Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log-cookyzue


  • Please log in to reply
1 reply to this topic

#1 cookyzue

cookyzue

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 27 March 2005 - 12:32 AM

I did a last good configuration thing to try to fix my audio and things, but when it came back on all the devices and drivers were messed up, so now im on 4bit graphics, have no sound, etc. Any help appreciated.

Logfile of HijackThis v1.99.1

Scan saved at 9:10:09 PM, on 3/26/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\aim\aim.exe

C:\Program Files\BigFix\BigFix.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Netscape\Netscape 6\Netscp.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\CINDYK~1\LOCALS~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\CINDYK~1\LOCALS~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Cindy Kirby\Application Data\Mozilla\Profiles\default\81uye1l1.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Cindy Kirby\Application Data\Mozilla\Profiles\default\81uye1l1.slt\prefs.js)

O2 - BHO: (no name) - {5BF1537F-2464-448F-B7AE-CD5EAD690522} - C:\WINDOWS\System32\mckaba.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)

O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)

O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)

O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\SnurDcQ6.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\CINDYK~1\LOCALS~1\Temp\se.dll,DllInstall

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKLM\..\Run: [ZoomCableMonitor] ZoomCableModemStatus.exe

O4 - HKLM\..\Run: [workflo] E:\install\workflow.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [pCJPYhvO.exe] C:\WINDOWS\system32\pCJPYhvO.exe

O4 - HKLM\..\Run: [PBP] C:\documents and settings\micheal kirby\local settings\temp\PBP.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mswspl] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [gcbpjwetsxyu] C:\WINDOWS\System32\ipekag.exe

O4 - HKLM\..\Run: [dd268fc6d452] C:\WINDOWS\System32\capesnpn.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [aOUcfM] C:\documents and settings\micheal kirby\local settings\temp\aOUcfM.exe

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

O4 - HKLM\..\Run: [9335ce523dbe] C:\WINDOWS\System32\clusapi0.exe

O4 - HKLM\..\Run: [7ssf3ph] mydaih.exe

O4 - HKLM\..\Run: [5HvOb] C:\documents and settings\cindy kirby\local settings\temp\5HvOb.exe

O4 - HKLM\..\Run: [5] C:\windows\system32\5.exe

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [twain] C:\WINDOWS\twain.exe

O4 - HKCU\..\Run: [Zsy] C:\WINDOWS\System32\w?nspool.exe

O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\Cindy Kirby\Application Data\rncr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe

O4 - Global Startup: EZ Station.lnk = C:\WINDOWS\twain_32\IBMScanner\SxCenter.exe

O4 - Global Startup: Zoom Cable Monitor.lnk = ?

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O18 - Filter: text/html - {CBC2BF7F-FCEE-4F5A-97A8-3DF69E528141} - C:\WINDOWS\System32\mckaba.dll

O18 - Filter: text/plain - {CBC2BF7F-FCEE-4F5A-97A8-3DF69E528141} - C:\WINDOWS\System32\mckaba.dll

O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

BC AdBot (Login to Remove)

 


m

#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:57 PM

Posted 27 March 2005 - 03:46 PM

Hi :thumbsup:

First of all remove the Peper Trojan.
1. Download and save PeperFix.
REBOOT in SafeMode: Starting your computer in Safe mode, use the F8 method,
and run the program.
It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

2. REBOOT again into SafeMode and run it again for good measure.

3. REBOOT normally.



You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use Add/Remove Program to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.


Please uninstall Viewpoint Media Player from Add\Remove Programs.
Removing Viewpoint Media Player may cause the program that bundled it to not function as intended.
About Viewpoint Media Player.


REBOOT and post a new log.

Run HijackThis.exe Press the Scan button, then Save Log.
Notepad will open.

In Notepad click
Edit menu --> Select All
then
Edit menu --> Copy

When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

Right click in the message area and click on the paste option to paste the log into the post.

Edited by Daisuke, 27 March 2005 - 03:46 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users