1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Hi Guys, Please check HJT

Discussion in 'Virus & Other Malware Removal' started by SacsTC, Jan 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. SacsTC

    SacsTC Thread Starter

    Joined:
    Dec 30, 2003
    Messages:
    1,647
    gfile of HijackThis v1.99.1
    Scan saved at 9:58:08 AM, on 1/20/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.reyrey.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.reyrey.com/Forms/login.fcc?TYPE=33554433&REALMOID=06-000c4799-6c3e-1223-9b9b-832cb7c00000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$3JNNkUYBk37HlZ7zNvaapvsmILXzEmBCSfdF37kqUtmzH8pudNT8qg==&TARGET=$SM$http://www.my.reyrey.com/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.reyrey.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.reyrey.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.reyrey.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - Global Startup: EPC_Connect.bat
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {73A8D51E-578B-4E4E-8FF8-112E51DBFBE3} (ADPConn Class) - http://caf.oeconnection.com/ActiveX/DMSISM.CAB
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
     
  2. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Looks OK ... are you having a problem or is this just a "check up"?
     
  3. SacsTC

    SacsTC Thread Starter

    Joined:
    Dec 30, 2003
    Messages:
    1,647
    Its a check up after spending 6 hours removing 23 trojans and numerous spyware problems.
     
  4. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,565
  5. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    :eek:

    Looks like you were successful ... I presume Ewido did most of the heavy lifting.

    Those R0/R1 Reynolds & Reynolds items looked fine to me ... the obfuscated one is your log-in.
     
  6. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1

    Is there some reason you haven't updated to SP2? Are you current on the rest of your Windows updates?
     
  7. SacsTC

    SacsTC Thread Starter

    Joined:
    Dec 30, 2003
    Messages:
    1,647
    This machine belongs to an auto dealership. The main software provider does not support SP2. I am going to try to get the dealer to allow me to install it. Ewido and AVG did most of it.
     
  8. SacsTC

    SacsTC Thread Starter

    Joined:
    Dec 30, 2003
    Messages:
    1,647
    Thanks for taking a look.
     
  9. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    You are most welcome.

    An updated SP2 would help a great deal in preventing future problems. There are some other great add-ons (like SpywareBlaster and SpywareGuard mentioned above), but you may have problems getting permission to install them. It's curious to me that a software provider won't support SP2, a legitimate Microsoft product.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435699

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice