exe] C:\WINXP\System32\hclean32.exe
O4 - HKLM\..\Run: [ttupt] C:\WINXP\ttupt.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINXP\System32\lanbrup.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [dmgao.exe] C:\WINXP\System32\dmgao.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\Compaq\Compaq 11 Mbps Wireless PC Card\Config.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: RaConfig2500.lnk = C:\WINXP\system32\RaConfig2500.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://intraweb.bcbsnc.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcbsnc.com
O17 - HKLM\Software\..\Telephony: DomainName = bcbsnc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0A072E-9DD4-4789-B9BA-03B35F49A6D3}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{759E8A6B-6575-417D-87B0-A9AC3996219B}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6038660-064D-4CF4-BBF1-B17896B756C0}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{D804FB5F-1BDC-4FF8-9916-7C10504D3BA6}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcbsnc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcbsnc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bcbsnc.com
O20 - Winlogon Notify: MCD - C:\WINXP\system32\tJpisrv.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CWShredder Service - InterMute, Inc. - E:\CWShredder.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NetIQ Endpoint (NetIQEndpoint) - NetIQ Corporation - C:\PROGRA~1\NetIQ\Endpoint\endpoint.exe
O23 - Service: OracleOHOME1ClientCache - Unknown owner - c:\oracle\ora90\BIN\ONRSD.EXE
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe
O23 - Service: Software Distribution Updater (SwdisRestart) - Unknown owner - C:\Program Files\Tivoli\lcf\..\swdis\WebUI\swdres.exe
O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINXP\RCSERV.EXE
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe