Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!?!


  • Please log in to reply
1 reply to this topic

#1 drbaker

drbaker

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 06 January 2006 - 06:45 PM

I downloaded and ran HijackThis and these little popups at the bottom of the screen keep coming up and saying that "Dangerous infection was detected on your PC" also one that says my computer is infected with a trojan. I have downloaded Ad-Aware and Microsoft AntiSpyware and neither tell me anything is wrong. I also use Trend Micro Office Scan. My last resort is HijackThis... I've used it before, but had help at my side. That help in inaccesable now... so if someone could help... I ran HijackThis and have the log. This is the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:29:09 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\ALCXMNTR.EXE
D:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
D:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\OfficeScn\pccntmon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\Logi_MwX.Exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
D:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
D:\Program Files\Common Files\AOL\1133882519\ee\AOLSoftware.exe
D:\Program Files\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
D:\PROGRA~1\AWS\WEATHE~1\Weather.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\OfficeScn\ntrtscan.exe
D:\WINDOWS\system32\svchost.exe
c:\OfficeScn\tmlisten.exe
c:\OfficeScn\OfcPfwSvc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\TEMP\JGB146.EXE
D:\WINDOWS\system32\nvctrl.exe
D:\Program Files\iTunes\iTunes.exe
D:\WINDOWS\system32\mssearchnet.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Dylan\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - D:\WINDOWS\system32\hp8DBC.tmp
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXBRKsk] D:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "D:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\OfficeScn\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] D:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1133882519\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [ICDRegOCX0] rundll32.exe advpack.dll,RegisterOCX D:\WINDOWS\system32\LegitCheckControl.DLL
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Weather] D:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Viewpoint Search - res://D:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://saratoga.msoe.edu/officescan/Client...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://saratoga.msoe.edu/officescan/client...ll/setupini.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://saratoga.msoe.edu/officescan/client.../RemoveCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136589467656
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - c:\OfficeScn\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - c:\OfficeScn\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - c:\OfficeScn\tmlisten.exe

Someone guide me about what to do now please. Thank you.

drbaker.

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:12 AM

Posted 16 January 2006 - 02:44 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users