|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Comp gone nuts/possibly a Trojan?
Windows XP Pro. 80gb hardrive 1994 mhz RAM – 2.2mb broadand Samsung cdrw/dvd sm – 352b - NEC DVD RW - Nero 6 ultra ed. + upgrades,Roxio 7
Avast! Firewall. Spybot. Adaware. Cwshreddeer. Hijackthis. Regcleaner Hi all, I have had so many problems with the comp for the last few days. Basically it wouldn't load quickly. It froze every prog that was anti spyware - like spybot etc - and was extremely slow opening any other folders. It wouldn't let me connect to the net or would it close down to just have the screensacer and the pointer. I had to pull out the mains plug. If I tried to use task manager it just froze. I tred to do a system restore from tools, my comp, and F8 but would not reboot for it to take effect! I read the sticky about doing an online scan after I had tried the Trend mico online scan ( which in my opinion is the best one ) and the ewido so don't get Ann Marie to it me with that stick again! The ewido scan is clear but as soon as I try to scan with TM it just shuts the prog down. When I loaded my asdl one touch speed modem it never showed up in the hardware list and I had to use a remote comp to connect to the net. When I did the HJT scan it said something about having too many infected domains and it would be easier to get rid of the core file; anything that starts 01 but as far as I can see, most 01 files are winmx which I on't think I have used for 6 months now so I don't know why that should appear now. Could someone look at my HJT log please? Logfile of HijackThis v1.99.1 Scan saved at 08:53:29, on 23/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\IDDevice\pwm.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Documents and Settings\AMD\My Documents\New Folder (7)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve O1 - Hosts: 205.238.40.1 winmx.com O1 - Hosts: 205.238.40.1 www.winmx.com O1 - Hosts: 205.238.40.1 err.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file) O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\1911.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Start PasswordCenter.lnk = C:\Program Files\IDDevice\pwm.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\1911.dll/blogimage O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148365893288 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148366690825 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0045C35F-B8C5-4546-AF4B-FF0603EC10B0}: NameServer = 195.92.195.94 195.92.195.95 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Thanks for any help |
#2
|
|||
|
|||
Hi
To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu. Then run HJT and remove these items. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk O1 - Hosts: 205.238.40.1 winmx.com O1 - Hosts: 205.238.40.1 www.winmx.com O1 - Hosts: 205.238.40.1 err.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab Last edited by Pancake; May 24th, 2006 at 02:34 AM. |
#3
|
||||
|
||||
Hi Pancake, thanks for all your help; it is much appreciated.
I don't know if I fixed all the ones you listed because my printer is knacked as well and I had to resort to ye old fashioned pen and paper and got confused. Anyway, here is my new HJT log. I also got rid of Winmx totally and installed AVG scanner. Tell me if there is anything else but my comp is running much smoother after following you advice. Thanks Logfile of HijackThis v1.99.1 Scan saved at 22:27:14, on 25/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\qttask.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\IDDevice\pwm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\1911.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Start PasswordCenter.lnk = C:\Program Files\IDDevice\pwm.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\1911.dll/blogimage O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148365893288 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148366690825 O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.freedom.net/viruscenter/o...abs/cssweb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0045C35F-B8C5-4546-AF4B-FF0603EC10B0}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe |
#4
|
|||
|
|||
That all looks fine.I dont see anymore problems....
|
#5
|
||||
|
||||
Thanks Mate
|
#6
|
|||
|
|||
Your welcome.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Possibly have a Trojan--need help! | thevioletstorm2 | Malware Removal | 16 | April 7th, 2015 06:22 AM |
Help! Computer Virus! Possibly a Trojan? | RandomKid | Malware Removal | 1 | December 25th, 2010 04:01 AM |
Trojan Possibly | Neo2741 | Malware Removal | 1 | February 19th, 2009 05:31 PM |
Some trojan possibly changed some settings | xGAx | Malware Removal | 9 | May 27th, 2008 03:16 AM |
Comp doesn't start, fan goes nuts. | KillaAssassin | Hardware | 2 | May 1st, 2007 04:00 AM |
All times are GMT +1. The time now is 06:08 PM.