My Hijackthis Log[RESOLVED]

DreamsAndGasoline

By DreamsAndGasoline,
in Malware Removal

 Share Followers 0

Recommended Posts

DreamsAndGasoline

DreamsAndGasoline

Posted
Posted

I have Windows XP Media Center. A few days ago, I tried to restart by clicking the button on the bottom of the start menu. Instead of the pretty colorful box with the pretty buttons (haha): that gray ugly old school box popped up with the drop down menu. The screen faded out like it always does, but when I chose the restart one the box disappears and the screen brightens right back up. Nothing happened, not one thing. I tried to shut down, and log off. They did the same thing. *Please talk Computer English to me : )

Please Helpppppppp,

Thanks for your time!,

Meg

Logfile of HijackThis v1.99.1

Scan saved at 4:07:47 PM, on 10/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (but I usually use firefox)

(7.00.6000.16544)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesWindows

DefenderMsMpEng.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32WLTRYSVC.EXE

C:WINDOWSSystem32bcmwltry.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile

Device

SupportbinAppleMobileDeviceService.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesCreative Labs

SharedServiceCreativeLicensing.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe

C:WINDOWSsystem32svchost.exe

C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe

C:WINDOWSehomemcrdsvc.exe

C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSExplorer.EXE

C:WINDOWSehomeehtray.exe

C:Program FilesTrend MicroInternet

Security 12pccguide.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesiPodbiniPodService.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32msiexec.exe

C:WINDOWSsystem32MsiExec.exe

C:WINDOWSsystem32MsiExec.exe

C:Program FilesGrisoftAVG7avgcc.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program

FilesViewpointCommonViewpointService.exe

C:Program FilesAIM6aim6.exe

C:Program FilesAIM6aolsoftware.exe

C:Program FilesCommon

FilesRealUpdate_OBrealsched.exe

C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe

C:Documents and SettingsMeg

YoungDesktophijackthis_sfx.exe

C:Program FilesHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet

ExplorerMain,Start Page = http://yahoo.com/

R1 - HKLMSoftwareMicrosoftInternet

ExplorerMain,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet

ExplorerMain,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet

ExplorerMain,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet

ExplorerMain,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:Program FilesCommon

FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-001234567890} -

C:WINDOWSSystem32DLADLASHX_W.DLL

O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:Program

FilesJavajre1.6.0_02binssv.dll

O4 - HKLM..Run: [ehTray]

C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [broadcom Wireless Manager

UI] C:WINDOWSsystem32WLTRAY.exe

O4 - HKLM..Run: [igfxtray]

C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxhkcmd]

C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [igfxpers]

C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [PDVDDXSrv] "C:Program

FilesCyberLinkPowerDVD DXPDVDDXSrv.exe"

O4 - HKLM..Run: [pccguide.exe] "C:Program

FilesTrend MicroInternet Security

12pccguide.exe"

O4 - HKLM..Run: [DMXLauncher] C:Program

FilesDellMedia ExperienceDMXLauncher.exe

O4 - HKLM..Run: [AVG7_CC]

C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [DLA]

C:WINDOWSSystem32DLADLACTRLW.EXE

O4 - HKLM..Run: [iSUSPM Startup]

C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSP

M.exe -startup

O4 - HKLM..Run: [iSUSScheduler]

"C:Program FilesCommon

FilesInstallShieldUpdateServiceissch.exe"

-start

O4 - HKLM..Run: [Windows Defender]

"C:Program FilesWindows

DefenderMSASCui.exe" -hide

O4 - HKLM..Run: [Adobe Photo Downloader]

"C:Program FilesAdobePhotoshop Album

Starter Edition3.2Appsapdproxy.exe"

O4 - HKLM..Run: [Adobe Reader Speed

Launcher] "C:Program FilesAdobeReader

8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [sunJavaUpdateSched]

"C:Program

FilesJavajre1.6.0_02binjusched.exe"

O4 - HKLM..Run: [iTunesHelper] "C:Program

FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [sigmatelSysTrayApp]

stsystra.exe

O4 - HKLM..Run: [QuickTime Task]

"C:Program FilesQuickTimeQTTask.exe"

-atboottime

O4 - HKLM..Run: [TkBellExe] "C:Program

FilesCommon

FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKCU..Run: [OE_OEM] "C:Program

FilesTrend MicroInternet Security

12TMAS_OETMAS_OEMon.exe"

O4 - HKCU..Run: [slide.exe] c:program

filesslideslide.exe

O4 - HKCU..Run: [Microsoft Location

Finder] "C:Program FilesMicrosoft Location

FinderLocationFinder.exe"

O4 - HKCU..Run: [ctfmon.exe]

C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..RunOnce: [sWHelper]

"C:WINDOWSsystem32MacromedShockwave

10PostUpdate.exe" 1010011

O4 - Global Startup: Microsoft Office.lnk =

C:Program FilesMicrosoft

OfficeOffice10OSA.EXE

O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:PROGRA~1MICROS~4Office10EXCEL.EX

E/3000

O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:Program

FilesJavajre1.6.0_02binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:Program

FilesJavajre1.6.0_02binssv.dll

O9 - Extra button: (no name) -

{B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:Program FilesCommon FilesMicrosoft

SharedEncarta Search BarENCSBAR.DLL

O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%Network Diagnosticxpnetdiag.exe

(file missing)

O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%Network Diagnosticxpnetdiag.exe

(file missing)

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:Program FilesMessengermsmsgs.exe

O11 - Options group: [iNTERNATIONAL]

International*

O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:Program

FilesYahoo!CommonYinsthelper.dll

O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.microsoft.com/microsoftupd

ate/v6/V5Controls/en/x86/client/muweb_site.c

ab?1192475246640

O20 - Winlogon Notify: igfxcui -

C:WINDOWSSYSTEM32igfxdev.dll

O20 - Winlogon Notify: WgaLogon -

C:WINDOWSSYSTEM32WgaLogon.dll

O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple,

Inc. - C:Program FilesCommon

FilesAppleMobile Device

SupportbinAppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service

(Avg7UpdSvc) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) -

GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: Creative Labs Licensing

Service - Creative Labs - C:Program

FilesCommon FilesCreative Labs

SharedServiceCreativeLicensing.exe

O23 - Service: iPod Service - Apple Inc. -

C:Program FilesiPodbiniPodService.exe

O23 - Service: Trend Micro Central Control

Component (PcCtlCom) - Trend Micro

Incorporated. -

C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service

(Tmntsrv) - Trend Micro Incorporated. -

C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall

(TmPfw) - Trend Micro Inc. -

C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe

O23 - Service: Trend Micro Proxy Service

(tmproxy) - Trend Micro Inc. -

C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe

O23 - Service: Viewpoint Manager Service -

Viewpoint Corporation - C:Program

FilesViewpointCommonViewpointService.exe

O23 - Service: Dell Wireless WLAN Tray

Service (wltrysvc) - Unknown owner -

C:WINDOWSSystem32WLTRYSVC.EXE

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

I can't read your HJT log the way you posted it, do it this way.

Open HJT Scan and Save a Log File, it will open in Notepad

Go to Format and make sure Wordwrap is Unchecked

Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.

Link to post
Share on other sites
DreamsAndGasoline

DreamsAndGasoline

Posted
  • Author
Posted

Opps! Sorry! And Thanks for helping!

Logfile of HijackThis v1.99.1

Scan saved at 7:54:08 PM, on 10/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe

O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192475246640

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Step 1

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

slide

Step 2

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Link to post
Share on other sites
DreamsAndGasoline

DreamsAndGasoline

Posted
  • Author
Posted

Scanning Report

Saturday, October 27, 2007 22:50:12 - 00:05:52

Computer name: MEG

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

--------------------------------------------------------------------------------

Result: 19 malware found

Tracking Cookie (spyware)

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 34313

System: 7987

Not scanned: 5

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

None: 19

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{A83E6793-3287-434B-90A0-D6C7561031A4}.BIN

C:\DOCUMENTS AND SETTINGS\MEG YOUNG\LOCAL SETTINGS\TEMP\HSPERFDATA_MEG YOUNG\2308

C:\DOCUMENTS AND SETTINGS\MEG YOUNG\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{C135997B-277B-44D1-8EEC-D0C2BABB5B2A}

--------------------------------------------------------------------------------

Options

Scanning engines:

F-Secure Libra: 2.4.2, 2007-10-26

F-Secure AVP: 7.0.171, 2007-10-27

F-Secure Orion: 1.2.37, 2007-10-26

F-Secure Blacklight: 1.0.64

F-Secure Draco: 1.0.35, 0597-150-72

F-Secure Pegasus: 1.19.0, 2007-09-18

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Use Advanced heuristics

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Nice job your log looks clean!

How is it running?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :)

Link to post
Share on other sites
DreamsAndGasoline

DreamsAndGasoline

Posted
  • Author
Posted

Oh Great! Thanks!

I have another question.

You said only one anti virus. Do I disable the one that came on my computer? Trend Micro Pro-cillin 12?

I also have Ad-Aware SE, cwshredder (Trend Micro Inc.), AVG, Windows Defender, and Spybot and Destroy. Wow, didn't know I had that much, lol.

What do I need to keep.. if anything. I'll download what you recommend.

Thanks!

Meg

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Anytime!

Well do you know how much longer your subscription is for Trend Micro Pro-cillin 12?

Because I would use that till your subscription ends, then I would reinstall one of the AV's I recommend above and use that.

So for now uninstall AVG7.

One high recommendation though is to install SpywareGuard 2.2 from the above list. It is like real time protection except for spyware.

If anything is unclear, feel free to ask.

Link to post
Share on other sites
  • 3 weeks later...
Andro1d

Andro1d

Posted
Posted

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing