1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help with w/ HJT log...comp dead

Discussion in 'Virus & Other Malware Removal' started by rowechicky, Feb 14, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. rowechicky

    rowechicky Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    50
    Logfile of HijackThis v1.98.2
    Scan saved at 8:50:08 PM, on 2/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QUICKENW\QAGENT.EXE
    C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\mrtMngr.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\CAROL McCORKLE.VAIO\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.my.yahoo.com
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ATTRedUpate] C:\Program Files\Common Files\Insight\MigCfg\Programs\AutoUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
     
  2. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
  3. rowechicky

    rowechicky Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    50
    BUMP...this tells me nothing. Can someone please just tell me if you see anything bad or not. I don't trust myself to fix these things on my own and I am still not sure what I am reading. I am NO expert, but I can follow directions well, lol!

    TIA

    Lisa
     
  4. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
    Ok sorry about the prev. post. Try removing these entries for a start.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.my.yahoo.com
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
     
  5. rowechicky

    rowechicky Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    50
    jland,

    thanks...I meant no offense BTW, I just don't want to screw up this thing more than it already is...the insightbb is the ISP via their cable TV. So, I should probably keep that? I had found the MYBar, and yahoo and figured it needed axed.
    They had newdotcom on it a few months ago and we were told here by someone to check in HJT and well as you can guess...no internet access after that. I ran the LSPfix and was able to regain Internet access...however..there is now a HUGE amount of hang time from the time you click the IE icon until it actually comes up...like close to 10 minutes. Sometimes it never does come up. Once I can get on the net...then no problems. It just takes FOREVER TO GET ON!!! I don't understand that either...isn't broadband just like DSL in that it's always "live"?
    I am just trying to find out why the long delays and the lock ups and crashes. It may be beyond repair actually. They have a 16 yr old that went music download happy and that's where all this stuff came from in the first place.
    I should keep the insightbb, correct?
    TIA
    Lisa
     
  6. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
    ok, Have have you tried running AVG http://free.grisoft.com/freeweb.php/doc/2/ But listen to me after the install, when the computer asks to reboot say NO. Then get the updates its gonna ask for. Just what ever you do don't restart the computer from the time you install AVG to the time the SCAN is finished!!!!!! let me know what it finds.
     
  7. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
    Yeah keep the insightbb. It just sounds like(from what you are telling me) there has been a server setup on that computer, that explains why it takes so long to get on the web or not get on at all . HiJackThis is not the fix all. Try AVG(its free and the best) as listed in the steps above. I'm pretty sure that a T-Horse has been installed on that computer. After running AVG, then try running AD-Ware http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
    These are the three steps to cleaning a system up 1. HiJackThis 2. Ad-Ware 3. AVG
    Hope this helped a little bit. jland
     
  8. rowechicky

    rowechicky Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    50
    thanks...I'll be doing these steps today...I'll get back later and post results...thanks again!!!

    Lisa
     
  9. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
    You are more than welcome, just remember when AVG ask you to reboot after the install say no. Then get the updated virus definitions And then run the scan. Just make sure during the process that you don't reboot the computer. I look forward to hearing what you find. jland
     
  10. rowechicky

    rowechicky Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    50
    jland,

    ran AVG and it found Backdoor.Agent Trojan and Downloader.Dyfica Trojan. It fixed them automatically, then closed. So, I just left it as is. I already installed Ad-Aware previously. It did not detect these...funny thing is, I also ran McAfee the night before and it did not find the trojans either. So just to let you know how it came out. I am not sure if they will still experince that horrible hang time trying to get onto the net or not.
    Thanks for all your help! ;)
    Lisa
     
  11. jland

    jland

    Joined:
    Dec 22, 2004
    Messages:
    12
    Funny thing about trojans and downloaders that they will destroy any spyware or antivirus protection that you have installed on a computer, when the trojan is downloaded. You just about have to reinstall ad-ware and the virus protection again to get to it work properly. Once AVG removed the trojan and downloader, you probally could reinstall adware and it would find alot more.. Jland
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330639

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice