Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ummm, help plz.... 1

Status
Not open for further replies.
Imabikehandle

Imabikehandle

Vendor
May 19, 2006
2
US
Ok, so, I saw this other dude ask pretty much what i was going to... so, I'll just post the "logs" from Hijackthis(that is what you told the dude to scan.. so I went ahead and did it..)

I keep getting the muon and a-d-a-w-a-r-e websites.. and it's really annoying.... lol.. hopefully someone can help..



Logfile of HijackThis v1.99.1
Scan saved at 2:19:54 AM, on 5/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWSN\System32\smss.exe
C:\WINDOWSN\system32\winlogon.exe
C:\WINDOWSN\system32\services.exe
C:\WINDOWSN\system32\lsass.exe
C:\WINDOWSN\system32\svchost.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\rundll32.exe
C:\WINDOWSN\system32\spoolsv.exe
C:\WINDOWSN\Explorer.EXE
C:\WINDOWSN\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOSSTUDENTSYNC22\Binn\sqlservr.exe
C:\WINDOWSN\System32\nvsvc32.exe
C:\WINDOWSN\mdmprs32.exe
C:\WINDOWSN\system32\svchost.exe
C:\WINDOWSN\RNapxs.exe
C:\Program Files\Andrea\AudioCOMMANDER\Program\AudioC.exe
C:\WINDOWSN\mdmps32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
C:\WINDOWSN\NCLAUNCH.EXe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\TASKMAN.EXE
C:\WINDOWSN\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\EA GAMES\Battlefield 2\BF2.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWSN\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LnkSet] C:\WINDOWSN\RNapxs.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [AudioCOMMANDER] C:\Program Files\Andrea\AudioCOMMANDER\Program\AudioC /tray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWSN\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWSN\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWSN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard20.exe
O4 - HKLM\..\Run: [newname] C:\\newname20.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWSN\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWSN\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Paths - C:\WINDOWSN\system32\cgrsrv.dll
O21 - SSODL: XmLdrLocation - {0C887F38-5178-43DA-B9F0-B856141FCDA4} - C:\WINDOWSN\System32\nvrcr32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWSN\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWSN\System32\nvsvc32.exe
O23 - Service: WinSock Extention Manager (WsEm Srv) - Unknown owner - C:\WINDOWSN\mdmprs32.exe
 
Sort by date Sort by votes
hoster

Download the Hoster from:


UnZip the file and press "Restore Original Hosts" and press "OK". Exit
Program.


Click here to download Look2Me-Destroyer.exe and save it to your desktop.




* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.


If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.





First make a folder In C:\ & call it BFU then

please download BFU from



and save it to the folder you have just made
Open the folder & double click BFU.exe to run it


Run the program and click the Web button.


Use this URL below and copy it into the address bar of the Download script
window:





Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:


Turn off spybot's teatimer as it cna interfere with the fixes!


Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!




post another hijack this log, and the l2me and we'll deal with the other problems next!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
might want to disable "resotre points" before you do all of the above
 
Upvote 0 Downvote
No, keep the restore points, better to have a bad restore point than have no restore point at all to go back to!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Ok, so I did this...


"Download the Hoster from:


UnZip the file and press "Restore Original Hosts" and press "OK". Exit
Program.


Click here to download Look2Me-Destroyer.exe and save it to your desktop.



And, I dled look2me.. but, when I clicked on the "Scan for l2m" or something like that, it just shut windows down...

I got a blue screen "of death" lol.. it was blue, had text, and said something about an important function of windows has been shut down, so windows has been stopped to prevent damage.... lol
 
Upvote 0 Downvote
ok,try this instead! Make sure spybot's teatimer is disabled until we are finshed!

run all the other tools and then run this l2me a different tool!

Download L2mfix from one of these two locations:




Save the file to your desktop and double click l2mfix.exe. Click the Install
button to extract the files and follow the prompts, then open the newly added
l2mfix folder on your desktop. Double click l2mfix.bat and select option #1
for Run Find Log by typing 1 and then pressing enter. This will scan your
computer and it may appear nothing is happening, then, after a minute or 2,
notepad will open with a log. Copy the contents of that log and paste it into
this thread.


IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!


post another hijack this log, and the l2me and we'll deal with the other problems next!


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
195
BionicJohn
BionicJohn
waikhu
  • Locked
  • Question
Somebody help me out, when my pc st
Replies
3
Views
116
kjv1611
kjv1611
eightoheight
  • Locked
  • Question
Need help removing virus.
Replies
6
Views
385
goombawaho
goombawaho
techlounge
  • Locked
  • Question
Help in defining the meaning of a Virus & Worm 1
Replies
6
Views
180
techlounge
techlounge
anderlee
  • Locked
  • Question
Need help removing virus
Replies
3
Views
309
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top