Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ahhh help me im dying in trojans [CLOSED]


  • This topic is locked This topic is locked

#1
Sirdm7

Sirdm7

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:43:43, on 26/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\moss\Desktop\HijackThis.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thepiratebay.org/
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\System32\hpB843.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Kajl] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Chho] C:\Program Files\oaru\nnso.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: ComproRemoteDTV.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba2218.exe
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: MSN Toolbar - {6793357A-A211-D24B-4F77-F988BA743E2A} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\wingojrlh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by ~Kat~, 26 September 2005 - 01:14 AM.

  • 0

Advertisements


#2
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
First, I want you to run a few scans. Then post back with a fresh log.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Please run an on-line malware scan at Ewido On-Line Scan. (Please post the results of the scan(s) in your next reply)

ScHwErV :tazz:
  • 0

#3
Sirdm7

Sirdm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, September 27, 2005 20:34:26
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/09/2005
Kaspersky Anti-Virus database records: 142205
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\moss\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 9358
Number of viruses found: 20
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 482 sec

Infected Object Name - Virus Name
C:\WINDOWS\icc.dll Infected: Trojan.Win32.Dialer.kb
C:\WINDOWS\iccontrol.exe Infected: Trojan.Win32.Dialer.kb
C:\WINDOWS\system\svchost.dll Infected: Trojan-Proxy.Win32.Small.bw
C:\WINDOWS\system\svchost.exe Infected: Trojan-Dropper.Win32.Small.vp
C:\WINDOWS\system\svchosthook.dll Infected: Trojan-Proxy.Win32.Small.bw
C:\WINDOWS\system32\418928562.exe Infected: Trojan-Clicker.Win32.Small.hp
C:\WINDOWS\system32\418959937.exe Infected: Trojan-Clicker.Win32.Small.hp
C:\WINDOWS\system32\efsdfgxg.exe Infected: Trojan-Clicker.Win32.Small.hx
C:\WINDOWS\system32\intell32.exe Infected: Trojan.Win32.Small.ev
C:\WINDOWS\system32\latest.exe Infected: Trojan.Win32.Crypt.l
C:\WINDOWS\system32\ldA49C.tmp Infected: Trojan-Downloader.Win32.Agent.uz
C:\WINDOWS\system32\ldB7A7.tmp Infected: Trojan-Downloader.Win32.Agent.uz
C:\WINDOWS\system32\mscornet.exe Infected: Trojan-Downloader.Win32.Zlob.am
C:\WINDOWS\system32\mssearchnet.exe Infected: Trojan-Downloader.Win32.Zlob.ap
C:\WINDOWS\system32\msvol.tlb Infected: HackTool.Win32.Hidd.n
C:\WINDOWS\system32\nvctrl.exe Infected: Trojan.Win32.StartPage.adk
C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev
C:\WINDOWS\system32\sysvcs.exe Infected: Trojan.Win32.Crypt.l
C:\WINDOWS\system32\vxgame1.exe Infected: Trojan-Dropper.Win32.Agent.ta
C:\WINDOWS\system32\vxgame2.exe Infected: Trojan.Win32.Crypt.l
C:\WINDOWS\system32\vxgame4.exe Infected: Trojan-Downloader.Win32.Small.bon
C:\WINDOWS\system32\vxgamet1.exe Infected: Trojan.Win32.LowZones.y
C:\WINDOWS\system32\vxgamet3.exe Infected: Trojan-Clicker.Win32.Small.hx
C:\WINDOWS\system32\vxh8jkdq1.exe Infected: Trojan-Downloader.Win32.Small.bho
C:\WINDOWS\system32\vxh8jkdq2.exe Infected: Trojan-Clicker.Win32.Spywad.h
C:\WINDOWS\system32\vxh8jkdq5.exe Infected: Trojan-Downloader.Win32.Agent.tx
C:\WINDOWS\system32\vxh8jkdq6.exe Infected: Trojan-Downloader.Win32.Small.bon
C:\WINDOWS\system32\vxh8jkdq7.exe Infected: Trojan-Downloader.Win32.Small.bon
C:\WINDOWS\system32\vxh8jkdq8.exe Infected: Trojan-Downloader.Win32.Small.bho
C:\WINDOWS\system32\web.exe Infected: Trojan-Downloader.Win32.Small.bnv
C:\WINDOWS\system32\wininet.dll Infected: Virus.Win32.Nsag.b

Scan process completed.

theirs the 1st one
  • 0

#4
Sirdm7

Sirdm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
and the hjt log



Logfile of HijackThis v1.99.1
Scan saved at 20:48:30, on 27/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dwwin.exe
C:\Documents and Settings\moss\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thepiratebay.org/
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\System32\hp99FD.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Kajl] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Chho] C:\Program Files\oaru\nnso.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: ComproRemoteDTV.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: MSN Toolbar - {6793357A-A211-D24B-4F77-F988BA743E2A} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\wingojrlh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#5
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.webonce.com/
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\System32\hp99FD.tmp
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Kajl] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Chho] C:\Program Files\oaru\nnso.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

PSGuard
SpySheriff
oaru

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\PSGuard\
C:\Program Files\SpySheriff\
C:\Program Files\oaru\

Please delete these files using Windows Explorer(if present):

C:\DOCUME~1\moss\LOCALS~1\Temp\1B9.scr" /
C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\iccontrol.exe
C:\WINDOWS\System32\efsdfgxg.exe
C:\winstall.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\WINDOWS\System32\m?dtc.exe <== Only the file with the ? - none other.
C:\WINDOWS\System32\sysvcs.exe

After that, Reboot.

There may be a specific infection in this log that well have to go back after, but this should help with computer performance.

Once you do all that, repost a new HJT log and Ill be back.

ScHwErV :tazz:
  • 0

#6
Sirdm7

Sirdm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi i cant post the hjt log right now, but its really helped thanks. I reoobted and i was still getting really bad pop ups so i went back and deleted the file mssearchnet.exe and its pretty much perfect just few little bit. Thanks Again

Dylan
  • 0

#7
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
I see that file in your running processes, but there was no startup entry for it in the rest of the HJT log. Odd.

Anyways, just reply here when you get your new log and well see if we cant get you cleaned up.

ScHwErV :tazz:
  • 0

#8
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP