1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: trojans...

Discussion in 'Virus & Other Malware Removal' started by steve_rogers, Aug 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. steve_rogers

    steve_rogers Thread Starter

    Joined:
    Sep 20, 2005
    Messages:
    15
    I read another thread and did what you told them to do...just want to see if everything is gone....

    UPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/20/2007 at 05:57 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3289
    Trace Rules Database Version: 1300

    Scan type : Complete Scan
    Total Scan Time : 00:48:02

    Memory items scanned : 312
    Memory threats detected : 2
    Registry items scanned : 4817
    Registry threats detected : 28
    File items scanned : 66770
    File threats detected : 94

    Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\SSQPN.DLL
    C:\WINDOWS\SYSTEM32\SSQPN.DLL
    HKLM\Software\Classes\CLSID\{E8C6BDD8-D177-4814-8795-A4D10637FD68}
    HKCR\CLSID\{E8C6BDD8-D177-4814-8795-A4D10637FD68}
    HKCR\CLSID\{E8C6BDD8-D177-4814-8795-A4D10637FD68}\InprocServer32
    HKCR\CLSID\{E8C6BDD8-D177-4814-8795-A4D10637FD68}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8C6BDD8-D177-4814-8795-A4D10637FD68}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssqpn

    Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\JKKJKHI.DLL
    C:\WINDOWS\SYSTEM32\JKKJKHI.DLL

    Adware.ClickSpring
    [Uaol] C:\WINDOWS\SYSTEM32\MCROSO~1\WOWEXEC.EXE
    C:\WINDOWS\SYSTEM32\MCROSO~1\WOWEXEC.EXE
    HKLM\Software\Classes\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}
    HKCR\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}
    HKCR\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}\InprocServer32
    HKCR\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}\Programmable
    HKCR\CLSID\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}\TypeLib
    C:\WINDOWS\SYSTEM32\OHSFCYTY.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9903246D-C9AB-B37A-89A9-92ABAF7407E2}
    C:\DOCUMENTS AND SETTINGS\STEVE ROGERS\LOCAL SETTINGS\TEMP\!UPDATE.EXE
    C:\DOCUMENTS AND SETTINGS\STEVE ROGERS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UJ2R2DEJ\!UPDATE-4395[1].0000
    C:\WINDOWS\MBOLS~1\LGONUI~1.EXE
    C:\WINDOWS\Prefetch\WOWEXEC.EXE-34A602DC.pf

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}
    HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}
    HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}\InprocServer32
    HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\MXWJGPVL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}
    HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
    HKCR\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
    HKCR\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}\InprocServer32
    HKCR\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
    HKCR\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}

    Trojan.Downloader-Gen/HitItQuitIt
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkjkhi
    C:\WINDOWS\SYSTEM32\AWTUTSQ.DLL
    C:\WINDOWS\SYSTEM32\CBXXWWU.DLL
    C:\WINDOWS\SYSTEM32\OPNLLMM.DLL
    C:\WINDOWS\SYSTEM32\WVUURPQ.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][3].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected]=0_[3].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected]=0_[2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][2].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt
    C:\Documents and Settings\Steve Rogers\Cookies\steve [email protected][1].txt

    Trojan.ZenoSearch
    C:\WINDOWS\system32\msnav32.ax

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\DOCUMENTS AND SETTINGS\STEVE ROGERS\LOCAL SETTINGS\TEMP\NI.UWAS6_0001_N91M1508\SETUP.EXE

    Adware.ZenoSearch-NVON
    C:\DOCUMENTS AND SETTINGS\STEVE ROGERS\LOCAL SETTINGS\TEMP\THINKSNET.EXE
    C:\WINDOWS\SYSTEM32\DWDSRNGT.EXE

    Adware.ClickSpring/Yazzle
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE
    C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-27312430.PF

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0048205.EXE

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

    Adware.Unknown Origin
    C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

    Trace.Known Threat Sources
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\VTGK8VR7\CACPAPTI.gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\B4LX3OSK\client_settings_3[1].bin
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\2XTBQTBR\arrow[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\X0NY3Z1J\campaigns8[1].encrypted
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\6HGT0NYP\top1_menu[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\K9U7W5MN\top1[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\AS19VNZZ\index[1].htm
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\SHU7SL2J\ico1[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\SHU7SL2J\wav_banner[1].swf
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\YK1TZZ73\test[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\NH8KWZVR\checksoft[1].js
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\4TI78PYJ\ico2[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\VTGK8VR7\top_pic2[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\2XTBQTBR\banner3[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\KTEF09EB\button2[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\X0NY3Z1J\CATOCJ99.js
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\K9U7W5MN\styles[1].css
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\NH8KWZVR\logo[1].gif
    C:\Documents and Settings\Steve Rogers\Local Settings\Temporary Internet Files\Content.IE5\WXYNO5EJ\index[1].htm



    Logfile of HijackThis v1.99.1
    Scan saved at 6:34:53 PM, on 8/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: 0 - {5F424A7A-8B63-4DA8-7B94-75FC5ED71BF2} - C:\Program Files\ComPlus Applications\quzate.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  2. Sponsor

  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
    =================
    Fix this with HiJackThis – mark it, close IE, click fix checked

    O2 - BHO: 0 - {5F424A7A-8B63-4DA8-7B94-75FC5ED71BF2} - C:\Program Files\ComPlus Applications\quzate.dll (file missing)
     
  4. steve_rogers

    steve_rogers Thread Starter

    Joined:
    Sep 20, 2005
    Messages:
    15
    Thanks!!!
    I did what you said...how does it look now...?


    Logfile of HijackThis v1.99.1
    Scan saved at 11:01:04 PM, on 8/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    ================
    Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode



    How are things on the PC???????????
     
  6. steve_rogers

    steve_rogers Thread Starter

    Joined:
    Sep 20, 2005
    Messages:
    15
    Thanks...Did everything...how does it look now?


    Logfile of HijackThis v1.99.1
    Scan saved at 4:15:59 PM, on 8/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. steve_rogers

    steve_rogers Thread Starter

    Joined:
    Sep 20, 2005
    Messages:
    15
    Thanks for all your help!!!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/612823

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice