1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack reports for a recurring menace

Discussion in 'Virus & Other Malware Removal' started by sammich, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. sammich

    sammich Thread Starter

    Joined:
    Oct 8, 2005
    Messages:
    27
    hi ppl i have an issue with 2 trojans that have infected my pc and arent being deleted by my antivirus....heres the hijack this report...PLZ HELP :(



    Logfile of HijackThis v1.99.1
    Scan saved at 2:31:47 AM, on 7/17/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\System32\VTTimer.exe
    E:\WINDOWS\System32\VTtrayp.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    E:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    E:\PROGRA~1\Yahoo!\YOP\yop.exe
    E:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    E:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\PROGRA~1\Yahoo!\browser\ycommon.exe
    E:\Program Files\Yahoo!\Antivirus\ISafe.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    E:\Documents and Settings\mohsen\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rogers.yahoo.com/
    R3 - URLSearchHook: (no name) - {8AB3F32C-A44C-A0D9-287F-83535747D25D} - Uint32.dll (file missing)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] "E:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
    O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Brong32] trycrt.exe
    O4 - HKLM\..\Run: [hyandex] Testimonials.exe
    O4 - HKLM\..\Run: [CaISSDT] "E:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "E:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [jzzcd.exe] E:\WINDOWS\System32\jzzcd.exe
    O4 - HKCU\..\Run: [RHSI SHS] "E:\Program Files\Rogers\SelfHealing\SHS.exe" /background
    O4 - HKCU\..\Run: [Update Manager] "E:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SHS] "E:\Program Files\Rogers\SelfHealing\SHS.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [KillAndClean] "E:\Program Files\KillAndClean\KillAndClean.exe"
    O4 - HKCU\..\Run: [panel_its] DCC_send.exe
    O4 - HKCU\..\Run: [BoundRec] init32.exe
    O4 - HKCU\..\Run: [hyandex] teqq32.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\common\yinsthelper20041107.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29739c1fc8c88817a604/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148589266279
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148620050936
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00AC9391-DE8A-491A-A51D-BFD5A626B8EC}: NameServer = 85.255.116.86,85.255.112.157
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C16E47A-34AC-474B-A946-E8AAACE70DBD}: NameServer = 85.255.116.86,85.255.112.157
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00AC9391-DE8A-491A-A51D-BFD5A626B8EC}: NameServer = 85.255.116.86,85.255.112.157
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00AC9391-DE8A-491A-A51D-BFD5A626B8EC}: NameServer = 85.255.116.86,85.255.112.157
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: 1_32bean32_1reg - E:\Documents and Settings\All Users\Documents\Settings\1_32bean32_1.dll
    O20 - Winlogon Notify: psksds - E:\WINDOWS\SYSTEM32\psksds.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPCSER~1.EXE
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, sammich :)

    Welcome to TSG.

    We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh HijackThis log.
     
  3. sammich

    sammich Thread Starter

    Joined:
    Oct 8, 2005
    Messages:
    27
    i cant download ne of the service packs...cuz its not genuine...this is my dads computer...so..is htere ne way around it?
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, sammich :)

    While we understand your interest of having this computer fixed, your copy of Windows is not legitimate. We are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitmate copies of Windows.

    Thank you for understanding.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice