Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 1571

Oct 30th, 2006

Please Help Me! Please! [HJT Log included]

Expand Post »

HiJack log posted at the end!

I am having so many problems with my computer! All help is deeply appreciated.
The problems are as followed:

1. I am having problems changing my background.
2. Everytime my computer starts, I see a blue screen that says "Disk needs to check files"
but it never completes checking them.
3. I keep getting sound when there are no open windows.
4. My computer runs awfully slow.

Logfile of HijackThis v1.99.1
Scan saved at 5:52:38 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido Anti-Spyware 4.0\guard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\monnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\winlogon.exe
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysTray] C:\Program Files\mhke.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [scman] C:\WINDOWS\System32\scman.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [mxhn] C:\WINDOWS\System32\mxhn.exe
O4 - HKLM\..\Run: [mswiz] C:\WINDOWS\System32\mswiz.exe
O4 - HKLM\..\Run: [msgwi] C:\WINDOWS\System32\msgwi.exe
O4 - HKLM\..\Run: [monnt] C:\WINDOWS\System32\monnt.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20026\socks.exe
O4 - HKLM\..\Run: [manmc] C:\WINDOWS\System32\manmc.exe
O4 - HKLM\..\Run: [jssvc23] jsssvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [idnt] C:\WINDOWS\System32\idnt.exe
O4 - HKLM\..\Run: [hnmx] C:\WINDOWS\System32\hnmx.exe
O4 - HKLM\..\Run: [hldflbwA] C:\WINDOWS\hldflbwA.exe
O4 - HKLM\..\Run: [dzc6f9ae] RUNDLL32.EXE w81c9161.dll,n 0056f9a90000000381c9161
O4 - HKLM\..\Run: [dput] C:\WINDOWS\System32\dput.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [apiin] C:\WINDOWS\System32\apiin.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [62ad0bc.exe] C:\WINDOWS\System32\62ad0bc.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [mrfz] C:\PROGRA~1\COMMON~1\mrfz\mrfzm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinnrag.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.0.6.4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O20 - AppInit_DLLs: mlan446EC7DB.dll MDT2446EC7DB.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\n64slgh7164.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido Anti-Spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Similar Threads

hjt log included. in Viruses, Spyware and other Nasties
Please help HJT log included in Viruses, Spyware and other Nasties
Fear of some malware or other nasties. HJT log included. in Viruses, Spyware and other Nasties
Checking Computer (HJT log included) in Viruses, Spyware and other Nasties
Persistent spyware problems, HJT log included. in Viruses, Spyware and other Nasties

YoungNation

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

20 posts
since Feb 2006

Permalink

Nov 5th, 2006

Re: Please Help Me! Please! [HJT Log included]

For a start, you have look-to-me adware.... so go here http://www.f-secure.com/tools/f-look2me.zip and dl f-look2me and as an administrator, unzip it and run the .exe. Reboot.
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Now go to grisoft.com to update from Ewido 4 to AVG antispyware 7.5. Uninstall Ewido then install AVG A-S 7.5. Update it.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it.
When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.
Finally go here to get Spybot S&D :- http://www.safer-networking.org/en/download/ Update it.
You have a couple of other trojans in there also, so memorise these instructions... or copy em to notepad. Or just use Opera...
Ok, you're done with the net. Shut it down. Disconnect...
Rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...
Now go into safe mode [Restart, F8 and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]
Note: Close all open windows, and DO NOT USE the computer while these scans are running. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper a scanner's ability to clean properly and may result in reinfection.
- Run the blbeta.exe.
- Run AVG A-S as you used to run ewido. Start AVG Antispyware, do the complete system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."
- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.

Reboot into normal windows mode... if everything appears to be working you must now remove all old system restore points... do this by turning sys res off then on again for all drives. The path to this is via Start > all programs > accessories > system tools> system restore - use the link "system restore settings", and check turn off sys res for all drives, Apply... AND THEN UNCHECK THE BOX, AND APPLY. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Run HT again and post the log, and retell any problems you may still be having.

Last edited by gerbil; Nov 5th, 2006 at 9:21 am.

gerbil

Reputation Points: 239

Solved Threads: 296

Industrious Poster

Offline

4,169 posts
since May 2005

Permalink

Nov 9th, 2006

Re: Please Help Me! Please! [HJT Log included]

Thank you so much. I've downloaded, installed and updated all the programs except for the F-Secure Blacklight. It says either my PC settings or Malicious adware is stopping it from working.

YoungNation

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

20 posts
since Feb 2006

Permalink

Nov 11th, 2006

Re: Please Help Me! Please! [HJT Log included]

Then rerun Adaware in safe mode, and once back in normal windows mode try this scan online:- http://www.pandasoftware.com/products/activescan? Give them some details, and follow the scan buttons.
Run HT again and post the log, plus the Panda log.

gerbil

Reputation Points: 239

Solved Threads: 296

Industrious Poster

Offline

4,169 posts
since May 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: system critical errors

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: "Server busy" Dialog box /help me

DaniWeb Message

Cancel Changes

User Name
Password