1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Excellent Fix!

Discussion in 'General Security' started by AlienJP, Sep 15, 2007.

Thread Status:
Not open for further replies.
  1. AlienJP

    AlienJP Thread Starter

    Joined:
    Sep 15, 2007
    Messages:
    1
    I tried ZoneAlarm blocking, spybot, McAfee...nothing worked. This has worked so far! :)

    And as requested......here are the files....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:37:09 PM, on 9/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-limited.harris.com/llclient/IVE/winxp/,DanaInfo=confidence.harris.com,CT=java+AXXPEE.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE779CEE-CAEB-48DC-8FDD-816BA58ED347}: NameServer = 24.92.226.9,24.92.226.102
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5745 bytes


    SDFix: Version 1.104

    Run by Jarrod on Sat 09/15/2007 at 01:17 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\Jarrod\Desktop\SDFix\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage
    Restoring Default Desktop Components Value

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Jarrod\Favorites\Error Cleaner.url - Deleted
    C:\Documents and Settings\Jarrod\Favorites\Privacy Protector.url - Deleted
    C:\Documents and Settings\Jarrod\Favorites\Spyware&Malware Protection.url - Deleted
    C:\Program Files\VideoAccessCodec\install.ico - Deleted
    C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
    C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\main_uninstaller.exe - Deleted
    C:\WINDOWS\msmdev.dll - Deleted
    C:\WINDOWS\msmhost.dll - Deleted
    C:\WINDOWS\nsduo.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted


    Folder C:\Program Files\VideoAccessCodec - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
    "C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
    "C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:java"
    "C:\\Program Files\\XBConnect4\\XBC4.exe"="C:\\Program Files\\XBConnect4\\XBC4.exe:*:Enabled:XBConnect"
    "C:\\WINDOWS\\system32\\Winamps.exe"="C:\\WINDOWS\\system32\\Winamps.exe:*:Enabled:Winamps"
    "C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"="C:\\Program Files\\WS_FTP Pro\\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
    "C:\\mspgcc\\bin\\msp430-gdbproxy.exe"="C:\\mspgcc\\bin\\msp430-gdbproxy.exe:*:Enabled:msp430-gdbproxy"
    "C:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"="C:\\cygwin\\usr\\X11R6\\bin\\XWin.exe:*:Enabled:XWin"
    "C:\\Program Files\\neXBC\\neXBC.exe"="C:\\Program Files\\neXBC\\neXBC.exe:*:Enabled:XBConnect"
    "C:\\Program Files\\Support Desk\\VNC4\\winvnc4.exe"="C:\\Program Files\\Support Desk\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
    "C:\\Program Files\\XBC\\neXBC.exe"="C:\\Program Files\\XBC\\neXBC.exe:*:Enabled:XBConnect"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "C:\\Program Files\\Java\\j2re1.4.1_07\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.1_07\\bin\\javaw.exe:*:Enabled:javaw"
    "C:\\Program Files\\Symantec\\Ghost\\GhostSrv.exe"="C:\\Program Files\\Symantec\\Ghost\\GhostSrv.exe:*:Enabled:Symantec GhostCast Server for Windows"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe:*:Enabled:Menu"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\MATLAB7\\bin\\win32\\MATLAB.exe"="C:\\MATLAB7\\bin\\win32\\MATLAB.exe:*:Enabled:MATLAB"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Jarrod\Desktop\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Jarrod\My Documents\Documents\Academics\Sandisk Backup 1\PocketCache Trial Version\BackupRestoreBus.dll
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Program Files\MTBWIN\Mtb12.exe
    C:\Documents and Settings\Jarrod\Application Data\Microsoft\Templates\~WRL2119.tmp
    C:\Documents and Settings\Jarrod\Application Data\Microsoft\Word\~WRL0002.tmp
    C:\Documents and Settings\Jarrod\Application Data\Microsoft\Word\~WRL0003.tmp
    C:\Documents and Settings\Jarrod\Application Data\Microsoft\Word\~WRL0620.tmp
    C:\Documents and Settings\Jarrod\Desktop\~WRL0840.tmp
    C:\Documents and Settings\Jarrod\Desktop\~WRL1276.tmp
    C:\Documents and Settings\Jarrod\Desktop\~WRL3172.tmp
    C:\Documents and Settings\Jarrod\Desktop\~WRL3210.tmp

    Finished!
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/624370

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice