Jump to content


Photo

Work Computer needs exorcism


  • This topic is locked This topic is locked
4 replies to this topic

#1 spasticat

spasticat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 11:24 AM

Logfile of HijackThis v1.98.0
Scan saved at 11:16:55 AM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\runservice.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\documents and settings\andrew a\local settings\temp\iwV2LP.exe
C:\WINDOWS\System32\qqfkvm.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\MAPI32889i.exe
C:\WINDOWS\System32\odkover.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\Odktq.exe
C:\WINDOWS\System32\PzaHe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Andrew A\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PWRSBIKD - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsbikd.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [iwV2LP] C:\documents and settings\andrew a\local settings\temp\iwV2LP.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Ahm8.exe
O4 - HKLM\..\Run: [osiqihbojmpn] C:\WINDOWS\System32\qqfkvm.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MAPI32889i.exe] "C:\WINDOWS\System32\MAPI32889i.exe"
O4 - HKCU\..\Run: [L053Rhe8R] odkover.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {88EE0A44-8721-423C-9805-C6AFDDF0BEAD} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.t...stallHelper.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (Sony Pictures Game Downloader) - http://www.sonypictu...eDownloader.cab



...I already got rid of the embarassing charlies angles game, but I'm sure there more garbage in there.


any and all feedback is greatly appreciated!

#2 spasticat

spasticat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 11:29 AM

More info on the problem:

1) About:blank has been hijacking my browser

2) I see pictures of spyware "bugs" in different sexual positions in a popup

3) On the left side of my browser window is a list of "hot searches" with everything from painkillers to software fixes

-thanks!

#3 spasticat

spasticat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 11:36 AM

another update (sorry for all the noob replies to my own thread)

Spybot SD Resident (ver 1.3) keeps detecting attempts at changing my registry for search pages and toolbars...

#4 spasticat

spasticat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 23 July 2004 - 12:35 PM

This site doesn't help for shit

#5 Charlesvar

Charlesvar

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 23 July 2004 - 01:35 PM

This site is inundated with requests like yours.

Two things you can do: This site has a tutorial on analysis of the log http://www.bleepingc...showtutorial=42

If you're running XP or ME, create a System Restore point before making any change. That's always good to do whenever making changes to the system anyway.

This site has a section called "Security/Virus" where you can get help http://www.windowsbbs.com/ with the log. There's not as much traffic.

Right now as I'm writing this, the BBS site is down - very rare.

Regards - Charles

Edited by Charlesvar, 23 July 2004 - 01:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button