Member Avatar for Tumbleweedracef

Hey Dani Web folks !!!
I have a Dell Dimension 3100, SP2 , Windows XP.
This computer has taken over by trogans. I also was missing most of the things on the Start Page, such as My Computer,My Doc., My Pic's, My Music, Control Panel, Search and Run. I think it may be clean but I'm posting a HiJack This log for your viewing. I also need to know how to get the missing things back. If I go into SAFE MODE and go under Admin. account, they are all there. But they are missing in the other 3 accounts on the computer.
Also, it says " VIRUS ALERT ! " in the bottom right corner, next to (to the right of), the clock.Any and all help is MUCH appreciated !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25: VIRUS ALERT!, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brenna Jones\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Brenna Jones\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted IP range: http://195.95.*.*
O15 - Trusted IP range: http://195.225.*.*
O15 - Trusted IP range: http://216.236.239.193
O15 - Trusted IP range: http://216.236.239.195
O15 - Trusted IP range: http://216.236.239.193
O15 - Trusted IP range: http://216.236.239.195
O15 - Trusted IP range: http://216.236.239.193
O15 - Trusted IP range: http://216.236.239.195
O15 - Trusted IP range: http://216.236.239.193
O15 - Trusted IP range: http://216.236.239.195
O15 - Trusted IP range: http://216.236.239.193
O15 - Trusted IP range: http://216.236.239.195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188231397718
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9539 bytes

  • 2 Contributors
  • 7 Replies
  • 204 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by Tumbleweedracef

Recommended Answers

All 7 Replies

Member Avatar for Tumbleweedracef

SOLVED !!!
It was Smitfraud ! It had my computer all messed up. I thought I had run Smitfraud Fix, but I was mistaken. I ran it and it fixed my whole computer. Start page is fixed and the computer runs fine. You can find the "fix" at
http://siri.geekstogo.com/SmitfraudFix.php
I still want to thank DaniWeb for always being here when we need them !!!!!!
YOU ROCK !!!
I'm closing this thread.

Member Avatar for crunchie

Running option #2 in Smitfraudfix on an uninfected pc will remove the desktop background :).
Tumbleweed, you gotta stop getting infected :D.

Member Avatar for Tumbleweedracef

Running option #2 in Smitfraudfix on an uninfected pc will remove the desktop background :).
Tumbleweed, you gotta stop getting infected :D.

Brother Crunchie.... thanks for your consern !
But, this is a different computer that I'm fixing for a lady friend :) . My computer is fine !
The computer had THAT problem before IA got ahold of it. Smitfraud Fix, fixed it. Anyway, I have the computer nice and clean but CAN NOT get this computer to Renew the internet connection. I get a connection but it keeps telling me that ..." It is limited or no connectivity". I have tried 5 - 10 different things that I have found on the net for solutions but none have worked. It was a Bell SOut connection, high speed, but I'm trying to get the computer to work using a LAN connection.......aint happening. It sends "packets but doesn't recieve any. Do I need to start a new thread somewhere else ?
I even put a new Network Card in the computer made by Linksys, that didn't help.

Member Avatar for Tumbleweedracef

Try this; Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
Otherwise try a thread in the networking forum :)

Thank you Brother !
I help people, as a hobby, fixing simple:D problems, mostly debugging. Sometimes I have to come to DaniWeb for help. If I'm in the wrong for doing this, please let me know ! I respect you and the folks here at DaniWeb too much to abuse this help !!
I downloaded and tried Winsockfix, and it didn't work.
Thanks again for all your help !!!!!!!!

Member Avatar for crunchie

Come anytime you wish :).
I assume that the Local Area Connection is enabled? :)

Member Avatar for Tumbleweedracef

Come anytime you wish :).
I assume that the Local Area Connection is enabled? :)

Yes Sir. I have it set to "automatically detect settings". I've hit "repair" 10 thousand times it seems. It's set to NOT dial a connection.
I can unplug the ethernet cable and plug it into another computer and get on line in 5 seconds. This computer is stubborn !!! I am starting a new thread in " Networking", as you suggested. Thanks again for your help Brother !!!
The new post ID is :
http://www.daniweb.com/forums/post657108.html#post657108

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.