Computer Hope

Software => Computer viruses and spyware => Topic started by: 777 on March 15, 2007, 05:45:23 PM

Title: Hijackthis log
Post by: 777 on March 15, 2007, 05:45:23 PM

I had problems with moving desktop icons, opening task manager and opening volume control. My desktop also disappears after a while. I can't copy and paste, but I can for a while then I can't. My computer cannot be restarted because it says I am not the owner of it. I am concerned that something is up to trouble...


Logfile of HijackThis v1.99.1
Scan saved at 7:45:52 PM, on 3/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Novak\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152741305916
O20 - AppInit_DLLs: 205910M.BMP
O20 - Winlogon Notify: cmdmant - C:\WINNT\SYSTEM32\msgcom.dll
O21 - SSODL: CDBurner - {D92D637A-0FB7-412D-A7E8-29340A580F7E} - C:\WINNT\Downloaded Program Files\jaasnt.dll (file missing)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PCtel speaker phone (pctspk) - PCtel, Inc. - C:\WINNT\System32\pctspk.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINNT\system32\Security.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe

Title: Re: Hijackthis log
Post by: patio on March 15, 2007, 07:14:51 PM

Doesn't look like a complete log to me...

Others might be along to advise.

Title: Re: Hijackthis log
Post by: oddjob on March 16, 2007, 05:53:22 AM

Hello Avast

I recommend you print this out to help you follow the advice.

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

************************

Please download the trial version of WebRoot SpySweeper from here ……link is a little way down the page on the right) ……

http://www.webroot.com/consumer/products/spysweeper/?acode=af1&rc=855

•      Click Download Now to download the program.
•      Install it. Once the program is installed, it will open.
•      It will prompt you to update to the latest definitions, click Yes.
•      Once the definitions are installed, click Options on the left side.
•      Click the Sweep Options tab.
•      Under What to Sweep please put a check next to the following:
o      Sweep Memory
o      Sweep Registry
o      Sweep Cookies
o      Sweep All User Accounts
o      Enable Direct Disk Sweeping
o      Sweep Contents of Compressed Files
o      Sweep for Rootkits
o      Please UNCHECK Do not Sweep System Restore Folder.
•      Click Sweep Now on the left side.
•      Click the Start button.
•      When it's done scanning, click the Next button.
•      Make sure everything has a check next to it, then click the Next button.
•      It will remove all of the items found.
•      Click Session Log in the upper right corner, copy everything in that window.
•      Click the Summary tab and click Finish.
•      SAVE the contents of the session log.

************************

Now reboot to safe mode. Here’s a “how to” if you’re not sure ….

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

************************

Open HijackThis … click on SCAN … put tick/check marks next to these entries IF they are still present …

O4 - HKLM\..\Run: [SOUNDM] winsmd.exe

O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab

O20 - AppInit_DLLs: 205910M.BMP

O20 - Winlogon Notify: cmdmant - C:\WINNT\SYSTEM32\msgcom.dll

O21 - SSODL: CDBurner - {D92D637A-0FB7-412D-A7E8-29340A580F7E} - C:\WINNT\Downloaded Program Files\jaasnt.dll (file missing)

O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)

O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll (file missing)

O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINNT\system32\Security.exe

Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.

************************

Next go to these files & folders in bold and DELETE them …..

C:\PROGRAM FILES \PACIFIC POKER >> whole folder

C:\WINNT\web >> whole folder

C:\WINNT\SYSTEM32\msgcom.dll >> file

C:\WINNT\Downloaded Program Files\jaasnt.dll >> file

C:\Program Files\internet explorer\PLUGINS\IPictureEx.dll >> file

C:\WINNT\system32\Security.exe >> file

winsmd.exe >> run a system wide search for this file to locate it.

************************

Empty your recycle bin.

************************

Reboot your system in Normal Mode.

************************

Perform an online scan with Internet Explorer with Panda ActiveScan here ....

http://www.pandasoftware.com/products/activescan.htm

Click on the "Free To Use ActiveScan" located on the top right hand corner [list=1]

• Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
• Enter your e-mail address, country, and state & click Scan Now  * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report[/color]
  * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  * Turn off the real time scanner of any existing antivirus program while performing the online scan
  
  Paste the Panda Scan report here together with a fresh HiJackThis log and the Spy Sweeper log you saved earlier.
  
  Please also let us know how the computer is working now and make sure your antivirus and firewall are fully up to date.
  
  
  OJ