Member Avatar for jaishankar

My friends system is have hdd partitioned as C: D: and E:(FAT32)


E: is having some 35gb of music files

but aoutomaticcaly half of the folders have been disappered and number of unknown folders have been created which niether opens nor gets deleted

most of the folder names are as eMARTM~1

This is the screenshot of the drive and folders

http://i19.tinypic.com/4u936eq.jpg

http://i10.tinypic.com/4vqupsx.jpg


Here is the Hijackthis log

here is the log file

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:19:46 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\InterVideo\WinDVR\WinRemote.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinRemote] "D:\Program Files\InterVideo\WinDVR\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] E:\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [svcshare] D:\WINDOWS\system32\drivers\spoclsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

  • 3 Contributors
  • 2 Replies
  • 217 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by dcc

Recommended Answers

All 2 Replies

Member Avatar for gerbil

You have an annoying little trojan, a worm... please delete hijackthis from the folder where it is and follow this:
==download a fresh copy of hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files.
-in that folder start HijackThis by dclicking the .exe;
-select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKCU\..\Run: [svcshare] D:\WINDOWS\system32\drivers\spoclsv.exe

Browse to this file and delete it: D:\WINDOWS\system32\drivers\spoclsv.exe
Find D:\setup.exe and delete it.
Get ATF Cleaner:
===Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
[If you wish, save ATF Cleaner to your desktop or a cleaning folder somewhere as it is a fairly useful tool for occasional use.]
Now please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here, plus a fresh hijack this log..

Member Avatar for dcc

Before going through all of that try downloading Asquared and run it in safe mode, this is important as certain applications aren't running when you are in safe mode. Unless you have something particularly nasty this will usually do the trick.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.