1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help!! HJT log

Discussion in 'Virus & Other Malware Removal' started by segstudio, Jan 26, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. segstudio

    segstudio Thread Starter

    Joined:
    Jan 6, 2005
    Messages:
    18
    What is DSO exploit and I have play poker with naked girls poping up!!!
    Also i need to put on a antivirus but when i do it sends me infectionns i cant get rid of

    Logfile of HijackThis v1.99.0
    Scan saved at 11:43:28 AM, on 1/26/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\unlodctl.exe
    C:\WINDOWS\System32\nlsfuncs.exe
    C:\WINDOWS\System32\openconf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.segstudio.com/
    R3 - URLSearchHook: (no name) - {ECBB80F6-9946-96FD-445D-4F837BDA78E9} - iehelper.dll (file missing)
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [\\SERVER\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P33 "\\SERVER\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    O4 - HKLM\..\Run: [EXE32EXE] prcmon.exe
    O4 - HKLM\..\Run: [Shaitan1678] new32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DCC_send] borlandg.exe
    O4 - HKCU\..\Run: [sysconf16] driver32.exe
    O4 - HKCU\..\Run: [keybdll] panel_its.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77E24272-3429-4165-8DE7-0DA40D475852}: NameServer = 69.50.188.180,195.225.176.31
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE7E76F-4E44-424C-88DE-FE2871E21811}: NameServer = 69.50.188.180,195.225.176.31
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E03455-9547-439B-A274-F8F052E78B22}: NameServer = 69.50.188.180,195.225.176.31
    O17 - HKLM\System\CS1\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
    O17 - HKLM\System\CS2\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Run an online antivirus check from at least one and preferably 2 of the following sites

    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www.anti-trojan.net/en/onlinecheck.aspx



    Be sure and put a check in the box by "Auto Clean" before you do the
    scan. If it finds anything that it cannot clean have it delete it or
    make a note of the exact file name and file location so you can delete it yourself.
     
  3. segstudio

    segstudio Thread Starter

    Joined:
    Jan 6, 2005
    Messages:
    18
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP130\A0048346.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP129\A0047348.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP128\A0047329.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP128\A0047333.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047263.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047270.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047277.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP126\A0047235.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP126\A0047251.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP124\A0047203.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP124\A0047211.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP123\A0046184.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP123\A0046201.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP122\A0046158.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP122\A0046173.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046131.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046140.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046147.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP120\A0046100.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP120\A0046119.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP116\A0045919.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP116\A0045932.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP115\A0045827.DLL is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP115\A0045834.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP114\A0045802.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP114\A0045811.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP113\A0045758.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP113\A0045775.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP111\A0044653.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP111\A0044756.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP97\A0044145.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP97\A0044188.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP96\A0044030.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP96\A0044084.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043945.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043961.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043973.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043980.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043987.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043994.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0044013.dll is infected with Trojan Horse
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041671.exe is infected with Download.Trojan
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041672.exe is infected with Download.Trojan
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041674.exe is infected with PWSteal.Irftp
    C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP41\A0024795.exe is infected with PWSteal.Irftp
    C:\Documents and Settings\Administrator.SEG-LAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-7190eb7a-111f3e40.zip is infected with Trojan.ByteVerify





    Solution: Install Antivirus Software
    Norton AntiVirus¬ô: The world's most trusted antivirus software.
    More Info
    See a Demo



    or get even more protection with:
    Norton Internet Security¬ô: Gives you COMPLETE protection against viruses, hackers and privacy threats.
    More Info
    See a Demo



    Compare Products
     
  4. segstudio

    segstudio Thread Starter

    Joined:
    Jan 6, 2005
    Messages:
    18
    house call found 76 uncleanable problems
     
  5. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    On a XP machine

    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    When you are sure you are clean turn it back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.


    Than this

    Go to Settings > Control Panel and open the Java
    Plug-in Applet and click on the "Cache" tab then
    click the "Clear" tab. This will clear the Cache
    and the infected files should be deleted. Run another
    virus scan to be sure.

    Thank post a new hijackthis log
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Turn off restore points, boot and turn them on

    Directions here - http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE http://www.majorgeeks.com/download506.html
    SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    SpyBot - After an update run immunize


    Get a full time AV that's free

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

    Do all of the above and then booot and post a new log
     
  7. segstudio

    segstudio Thread Starter

    Joined:
    Jan 6, 2005
    Messages:
    18
    panda found and disinfected one
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323683

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice