virus :( (hijack this log included)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PotatoFro

Thread Starter
Joined
Dec 12, 2003
Messages
22
i'm on a network at my school and they recently cut off my internet access (to my other computer) because they said i have a virus. I ran a virus scan with Mcafee, but i havn't been able to get through it to the end before the computer shuts its self off. I'm gona try running a few more scans with norton and search and destroy etc... but i was wondering if someone could check this log to see if theres soemthing obvious. Thanks :)

Jacob


Logfile of HijackThis v1.97.7
Scan saved at 2:24:47 PM, on 4/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Kazaa Upgrade Suite3.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\sarah\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - c:\windows\iexplorr22.dll
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - c:\windows\iexplorr23.dll
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - c:\windows\iexplorr24.dll
O2 - BHO: (no name) - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} - c:\windows\iexplorr11.dll
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\Comet\Bin\csbho.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\Comet\Bin\csietb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Register Kazaa Upgrade Suite3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.9296875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1DA7926-1D4A-410E-BBEE-1C952C55DE56}: NameServer = 198.81.19.134
 
Joined
Feb 15, 2004
Messages
826
  1. Download Ad-Aware 6.181 from http://www.lavasoftusa.com/
  2. Install the program, open it check to make sure you have the latest reference file by clicking on webupdate. Make sure that your reference file reads 01R280 07.04.2004 (or higher number/date). If it does not, then click here and install the file manually.
  3. Make sure the following settings are turned to ON
    -From the main window click on Start then Activate in-depth scan.
    -Click on Use custom scanning options>Customize and make sure the following options are turned on:
    Scan within archives
    Scan active processes
    Scan registry
    Scan my IE Favorites for banned URL
    Scan my host-files
  4. Click on Settings and make sure the following are enabled:
    Unload recognized processes during scanning
  5. Click on Cleaning engine and make sure that Let windows remove files in use at next reboot is on.
  6. Finally Click Proceed to save your settings.
  7. Click on Scan Now from the main window and select Use Custom Scanning options and click scan.
  8. When scan completes, remove all items, then run another scan but this time select the Perform Smart-System Scan option and then also remove all items it finds.

then
  1. Download Spyboy S&D from this page
  2. Open and install the program then click here and follow the instructions for updating the program. Download all available updates.
  3. Run a scan by clicking on Spybot S&D and then clicking Search & Destroy and then Check for problems
  4. When scan completes, remove all items in red by making sure that they are checked and then click Fix selected problems

Run a virus-scan with HouseCall from http://housecall.trendmicro.com/housecall/start_corp.asp.

Then post a new hijackthis log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top