Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OHPE ver 4.12_23 [CLOSED]

Started by Sneakers356 , Sep 14 2005 08:46 PM

  • This topic is locked This topic is locked

#1
Sneakers356
Posted 14 September 2005 - 08:46 PM

Sneakers356

    Member

  • Member
  • PipPip
  • 10 posts
Apparently I downloaded or ventured into forbidden territory and the end result was this; system alert OHPE ver 4.12_23. I ran the reccomended spyware removal tools, rebooted and saved the log from Hijack this. Also when I ran House call it showed only one infected file Java ByteVer.A. I will try to attach the Hijack log and in hoping that someone could steer me down the correct path to getting rid of the pop ups and other problems. Thanks, Ken StartupList report, 9/14/2005, 10:22:06 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Ken\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\HEWLET~1\HPINST~1\hpidlog.exe
C:\PROGRA~1\HEWLET~1\HPINST~1\hpiddb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\Documents and Settings\Ken\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Ken\Start Menu\Programs\Startup]
TDK Launcher.lnk = C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Ptipbmf = rundll32.exe ptipbmf.dll,SetWriteCacheMode
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
NeroCheck = C:\WINDOWS\system32\\NeroCheck.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
HPID Scheduler = C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Smapp = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
Norton Ghost 9.0 = C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
RoxioDragToDisc = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
SM1BG = C:\WINDOWS\SM1BG.EXE
Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
TrojanScanner = C:\Program Files\Trojan Remover\Trjscan.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

(Default) =
ATI Launchpad =
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
HomeAlarm = C:\Program Files\Chameleon Clock\ChamClock.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\system32\hp9598.tmp - {893fad3a-931e-4e53-b515-b1426d63799b}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1 Copernic Intra-Daily ~KEN-FA16B650D68 Ken.job
2 Copernic Daily ~KEN-FA16B650D68 Ken.job
3 Copernic Weekly ~KEN-FA16B650D68 Ken.job
4 Copernic Monthly ~KEN-FA16B650D68 Ken.job
RoxioUpdator.job

--------------------------------------------------

Enumerating Download Program Files:

[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
CODEBASE = http://static.windup...bridge-c420.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[VerifyGMN Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
CODEBASE = http://h20270.www2.h...staller_gmn.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[IWinAmpActiveX Class]
InProcServer32 = C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\2.4\AmpX.dll
CODEBASE = http://pdl.stream.ao.../ampx_en_dl.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Ken\LOCALS~1\Temp\irsetup.exe||C:\DOCUME~1\Ken\LOCALS~1\Temp\irsetup.exe||C:\DOCUME~1\Ken\LOCALS~1\Temp\drmtemp1.htm||C:\DOCUME~1\Ken\LOCALS~1\Temp\drmtemp2.htm||C:\DOCUME~1\Ken\LOCALS~1\Temp\drmtemp3.htm||C:\DOCUME~1\Ken\LOCALS~1\Temp\drmtemp4.htm


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

wininet.dll = mscornet.exe
kernel32.dll = C:\WINDOWS\system32\mssearchnet.exe
nvctrl.exe = nvctrl.exe

--------------------------------------------------

End of report, 8,330 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements

#2
ukbiker
Posted 18 September 2005 - 05:04 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there :tazz:

can you please post the HJT log itself for me please.

UKBiker
  • 0

#3
ukbiker
Posted 28 September 2005 - 01:32 AM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP