Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Bittorrent And Rogue Spyguard. Anything Else Here?


  • This topic is locked This topic is locked
2 replies to this topic

#1 dziner2000

dziner2000

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 01 November 2007 - 01:01 PM

Got killed with malware, spyware and viruses when my son turned off the Internet Security and went on P2P.Ran all the usuals : Spybot S&D, Spywareblaster, Trend virus scan and sysclean, AdAware (but it won't finish full scan, only smart scan.) Ran SmitfraudFix v2.243 and I think it got rid of the "SpyGuardPro". I had HijackThis remove the BitTorrent and DNA from the registry. Everything SEEMS good now -- scans are all clear. But did I really get EVERYTHING? Could someone check my Log below? Also, what are all the RUN ONCE entries? Are they causing the blank C:prompt windows at startup?

THANK YOU!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:14 AM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\WINSHOW.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\WINSHOW.exe"
O4 - HKLM\..\Run: [9c5c3bdc] rundll32.exe "C:\WINDOWS\system32\vnhkufho.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\RunOnce: [SpybotDeletingA7580] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9459] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2303] command /c del "C:\WINDOWS\system32\ldcore.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4910] cmd /c del "C:\WINDOWS\system32\ldcore.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7014] command /c del "C:\WINDOWS\system32\ldcore.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7204] cmd /c del "C:\WINDOWS\system32\ldcore.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8124] command /c del "C:\WINDOWS\system32\wpwqcsqh.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9470] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5933] command /c del "C:\WINDOWS\system32\wpwqcsqh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5383] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3020] command /c del "C:\WINDOWS\system32\wpwqcsqh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8528] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD9196] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB889] command /c del "C:\WINDOWS\system32\ldcore.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8739] cmd /c del "C:\WINDOWS\system32\ldcore.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2624] command /c del "C:\WINDOWS\system32\ldcore.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9475] cmd /c del "C:\WINDOWS\system32\ldcore.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2411] command /c del "C:\WINDOWS\system32\wpwqcsqh.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD671] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2878] command /c del "C:\WINDOWS\system32\wpwqcsqh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD485] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3893] command /c del "C:\WINDOWS\system32\wpwqcsqh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4929] cmd /c del "C:\WINDOWS\system32\wpwqcsqh.dll"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9113 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:11 AM

Posted 21 November 2007 - 01:05 PM

I apologize for the very long delay. We have been very busy and it has been taking us greater time than normal to get the logs caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. DO not attach them.

Thank you for your patience.

#3 dziner2000

dziner2000
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 21 November 2007 - 01:33 PM

I think I worked it all out. Thanks anyway Grinler.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users