UNAMEIT06 Posted November 6, 2006 Report Share Posted November 6, 2006 I have a computer here with alot of problems. Here is the Hijack This log. Can anyone tell me what is wrong with this one?=================================================Logfile of HijackThis v1.99.1Scan saved at 12:12:51 PM, on 11/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Altiris\AClient\AClient.exeC:\WINDOWS\Rm9ydCBPc2FnZSBTY2hvb2wgRGlzdHJpY3Q\command.exeC:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\spkrmon.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lightspeed Systems\SecurityAgent\SAAlert.exeC:\Program Files\Altiris\AClient\AClntUsr.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lightspeed Systems\SecurityAgent\satray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Lightspeed Systems\SecurityAgent\SADash.exeC:\Program Files\Lightspeed Systems\SecurityAgent\SAScan.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Documents and Settings\dmanz\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dropspam.com/sidesearch.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fortosage.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dropspam.com/sidesearch.htmR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fscreations.com/register.php?pr...p;version=5.2.0F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kcpam.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vwwexmv.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinopem.exe GID002O4 - HKLM\..\Run: [securityAgentTray] C:\Program Files\Lightspeed Systems\SecurityAgent\satray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinopem.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dllO9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dllO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1119029574984O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fortosage.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fortosage.netO20 - AppInit_DLLs: ping.dllO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Rm9ydCBPc2FnZSBTY2hvb2wgRGlzdHJpY3Q\command.exeO23 - Service: Security Agent Service (IpmSecurityAgentService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exeO23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe==================================================================If someone can please tell me what is going on with this i would apprecieate it. Quote Link to post Share on other sites
therock247uk Posted November 6, 2006 Report Share Posted November 6, 2006 Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zipUnzip all files to a convenient location such as C:\Qoofix.Go to the folder you unzipped all files and run Qoofix.exe.Click Begin Removal and wait for the scan to finish.If an infection has been found, select yes to restart your computer.Finally post a new Hijack This log and the contents of the Qoofix logfile. Quote Link to post Share on other sites
UNAMEIT06 Posted November 6, 2006 Author Report Share Posted November 6, 2006 (edited) Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zipUnzip all files to a convenient location such as C:\Qoofix.Go to the folder you unzipped all files and run Qoofix.exe.Click Begin Removal and wait for the scan to finish.If an infection has been found, select yes to restart your computer.Finally post a new Hijack This log and the contents of the Qoofix logfile.HJT LOG=======================Logfile of HijackThis v1.99.1Scan saved at 12:39:59 PM, on 11/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Altiris\AClient\AClient.exeC:\WINDOWS\Rm9ydCBPc2FnZSBTY2hvb2wgRGlzdHJpY3Q\command.exeC:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\spkrmon.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lightspeed Systems\SecurityAgent\SAAlert.exeC:\Program Files\Altiris\AClient\AClntUsr.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lightspeed Systems\SecurityAgent\satray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\dmanz\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dropspam.com/sidesearch.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fortosage.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dropspam.com/sidesearch.htmR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fscreations.com/register.php?pr...p;version=5.2.0O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinopem.exe GID002O4 - HKLM\..\Run: [securityAgentTray] C:\Program Files\Lightspeed Systems\SecurityAgent\satray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinopem.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dllO9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dllO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1119029574984O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fortosage.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fortosage.netO20 - AppInit_DLLs: ping.dllO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Rm9ydCBPc2FnZSBTY2hvb2wgRGlzdHJpY3Q\command.exeO23 - Service: Security Agent Service (IpmSecurityAgentService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exeO23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe=================================Qoofix Log==================Qoofix v1.03 by http://www.malwarebytes.orgScan started on [11/6/2006] at [12:33:58 PM]-------------------------------------------------------------No malicious modules found!-------------------------------------------------------------No Qoologic infected files found!-------------------------------------------------------------Scan COMPLETED SUCCESSFULLY on [11/6/2006] at [12:34:49 PM]Note: Some registry keys may have been removed.==========================================================I am also showing Trojan Downloaders are installed on this computer. I am looking for some removal tools for those as well. Edited November 6, 2006 by JOSH Quote Link to post Share on other sites
therock247uk Posted November 6, 2006 Report Share Posted November 6, 2006 First download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.