|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
11-13-2006, 08:03 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 6
OS: Windows XP
|
browser and windows issues
i have windows xp. a couple of days ago ie stopped working. i have internet but it wont load the webpage. also sometimws when i click on control panel it never comes up.
here is the hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 8:40:02 PM, on 11/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Common Files\AOL\1125452020\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe C:\Program Files\Common Files\AOL\1125452020\ee\AOLSoftware.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\AOL\1125452020\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe C:\SCANJET\PrecisionScanLT\hppwrsav.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe c:\program files\common files\aol\1125452020\ee\aolssc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sonic\RecordNow!\RecordNow.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\silia\Local Settings\Temp\wzdbd5\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\System32\req.dat (file missing) O2 - BHO: (no name) - {3BA7697A-CA45-71B4-8001-6D5505F17F37} - C:\WINDOWS\System32\ujcugu.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125452020\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [obadww] c:\windows\system32\obadww.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [Ndpdkq] C:\Program Files\Ppmbbrx\Klcmk.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125452020\ee\AOLSoftware.exe O4 - HKLM\..\Run: [EPSON Stylus C42 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P32 "EPSON Stylus C42 Series (Copy 1)" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125452020\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SpyDefender Scanner] C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\SDScanner.exe /scan /remove O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.2.0.38/cab/aolpPlugins.10.1.0.0.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160544980968 O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: msmp3 - C:\WINDOWS\AppPatch\msmp3.dll (file missing) O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dat (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1125452020\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe any help would be greatly appreciated thanx |
|
     
|
|
11-14-2006, 10:01 PM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Hi..
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\System32\req.dat (file missing) O2 - BHO: (no name) - {3BA7697A-CA45-71B4-8001-6D5505F17F37} - C:\WINDOWS\System32\ujcugu.dll (file missing) O4 - HKLM\..\Run: [obadww] c:\windows\system32\obadww.exe O4 - HKLM\..\Run: [Ndpdkq] C:\Program Files\Ppmbbrx\Klcmk.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dat (file missing) Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s c:\windows\system32\obadww.exe C:\Program Files\ Ppmbbrx\Klcmk.exe Reboot...................... Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to. Anti-virus Also, run this pc through the... Panda Online virus scanner or Trend Micro Housecall Online virus scanner Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually. ============================================= Please download the trial version of/AVG Anti-Spyware 7.5 here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Once in Safe Mode, please run AVG, and run a full scan. During the scan it will prompt you to clean files, click OK. Save the logfile from the scan and post it here along with a new HJT log.
__________________
An Australian Member of  Eddy |
|
|
|
|
| Thread Tools | |
|
|
