Post by: zrichard on May 25, 2005, 09:16:11 AM
Logfile of HijackThis v1.99.1
Scan saved at 3:58:50 PM, on 5/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\HijackThis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Compd Service Drivrs] codq.exe
O4 - HKLM\..\RunServices: [Compd Service Drivrs] codq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Compd Service Drivrs] codq.exe
O4 - HKCU\..\RunServices: [Compd Service Drivrs] codq.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Rainlendar.lnk = D:\Utilities\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Communications\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Communications\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116870705609 (http://\"http://v5.windowsupdate.microsoft.com/v5co...b?1116870705609\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
Your help is GREATLY appreciated. Thank God for Linux and an alternate way to email. Your expertise is invaluable.
Richard
Post by: zrichard on May 27, 2005, 07:33:04 AM
Post by: zrichard on May 30, 2005, 10:43:05 AM
Post by: Dusty on May 30, 2005, 12:36:38 PM
Its being detected by AVG and healed and a sec later AVG warns again of this same trojan from what is called a infected back up copy that cannot be healed.
I seem to have got this after trying to upgrade my directx9.
The infected file is named msdirectx.sys
and AVG displays this as containing the Collect5.1. Trojan.
What does this Trojan do?
And please can you explain what I must do to get rid of this Trojan?
Thanks Dusty
Post by: Dusty on May 30, 2005, 07:48:58 PM
What I did is first visit the Virus site panda for on line Virus and trojan scanning.
This site seems to be what repaired my computer and removed the trojan.
I also installed the other software for trojan scanning Ewito I installed Windows Cleaner and it removed 189mb of temp files I did not even know where not removed by my other delete programs :-)
Thanks to all the techs who post information in reguard to the removal of Trojans and virus and other computer related problems.
Next time I need help I will read the topics and I will only request help if info needed is not already provided.
After useing Panda my computer was then free of this msdirctx.sys trojan.
I was surprized just running this on line test at panda was able to fix such a tough trojan.
Dusty
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
Post by: Guest on May 30, 2005, 07:55:05 PM
zrichard try this link for panda active scan.
It worked for me.
The actvie scan also removed the correct data needed to be removed from the registry automatic After a full system scan with several differant scanners my system is free of collect5.1 msdirect.sys and msconfig.exe after reboot I am pleased to see these problems have not come back.
Hope this helps :-) Dusty
Post by: zrichard on May 31, 2005, 08:29:37 PM
Moderators, would really appreciate your help on this one!
Post by: Dusty on May 31, 2005, 09:50:49 PM
You have the same Trojan on your computer that I had on mine.
I used Zonealarm to help block it.
I will get the link I found in this forum.
There is a entire thread of information and you then can also see the member name of the in house member that can help you.
This is no easy Trojan to remove.
And a Trojan like this for sure you need to get rid of it.
I will go search for the link you need and post it under this post
Dusty
Post by: Dusty on May 31, 2005, 09:59:22 PM
http://www.thetechguide.com/forum/index.php?showtopic=17450 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=17450\")
You will also see the member name that was helping this guy out.
I was surprized with a visit to Panda I was rid of 3 trojans.
If your not using Zone Alarm fire you should install it.
Sad to say but with some trojans your best way of getting rid of it may be a restore and format of your hard drive.
I know its a lot of work to do.
Once complete install a good virus software free at
http://www.avast.com (http://\"http://www.avast.com\")
install zone alarm at
http://zonelabs.com (http://\"http://zonelabs.com\")
On the forum link above you will also find other software you can install that just may help you rid this trojan without a system restore.
Good luck.
Dusty