Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Infected With Something


  • This topic is locked This topic is locked
6 replies to this topic

#1 L Simmons

L Simmons

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 04 March 2008 - 04:00 PM

Using XP on home computer; administrative user accounts say task manager is disabled, all accounts have have no task bar or icons.
I was finally able to complete HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:43 PM, on 3/4/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\~Courtney~\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1127758344\ee\aolsoftware.exe
c:\program files\common files\aol\1127758344\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1127758344\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\TASKMAN.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.experts-exchange.com/OS/Miscell...Q_21400153.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/31/checkin.php?cid=12479...mp;m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=,C:\WINDOWS\system32\rxjddnvj.exe,,SKEYS /I,C:\WINDOWS\System32\ntos.exe,
O1 - Hosts: 194.54.90.226 www.google.com
O1 - Hosts: 194.54.90.226 www.google.ca
O1 - Hosts: 194.54.90.226 www.google.com.ag
O1 - Hosts: 194.54.90.226 www.google.com.ar
O1 - Hosts: 194.54.90.226 www.google.com.au
O1 - Hosts: 194.54.90.226 www.google.at
O1 - Hosts: 194.54.90.226 www.google.az
O1 - Hosts: 194.54.90.226 www.google.be
O1 - Hosts: 194.54.90.226 www.google.com.br
O1 - Hosts: 194.54.90.226 www.google.vg
O1 - Hosts: 194.54.90.226 www.google.bi
O1 - Hosts: 194.54.90.226 www.google.ca
O1 - Hosts: 194.54.90.226 www.google.td
O1 - Hosts: 194.54.90.226 www.google.cl
O1 - Hosts: 194.54.90.226 www.google.com.co
O1 - Hosts: 194.54.90.226 www.google.co.cr
O1 - Hosts: 194.54.90.226 www.google.dk
O1 - Hosts: 194.54.90.226 www.google.com.do
O1 - Hosts: 194.54.90.226 www.google.fm
O1 - Hosts: 194.54.90.226 www.google.fi
O1 - Hosts: 194.54.90.226 www.google.fr
O1 - Hosts: 194.54.90.226 www.google.gm
O1 - Hosts: 194.54.90.226 www.google.ge
O1 - Hosts: 194.54.90.226 www.google.de
O1 - Hosts: 194.54.90.226 www.google.com.gi
O1 - Hosts: 194.54.90.226 www.google.com.gr
O1 - Hosts: 194.54.90.226 www.google.gl
O1 - Hosts: 194.54.90.226 www.google.gg
O1 - Hosts: 194.54.90.226 www.google.co.il
O1 - Hosts: 194.54.90.226 www.google.it
O1 - Hosts: 194.54.90.226 www.google.co.kr
O1 - Hosts: 194.54.90.226 www.google.lu
O1 - Hosts: 194.54.90.226 www.google.mw
O1 - Hosts: 194.54.90.226 www.google.ro
O1 - Hosts: 194.54.90.226 www.google.se
O1 - Hosts: 194.54.90.226 www.google.co.uk
O1 - Hosts: 194.54.90.226 www.google.uz
O1 - Hosts: 194.54.90.226 google.com
O1 - Hosts: 194.54.90.226 google.ca
O1 - Hosts: 194.54.90.226 google.com.ag
O1 - Hosts: 194.54.90.226 google.com.ar
O1 - Hosts: 194.54.90.226 google.com.au
O1 - Hosts: 194.54.90.226 google.at
O1 - Hosts: 194.54.90.226 google.az
O1 - Hosts: 194.54.90.226 google.be
O1 - Hosts: 194.54.90.226 google.com.br
O1 - Hosts: 194.54.90.226 google.vg
O1 - Hosts: 194.54.90.226 google.bi
O1 - Hosts: 194.54.90.226 google.ca
O1 - Hosts: 194.54.90.226 google.td
O1 - Hosts: 194.54.90.226 google.cl
O1 - Hosts: 194.54.90.226 google.com.co
O1 - Hosts: 194.54.90.226 google.co.cr
O1 - Hosts: 194.54.90.226 google.dk
O1 - Hosts: 194.54.90.226 google.com.do
O1 - Hosts: 194.54.90.226 google.fm
O1 - Hosts: 194.54.90.226 google.fi
O1 - Hosts: 194.54.90.226 google.fr
O1 - Hosts: 194.54.90.226 google.gm
O1 - Hosts: 194.54.90.226 google.ge
O1 - Hosts: 194.54.90.226 google.de
O1 - Hosts: 194.54.90.226 google.com.gi
O1 - Hosts: 194.54.90.226 google.com.gr
O1 - Hosts: 194.54.90.226 google.gl
O1 - Hosts: 194.54.90.226 google.gg
O1 - Hosts: 194.54.90.226 google.co.il
O1 - Hosts: 194.54.90.226 google.it
O1 - Hosts: 194.54.90.226 google.co.kr
O1 - Hosts: 194.54.90.226 google.lu
O1 - Hosts: 194.54.90.226 google.mw
O1 - Hosts: 194.54.90.226 google.ro
O1 - Hosts: 194.54.90.226 google.se
O1 - Hosts: 194.54.90.226 google.co.uk
O1 - Hosts: 194.54.90.226 google.uz
O1 - Hosts: 194.54.90.226 search.yahoo.com
O1 - Hosts: 194.54.90.226 de.search.yahoo.com
O1 - Hosts: 194.54.90.226 search.msn.com
O1 - Hosts: 194.54.90.226 search.msn.de
O1 - Hosts: 194.54.90.226 search.live.com
O1 - Hosts: (Exl=xoYExxl=live.com
O1 - Hosts: @7
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ELRYBIPV] C:\WINDOWS\ELRYBIPV.exe
O4 - HKLM\..\Run: [elr] C:\WINDOWS\ELR.exe
O4 - HKLM\..\Run: [vfpzcmxsc] C:\WINDOWS\VFPZCMXSC.exe
O4 - HKLM\..\Run: [ekry] C:\WINDOWS\EKRY.exe
O4 - HKLM\..\Run: [Pwombvek] C:\Program Files\Xuni\Pkmzdl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127758344\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [ZICORN] C:\WINDOWS\System32\ZICORN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe
O4 - HKLM\..\Run: [%FP%LocalNet fts.exe] "C:\Program Files\LocalNet\LocalNet EasyDialer\fts.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~2\bar\6.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC
O4 - HKLM\..\Run: [hzhazjhA] C:\WINDOWS\hzhazjhA.exe
O4 - HKLM\..\Run: [p328d32] C:\WINDOWS\p328d32
O4 - HKLM\..\Run: [{ZN}] C:\windows\system32\dwdsregt.exe CHD001
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvdap.dll,startup
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [{5C-C2-2E-E4-ZN}] c:\windows\system32\kndsregp.exe CHD001
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\mwinkqdq.exe CHD001
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [wrkhahmj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wrkhahmj.dll"
O4 - HKLM\..\Run: [XPdefender] "C:\Program Files\XPdefender\XPdefender.exe" hide
O4 - HKLM\..\Run: [ralabirg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ralabirg.dll"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InfeStop] C:\Program Files\InfeStop\InfeStopRemover.exe
O4 - HKLM\..\Run: [MSCTFMON] C:\DOCUME~1\~COURT~1\LOCALS~1\TEMP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [14f5c24b] rundll32.exe "C:\DOCUME~1\~COURT~1\LOCALS~1\Temp\lbofubvv.dll",b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\YMBOLS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Omij] C:\WINDOWS\??crosoft.NET\?hkdsk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mqgkzc] C:\WINDOWS\SYSTEM32\??crosoft.NET\r?ndll.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Fjxv] C:\WINDOWS\SYSTEM32\?icrosoft.NET\w?nlogon.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Haltyf] "C:\Program Files\Common Files\F?nts\m?iexec.exe" (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\6.bin\mwsoemon.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\6.bin\m3IMPipe.exe" (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Iiq] C:\WINDOWS\SYSTEM32\??sks\w?nword.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [userinit] C:\Documents and Settings\~Courtney~\Application Data\ntos.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [cmds] rundll32.exe C:\DOCUME~1\~COURT~1\LOCALS~1\Temp\geebc.dll,c (User '~Courtney~')
O4 - HKUS\S-1-5-21-3849935868-3085090074-2963184740-1012\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\~COURT~1\LOCALS~1\Temp\ckgfymxf.dll",run (User '~Courtney~')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 Startup: .protected (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 Startup: findfast.exe (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 Startup: LimeWire On Startup.lnk = C:\Documents and Settings\~Courtney~\My Documents\LimeWire\LimeWire.exe (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 Startup: TA_Start.lnk = ? (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 User Startup: .protected (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 User Startup: findfast.exe (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 User Startup: LimeWire On Startup.lnk = C:\Documents and Settings\~Courtney~\My Documents\LimeWire\LimeWire.exe (User '~Courtney~')
O4 - S-1-5-21-3849935868-3085090074-2963184740-1012 User Startup: TA_Start.lnk = ? (User '~Courtney~')
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O4 - Global Startup: CallWave (2).lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: msn_0802_upd060053.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/8.1.5.27/applet/sw...eeper-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204204258437
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFI.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\Leslie\LOCALS~1\Temp\~~install.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\System32\winload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\dhdaawor.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 20133 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 PM

Posted 11 March 2008 - 08:04 PM

Hello L Simmons,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 L Simmons

L Simmons
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 17 March 2008 - 11:03 AM

teacup
Thanks for your response. The problem is the hijackthis log must be done as administrator and the administrative accounts have no icons or start bar and task manager is disabled so I can not open a browser. They were just popping up once in a while (how I did it the first time) but have stopped. The other accounts at least have task manager so I can access the internet but can not do much. Any suggestions?
Thanks L

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 PM

Posted 17 March 2008 - 11:25 AM

Hello,

Thanks for letting me know. We can go on what you have as a starting point. This thing is in bad shape, and to be honest it might be better to reformat in the end. Can you download anything? If so, then run this :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 L Simmons

L Simmons
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 20 March 2008 - 11:42 AM

It won't let me; says it requires 'administrative privileges'. I am about ready to give up. I just have about 1000 pictures I wish I could get onto a disc (or2)... any ideas how I could do this?
thanks
L

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 PM

Posted 21 March 2008 - 01:03 PM

Hello,

At this point I would have to recommend that you reformat and reinstall. You have more bad things on your computer than good, including a password stealing trojan. :blink: If you don't have a flash drive already, you can find one that would most likely hold all your pictures for about 20-30 USD. Barring that, and I'm so sorry to say it, cut your losses and wipe the drive. Change any sensitive account passwords you might have from a clean computer and don't access them from this computer until after the reformat, or they'll get stolen again.

I'm sorry I can't offer you better news. :thumbsup:

Regards,
tea

Edited by teacup61, 21 March 2008 - 01:03 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 PM

Posted 31 March 2008 - 03:32 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users