0

Ok, apparantly I got suckered into having unprotected internet....

I have yet to load my Norton corp version, and have not updated my Defender. Thats what yoiu get.

I bought Spy No More because Defender found nothing and it did. But I still have no access to Control Panel, Display Properties, Group Policy Editor and so on... here is my log...

Logfile of HijackThis v1.99.1
Scan saved at 22:20: VIRUS ALERT!, on 7/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\SpyNoMore\SNM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft Location Finder\LocationFinder.exe
D:\Program Files\TomTom HOME 2\HOMERunner.exe
D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Shaun Goeckner\Desktop\Work\psetools\iridium.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\allchars\Copy of AllChars.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Shaun\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tampabays10.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: (no name) - {874AE4BD-B9D0-410D-ABE3-CAA3F2DBD219} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] D:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [eFax 4.3] "D:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [lphcnsdj0ec6h] D:\WINDOWS\system32\lphcnsdj0ec6h.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "D:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [IridiumTimeWizard] C:\Users\Shaun Goeckner\Desktop\Work\psetools\iridium.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe
O4 - Startup: Shortcut to Copy of AllChars.lnk = C:\allchars\Copy of AllChars.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Desktop Manager.lnk = D:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\DriveHQ\DriveHQ Desktop Express\MyDriveHQ.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\DriveHQ\DriveHQ Desktop Express\MyDriveHQ.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194892630703
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://24.120.190.66/Remote/msrdp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc03.custhelp.com/8201-b499h/rnl/java/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: fdxbameg - {A489ACEE-FE2C-40B1-A8C2-4FC5C8BF38C7} - D:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: fsrpknov - {4724843D-4315-443A-856D-46D015074BEF} - D:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - E:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - D:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Uninstall that version of hijackthis and install the latest version (2.0.2).

==========

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt.

==========

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.