Please help!! HJT log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

segstudio

Thread Starter
Joined
Jan 6, 2005
Messages
18
What is DSO exploit and I have play poker with naked girls poping up!!!
Also i need to put on a antivirus but when i do it sends me infectionns i cant get rid of

Logfile of HijackThis v1.99.0
Scan saved at 11:43:28 AM, on 1/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\unlodctl.exe
C:\WINDOWS\System32\nlsfuncs.exe
C:\WINDOWS\System32\openconf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.segstudio.com/
R3 - URLSearchHook: (no name) - {ECBB80F6-9946-96FD-445D-4F837BDA78E9} - iehelper.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [\\SERVER\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P33 "\\SERVER\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [EXE32EXE] prcmon.exe
O4 - HKLM\..\Run: [Shaitan1678] new32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DCC_send] borlandg.exe
O4 - HKCU\..\Run: [sysconf16] driver32.exe
O4 - HKCU\..\Run: [keybdll] panel_its.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E24272-3429-4165-8DE7-0DA40D475852}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE7E76F-4E44-424C-88DE-FE2871E21811}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E03455-9547-439B-A274-F8F052E78B22}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{76350928-D39D-4B39-832B-25426B74E839}: NameServer = 69.50.188.180,195.225.176.31
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
Run an online antivirus check from at least one and preferably 2 of the following sites

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx



Be sure and put a check in the box by "Auto Clean" before you do the
scan. If it finds anything that it cannot clean have it delete it or
make a note of the exact file name and file location so you can delete it yourself.
 

segstudio

Thread Starter
Joined
Jan 6, 2005
Messages
18
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP130\A0048346.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP129\A0047348.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP128\A0047329.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP128\A0047333.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047263.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047270.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP127\A0047277.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP126\A0047235.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP126\A0047251.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP124\A0047203.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP124\A0047211.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP123\A0046184.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP123\A0046201.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP122\A0046158.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP122\A0046173.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046131.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046140.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP121\A0046147.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP120\A0046100.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP120\A0046119.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP116\A0045919.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP116\A0045932.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP115\A0045827.DLL is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP115\A0045834.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP114\A0045802.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP114\A0045811.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP113\A0045758.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP113\A0045775.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP111\A0044653.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP111\A0044756.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP97\A0044145.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP97\A0044188.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP96\A0044030.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP96\A0044084.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043945.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043961.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043973.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043980.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043987.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0043994.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP95\A0044013.dll is infected with Trojan Horse
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041671.exe is infected with Download.Trojan
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041672.exe is infected with Download.Trojan
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP89\A0041674.exe is infected with PWSteal.Irftp
C:\System Volume Information\_restore{8629C659-AADB-4E55-8860-E233A5F79CFF}\RP41\A0024795.exe is infected with PWSteal.Irftp
C:\Documents and Settings\Administrator.SEG-LAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-7190eb7a-111f3e40.zip is infected with Trojan.ByteVerify





Solution: Install Antivirus Software
Norton AntiVirus™: The world's most trusted antivirus software.
More Info
See a Demo



or get even more protection with:
Norton Internet Security™: Gives you COMPLETE protection against viruses, hackers and privacy threats.
More Info
See a Demo



Compare Products
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
On a XP machine

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

When you are sure you are clean turn it back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.


Than this

Go to Settings > Control Panel and open the Java
Plug-in Applet and click on the "Cache" tab then
click the "Clear" tab. This will clear the Cache
and the infected files should be deleted. Run another
virus scan to be sure.

Thank post a new hijackthis log
 
Joined
Sep 7, 2004
Messages
49,014
Turn off restore points, boot and turn them on

Directions here - http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize


Get a full time AV that's free

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

Do all of the above and then booot and post a new log
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top