Deucehearts Posted May 25, 2008 Report Share Posted May 25, 2008 Here is my HIJack log. Any help would be Great. Friends Laptop running XP Home with SP3. I ran AVG and Spybot with out any luck.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:07:23 PM, on 5/25/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\mrofinu333.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\carpserv.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: (no name) - {800A0C44-E788-419C-B8B5-1B4964C56785} - C:\WINDOWS\system32\iifeddb.dll (file missing)O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C64B~1\Bar888.dll (file missing)O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C64B~1\Bar888.dll (file missing)O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F86C07B5670CA3B5571E744AB97O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{6C64B92E-07C9-1033-0403-030303180001}] "C:\Program Files\Common Files\{6C64B92E-07C9-1033-0403-030303180001}\Update.exe" mc-110-12-0000501 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{6C64B92E-07C9-1033-0403-030303180001}] "C:\Program Files\Common Files\{6C64B92E-07C9-1033-0403-030303180001}\Update.exe" mc-110-12-0000501 (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.htmlO8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211324596551O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,avgrsstx.dllO20 - Winlogon Notify: iifeddb - iifeddb.dll (file missing)O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)--End of file - 4824 bytes Link to post Share on other sites
Deucehearts Posted May 25, 2008 Author Report Share Posted May 25, 2008 Would it be best to just reformat the HD and reinstall the os? This is a new hard drive installed in it and the recovery disks were used(which I think the infection is on) to reinstall the OS. Link to post Share on other sites
Deucehearts Posted May 26, 2008 Author Report Share Posted May 26, 2008 I just reformated the drive and reinstalled the OS with a OEM disk I had laying around. Thanks everybody for your time. This thread can be closed now. Link to post Share on other sites
hitest Posted May 26, 2008 Report Share Posted May 26, 2008 Closed as per your request. Link to post Share on other sites
Recommended Posts