Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
To all that have even clicked on this to read! Thanks Soooooo much!

Here is my Hijackthis log: I also have that aol_vss can't get rid of it Problem also.
Please Please!! Help Help Help!!

The Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:09:41 PM, on 12/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\lnternet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\hostplsrvc.exe
C:\WINDOWS\system32\opregmem.exe
C:\WINDOWS\system\icrss.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\capzzaby.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\pss.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.848\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wintask32.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Topic lnternet] lnternet.exe
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\System32\wtdvrogi.dll",setvm
O4 - HKLM\..\Run: [mlibsysmc] capzzaby.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKLM\..\RunServices: [mlibsysmc] capzzaby.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Microsoft Update] wintask32.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [layersldm] C:\WINDOWS\system32\hostplsrvc.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81A2B335-F0D6-4FCD-9700-EFBDDE799CF8}: NameServer = 68.237.161.12 71.243.0.12
O20 - AppInit_DLLs:
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe
O23 - Service: Microsoft update Service - Unknown owner - C:\WINDOWS\System32\dllcache\msiupdate32.exe (file missing)
O23 - Service: Print Spooler Service (ole7bdbeii2) - Unknown owner - C:\WINDOWS\System32\pss.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows System 32 - Unknown owner - C:\WINDOWS\sys32.exe (file missing)


Thanks Again to All
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Hi..

Please download the Killbox.and keep it handy....


I see you are not running Service Pack 2. Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please when all the cleanup has been done.

http://go.microsoft.com/fwlink/?linkid=52012





Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop icrss
sc delete icrss

sc stop ole7bdbeii2
sc delete ole7bdbeii2

sc stop sdk
sc delete sdk


Type Exit to close.
================================

Now run Killbox, left click and drag you mouse over the highlighted files below (including filepath) then right click and choose Copy (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. Next click on > "Delete on Reboot" and click on "All Files". Please do this even if this option is already checked. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot


C:\WINDOWS\System32\wtdvrogi.dll
C:\WINDOWS\system32\hostplsrvc.exe
C:\WINDOWS\System32\lnternet.exe
C:\WINDOWS\system\icrss.exe
C:\WINDOWS\System32\capzzaby.exe
C:\WINDOWS\System32\pss.exe
C:\WINDOWS\System32\wintask32.exe
C:\WINDOWS\System32\dllcache\msiupdate32.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\sys32.exe




Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wintask32.exe
O4 - HKLM\..\Run: [Topic lnternet] lnternet.exe
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\System32\wtdvrogi.dll",setvm
O4 - HKLM\..\Run: [mlibsysmc] capzzaby.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKLM\..\RunServices: [mlibsysmc] capzzaby.exe
O4 - HKCU\..\Run: [layersldm] C:\WINDOWS\system32\hostplsrvc.exe
O20 - AppInit_DLLs:
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe
O23 - Service: Microsoft update Service - Unknown owner - C:\WINDOWS\System32\dllcache\msiupdate32.exe (file missing)
O23 - Service: Print Spooler Service (ole7bdbeii2) - Unknown owner - C:\WINDOWS\System32\pss.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Windows System 32 - Unknown owner - C:\WINDOWS\sys32.exe (file missing)


Reboot and post a new log and the Clipboard txt.Also please post in the normal typescript
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
First and foremost! The utmost thanks for your help!
I will post a result logs!
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:34:46 AM, on 12/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
C:\WINDOWS\System32\pss.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.349\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [277BA9B0] C:\WINDOWS\System32\pss.exe
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKLM\..\RunServices: [277BA9B0] C:\WINDOWS\System32\pss.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Microsoft Update] wintask32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{81A2B335-F0D6-4FCD-9700-EFBDDE799CF8}: NameServer = 68.237.161.12 71.243.0.12
O23 - Service: Print Spooler Service (ole7bdbeii2) - Unknown owner - C:\WINDOWS\System32\pss.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows System 32 - Unknown owner - C:\WINDOWS\sys32.exe (file missing)

Still Having Pop-ups!!!

Also downloaded Microsoft Genuine Advantage Diagnostic Tool:
This is the result:
Validation Status: Not Active
WGA: Failed to Retrieve the file version

Also when Browsing and trying to download certain things, will just close mozilla or page, even deny connection.

Once again thanks much for your help!!
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top