Notices

Overclockers Forums > Software > Internet, Networking, and Security
Internet, Networking, and Security Networking and Viruses/Malware trouble. Get the answers here.
Forum Jump

Can some1 check this out?

Post Reply New Thread Subscribe Search this Thread
 
 
Thread Tools
Old 11-23-04, 03:22 PM Thread Starter   #1
grimm003
Member

 
grimm003's Avatar 

Join Date: Jul 2004
Location: SIU

 
Post Can some1 check this out?


I just ran ad-aware and found 388 new items on my sisters computer, and then 19 with spybot after that. Here's a HijackThis log, can any1 spot anything else that needs to be deleted? Thanks for any help

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\MP3Downloading\bindata.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Ad Aware\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [nhdrnqunglkc] C:\WINDOWS\System32\nbfrul.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\zzlwuwt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\MP3Downloading\bindata.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...271ab95b94951b
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.mlsni.xmlsweb.com/XM...h/XMLCache.CAB
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlsni.mlxchange.com/Control/M...ctComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlsni.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlsni.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter...0/SYSsfitb.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

__________________
Motherboard ASUS P5Q Deluxe
CPU E8400
RAM Mushkin DDR2-1000 2x2GB
Video Sapphire HD4870 512MB
Case Lian-Li A-7010
Res MCR320-QP
CPU Block GTZ
Video Block MCW60-R2
Pump MCP355

There are 10 kinds of people in the world.
Those that understand binary, and those that don't.

Last edited by grimm003; 11-23-04 at 03:28 PM.
grimm003 is offline   QUOTE Thanks
Old 11-23-04, 03:42 PM   #2
loks
Member

 
loks's Avatar 

Join Date: Jun 2004
Location: The M-I-A

 
why dont you do the following. go to start>run>msconfig>startup>and uncheck all the boxes. Reboot your machine. Then run your ad removing software and if it finds any processes that are unusual then remove them. another great thing would be rebooting in safe mode and run your spyware removing software. that will help
loks is offline   QUOTE Thanks
Old 11-23-04, 03:48 PM Thread Starter   #3
grimm003
Member

 
grimm003's Avatar 

Join Date: Jul 2004
Location: SIU

 
Ok, I will try in safe mode

__________________
Motherboard ASUS P5Q Deluxe
CPU E8400
RAM Mushkin DDR2-1000 2x2GB
Video Sapphire HD4870 512MB
Case Lian-Li A-7010
Res MCR320-QP
CPU Block GTZ
Video Block MCW60-R2
Pump MCP355

There are 10 kinds of people in the world.
Those that understand binary, and those that don't.
grimm003 is offline   QUOTE Thanks
Old 11-23-04, 04:31 PM Thread Starter   #4
grimm003
Member

 
grimm003's Avatar 

Join Date: Jul 2004
Location: SIU

 
ok, I just ran spybot and ad-aware in safe mode, they found more problems. Now I am back in normal mode and Spybot it still finding DoubleClick and DSO Exploit. Ad-aware found
References detected during the scan:

AdShooter(TAC index:6):1 total references
BargainBuddy(TAC index:8):3 total references
BlazeFind(TAC index:5):4 total references
ImIServer IEPlugin(TAC index:5):1 total references
MRU List(TAC index:0):29 total references
ReplaceSearch.BHO(TAC index:5):1 total references
Tracking Cookie(TAC index:3):2 total references
WhenU(TAC index:10):2 total references
WinAD(TAC index:7):1 total references
VX2(TAC index:10):4 total references

It seems these won't go away, even when deleted in safe mode, any ideas?

__________________
Motherboard ASUS P5Q Deluxe
CPU E8400
RAM Mushkin DDR2-1000 2x2GB
Video Sapphire HD4870 512MB
Case Lian-Li A-7010
Res MCR320-QP
CPU Block GTZ
Video Block MCW60-R2
Pump MCP355

There are 10 kinds of people in the world.
Those that understand binary, and those that don't.
grimm003 is offline   QUOTE Thanks
Old 11-23-04, 05:18 PM   #5
hkgonra
Member

 
hkgonra's Avatar 

Join Date: Aug 2001
Location: West TN.

10 Year Badge
 
If it was a system in my house I would format it. Then I would load good spy-ware and anti-virus programs before she gets on it again. Hopefully that will help.

__________________
"I am for doing good to the poor, but...I think the best way of doing good to the poor, is not making them easy in poverty, but leading or driving them out of it. I observed...that the more public provisions were made for the poor, the less they provided for themselves, and of course became poorer. And, on the contrary, the less was done for them, the more they did for themselves, and became richer."
-- Benjamin Franklin

My Heatware
hkgonra is offline   QUOTE Thanks
Old 11-24-04, 01:04 PM   #6
loks
Member

 
loks's Avatar 

Join Date: Jun 2004
Location: The M-I-A

 
I agree. Format. Fresh Install. SP1. SP2. Spysweeper and your everyday useful proggies. Dont click on any windows that says your a winner. AND DONT DOWNLOAD ANYTHING YOU DON'T NEED. If you need something ask here first!!!!
loks is offline   QUOTE Thanks
Old 11-25-04, 09:35 PM   #7
Mr. Chambers
Member



Join Date: Feb 2001
Location: Iowa

10 Year Badge
 
I have yet to come across a malware infection I couldn't fix, however as said earlier, it may be less work, and it would certainly perform better in the end, if you did a reformat/reinstall.

If you haven't already read through the stickies on spyware removal be sure to:

http://www.ocforums.com/showthread.php?t=307720
http://www.ocforums.com/showthread.php?t=319615

If after following those two stickies to the T and you still have problems, please post a fresh hijackthis log.

__________________
Intel i7-2600k
ASUS P8P67 Pro
G.SKILL Ripjaws-X 8GB DDR3
Sapphire HD 7970 OC
Corsair HX750 750w
OCZ Agility 2 120GB SSD
Cooler Master CM 690 II
Logitech G710+ & G9x
Dell U2713HM
Mr. Chambers is offline   QUOTE Thanks

Post Reply New Thread Subscribe


Overclockers Forums > Software > Internet, Networking, and Security
Internet, Networking, and Security Networking and Viruses/Malware trouble. Get the answers here.
Forum Jump

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Mobile Skin
All times are GMT -5. The time now is 04:26 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
You can add these icons by updating your profile information to include your Heatware ID, Benching Profile ID or your Folding/SETI profile ID. Edit your profile!
X

Welcome to Overclockers.com

Create your username to jump into the discussion!

New members like you have made this the best community on the Internet since 1998!


(4 digit year)

Why Join Us?

  • Share experience
  • Max out your hardware
  • Best forum members anywhere
  • Customized forum experience

Already a member?