Author Topic: I think I have a trojan (Read 1877 times)

Zaundra Gray · « **on:** March 17, 2005, 09:04:47 AM »

Hello,

I have been reading and it seems I do not understand as much about my computer as others but I have a real problem and would like to fix it. I live in Africa and I can not get help, in English, that I need. After reading one posting I installed Hijackthis and Security Task Manager. I will place the report that I got on this. Could you please help me fix it. Things on my computer just pop up and dissappear. It takes about 12 hours to bootup after a restart. The microphone is not working and Activex is haveing problems, Cds will not load and I get some message about fat32 and msdos and them not being compataible. Please tell me what to do. Thanks Zizi

Here is the log:

Process list saved on 2:00:18 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid]   [full path to filename]      [file version]   [company name]
436   C:\WINDOWS\System32\smss.exe      5.1.2600.2180   Microsoft Corporation
512   C:\WINDOWS\system32\csrss.exe      5.1.2600.2180   Microsoft Corporation
536   C:\WINDOWS\system32\winlogon.exe      5.1.2600.2180   Microsoft Corporation
580   C:\WINDOWS\system32\services.exe      5.1.2600.2180   Microsoft Corporation
592   C:\WINDOWS\system32\lsass.exe      5.1.2600.2180   Microsoft Corporation
732   C:\WINDOWS\system32\svchost.exe      5.1.2600.2180   Microsoft Corporation
780   C:\WINDOWS\system32\svchost.exe      5.1.2600.2180   Microsoft Corporation
816   C:\WINDOWS\System32\svchost.exe      5.1.2600.2180   Microsoft Corporation
888   C:\WINDOWS\System32\svchost.exe      5.1.2600.2180   Microsoft Corporation
976   C:\WINDOWS\System32\svchost.exe      5.1.2600.2180   Microsoft Corporation
1096   C:\WINDOWS\system32\spoolsv.exe      5.1.2600.2180   Microsoft Corporation
1196   C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE      2.0.20.1   America Online, Inc.
1216   C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe      1.0.3.4   Symantec Corporation
1284   C:\Program Files\Roxio\GoBack\GBPoll.exe      3.1.1.59   Roxio, Inc.
1316   C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE      2003.0.0.775   Symantec Corporation
1380   C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe      4.1.0.1   McAfee Corporation
1420   C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe      9.0.5.1015   Symantec Corporation
1472   C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE      16.0.0.22   Symantec Corporation
1600   C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe      7.0.0.24   Symantec Corporation
1624   C:\WINDOWS\System32\svchost.exe      5.1.2600.2180   Microsoft Corporation
1656   C:\WINDOWS\wanmpsvc.exe      9.0.0.0   America Online, Inc.
1716   C:\Program Files\Common Files\WinTools\WToolsS.exe      1.0.3.2
2000   C:\WINDOWS\System32\alg.exe      5.1.2600.2180   Microsoft Corporation
2092   C:\WINDOWS\Explorer.EXE      6.0.2900.2180   Microsoft Corporation
2252   C:\Program Files\Common Files\Symantec Shared\ccApp.exe      1.0.10.6   Symantec Corporation
2268   C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe      2003.0.0.775   Symantec Corporation
2280   C:\Program Files\windows music player\Winampa.exe
2288   C:\WINDOWS\gtwatch.exe
2308   C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe      2.80.0.0   HP
2316   C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe      8.20.0.107   MUSICMATCH, Inc.
2324   C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe      1.0.0.1   TODO: <Company name>
2332   C:\Program Files\websx\int139749.exe      3.0.2.0   http://www.alife.de
2340   C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe      300.7.0.2   THOMSON
2348   C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe      4.6.1.0   CommonName
2372   C:\PROGRA~1\mcafee.com\agent\mcagent.exe      4.3.0.10   Networks Associates Technology, Inc
2388   C:\Program Files\Common Files\Real\Update_OB\realsched.exe      0.1.0.3018   RealNetworks, Inc.
2428   C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe      1.0.7.14
2508   c:\progra~1\mcafee.com\vso\mcvsescn.exe      8.0.0.30   Networks Associates Technology, Inc
2596   C:\Program Files\Common Files\AOL\ACS\AOLDial.exe      2.0.20.1   America Online, Inc
2620   C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
2652   C:\Program Files\QuickTime\qttask.exe      6.5.0.48   Apple Computer, Inc.
2668   C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe      1.0.0.69
2776   C:\WINDOWS\System32\msvcmm32.exe      2.9.0.135   Movielink LLC
2832   C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe      2.9.0.135   Movielink LLC
2908   C:\WINDOWS\system32\rundll32.exe      5.1.2600.2180   Microsoft Corporation
2936   C:\Program Files\Windows SyncroAd\SyncroAd.exe
3000   C:\program files\180solutions\sais.exe      5.15.15.0   180solutions, Inc.
3112   C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe      1.2.3000.1001   Microsoft Corporation
3144   C:\PROGRA~1\WRTUOR~1\UOSVPO~1.exe      5.5.0.1   CommonName
3196   C:\Program Files\Windows SyncroAd\WinSync.exe
3432   C:\Program Files\Common Files\WinTools\WSup.exe      1.0.7.14
3724   C:\Program Files\Messenger\msmsgs.exe      4.7.0.3001   Microsoft Corporation
3920   c:\progra~1\mcafee.com\vso\mcvsftsn.exe      8.0.0.20   Networks Associates Technology, Inc
2856   C:\WINDOWS\System32\wbem\wmiprvse.exe      5.1.2600.2180   Microsoft Corporation
1580   C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE      4.5.4.40   McAfee Security
2532   C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE      4.1.0.1   McAfee Security
3236   C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe      1.5.0.10   Sun Microsystems, Inc.
3392   C:\Program Files\PC MightyMax\pcmm.exe      9.1.0.2   PC MightyMax
3232   C:\WINDOWS\system32\rundll32.exe      5.1.2600.2180   Microsoft Corporation
392   C:\WINDOWS\system32\ctfmon.exe      5.1.2600.2180   Microsoft Corporation
2632   C:\Documents and Settings\USER1\Application Data\apwt.exe
4044   C:\Program Files\Yahoo!\Messenger\ypager.exe      6.0.0.1922   Yahoo! Inc.
3760   C:\Program Files\Skype\Phone\Skype.exe      1.1.0.79
3656   C:\Program Files\Roxio\GoBack\GBTray.exe      3.1.1.59   Roxio, Inc.
2664   C:\WINDOWS\twain_32\A6U16K\WATCH.exe      2.3.5.0   Common Group
1000   C:\WINDOWS\DvzCommon\DvzMsgr.exe
3572   C:\Program Files\America Online 9.0a\aoltray.exe      9.0.0.1   America Online, Inc.
4008   C:\Program Files\MightyFax\MFNTCTL.EXE
2740   C:\Program Files\Labtec Wireless Desktop\MagicKey.exe      1.0.0.1
2872   C:\Program Files\AOL Companion\companion.exe      1.6.2.0
3800   C:\Everything for My Palm\HOTSYNC.EXE      4.0.0.0   Palm, Inc.
3628   C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
4084   C:\Program Files\Labtec Wireless Desktop\OSD.EXE      1.0.0.0   WayTech Development, Inc.
1128   C:\Program Files\America Online 9.0a\wEmail Removedexe      9.0.0.2   America Online, Inc.
3876   C:\Program Files\America Online 9.0a\shellmon.exe      9.0.0.1   America Online, Inc.
2576   c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe      8.0.0.15   Networks Associates Technology, Inc
868   c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe      8.0.0.12   Networks Associates Technology, Inc
1124   c:\PROGRA~1\mcafee.com\vso\mcshield.exe      6.0.0.100
400   C:\Program Files\Hijackthis\HijackThis.exe      1.99.0.1   Soeperman Enterprises Ltd.
2960   C:\Program Files\Internet Explorer\iexplore.exe      6.0.2900.2180   Microsoft Corporation
3404   C:\Program Files\Common Files\Aol\aoltpspd.exe      1.1.1.0   America Online Inc

StartupList report, 3/17/2005, 2:04:19 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\windows music player\Winampa.exe
C:\WINDOWS\gtwatch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\websx\int139749.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\program files\180solutions\sais.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\WRTUOR~1\UOSVPO~1.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER1\Application Data\apwt.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\twain_32\A6U16K\WATCH.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\AOL Companion\companion.exe
C:\Everything for My Palm\HOTSYNC.EXE
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\w?nlogon.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\USER1\Start Menu\Programs\Startup]
HotSync Manager.lnk = C:\Everything for My Palm\HOTSYNC.EXE
PowerReg Scheduler.exe
Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
Watch.lnk = C:\WINDOWS\twain_32\A6U16K\WATCH.exe
DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
WinampAgent = "C:\Program Files\windows music player\Winampa.exe"
Gtwatch = C:\WINDOWS\gtwatch.exe
(Default) =
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
websx = C:\Program Files\websx\int139749.exe -auto
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
winnet = C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
LoadMSvcmm = C:\WINDOWS\System32\msvcmm32.exe
M3Tray = C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe /WNDSTART /Tray
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
Windows SyncroAd = C:\Program Files\Windows SyncroAd\SyncroAd.exe
sais = c:\program files\180solutions\sais.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Instant Access = rundll32.exe EGCOMSERVICE_1049.dll,InstantAccess
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Lsot = C:\Documents and Settings\USER1\Application Data\apwt.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\TRANQU~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

BabeIE - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll - {00000000-0000-0000-0000-000000000000}
(no name) - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL - {04079851-5845-4dea-848C-3ECD647AA554}
(no name) - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62}
(no name) - C:\Program Files\NewDotNet\newdotnet6_38.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
(no name) - (no file) - {62881128-BD6F-6EEE-875E-6C557FF92D18}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll - {63B78BC1-A711-4D46-AD2F-C581AC420D41}
(no name) - C:\WINDOWS\system32\bvvbplpl.dll - {77996C23-D3CE-901D-C467-D57847B59F98}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\PROGRA~1\Toolbar\toolbar.dll - {8952A998-1E7E-4716-B23D-3DBE03910972}
(no name) - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - (no file) - {D14D6793-9B65-11D3-80B6-00500487BDBA}
(no name) - (no file) - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
McAfee.com Scan for Viruses - My Computer (USER-USER1).job
McAfee.com Update Check (USER-USER1).job
McAfee.com Update Check (USER-PowerUser).job

--------------------------------------------------

Enumerating Download Program Files:

[{10954C80-4F0F-11D3-B17C-00C0DFE39736}]
CODEBASE = http://hot.thebugs.ws/fav.exe

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/download/ipixx.cab

[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
CODEBASE = http://public.windupdates.com/get_file.php...28695168af3c74a

[{2AEEAC34-FD74-4142-B891-4B05C0C03C87}]
CODEBASE = http://akamai.downloadv3.com/binaries/Dial...049_pack_XP.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

[{469C7080-8EC8-43A6-AD97-45848113743C}]
CODEBASE = http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.Email Removed/computercheckup/qdiagcc.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll
CODEBASE = http://download.av.Email Removed/molbin/shared/m...77/mcinsctl.cab

[Sinstaller Class]
InProcServer32 = C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll
CODEBASE = http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

[MediaTicketsInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX
CODEBASE = http://www.mt-download.com/MediaTicketsInstaller.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\System32\mcgdmgr.dll
CODEBASE = http://download.av.Email Removed/molbin/shared/m...,18/mcgdmgr.cab

[{D52D92F2-3650-439C-AA18-03EE4F6859DE}]
CODEBASE = http://dialer.dialerxp.com/getdialer/L112.exe

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_38.dll
Protocol #1: C:\Program Files\NewDotNet\newdotnet6_38.dll
Protocol #2: C:\Program Files\NewDotNet\newdotnet6_38.dll
Protocol #18: C:\Program Files\NewDotNet\newdotnet6_38.dll
Protocol #19: C:\Program Files\NewDotNet\newdotnet6_38.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\USER1\LOCALS~1\Temp\~805466.tmp|||A

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 14,112 bytes
Report generated in 0.843 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

guestolo · « **Reply #1 on:** March 17, 2005, 11:26:30 PM »

Can I get you to run a Hijackthis log and post it, you posted a startup log from Hijackthis
Also ensure your running Hijackthis 1.99.1 and it is saved to a Permanent folder

Here's the instructions
Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

Zaundra Gray · « **Reply #2 on:** March 19, 2005, 08:42:05 AM »

Hi thank responding so fast. After I saw what you told some one else I did stop the process of w?nlogon.exe because my securty firewall has been asking for it to have acess to my computer over and over again. And even when I say no it just ask again. I did not know what it was so a couple of times I just said yes because it looked like windows of some kind. But since I stopped the process it has not asked me. Thanks here is the scan log:

An unexpected error has occurred at procedure: modMain_CheckOther4Item()
Error #6 - Overflow

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

I got this message but I will copy the log now:

It will now let me copy, I think it is to long. How do I get it to you?

guestolo · « **Reply #3 on:** March 19, 2005, 11:22:18 AM »

Can you for now, because I see many entries that can hijackthis your Winsock settings
Download and save to desktop
WinsockFixXp
Don't run it, but we have it just in case of loss of Internet connection

Not sure why the error with Hijackthis, but it may have to do with entries in your log
Can you first try and rid yourself of NewDotNet
Access your Add/Remove Programs and remove if found
New.net Application or New.net Domains
Do this with All other windows closed, including this one

Restart your computer afterwards
If not found in Add/Remove please use this link for removal
http://www.newdotnet.com/removal.html
Preferrably procedure 4 if the first option is not available
You can save the uninstaller to desktop and run from there
Remember to run the uninstaller after you have closed all other windows and then Restart your computer

Back in Windows

Go back to Add/Remove programs and remove if you can and if found
Windows SyncroAd
Restart the computer again

Back in Windows
Back at Add/Remove Programs
WebSearch Toolbar
WebSearch Tools
Search Assistant
Win-Tools Easy Installer
CommonNameor similiar, May be more than one entry, If this prompts you too enter a code, do so
180 Search Assistant or 180 Solutions or similiar(You must be connected to the internet. Just keep pressing the uninstall button when it prompts).

# Do not reboot until they have all been removed even if prompted.

# When you are uninstalling the last program you can then reboot when prompted

Make sure you Restart the computer

Try and do another scan with Hijackthis and post the log
If you still get the error, try redownloading Hijackthis from my Signature below
and try again, if still no go we may have to try an older version of Hijackthis for now

TheTechGuide Forum

News:

Author Topic: I think I have a trojan (Read 1877 times)

Zaundra Gray

I think I have a trojan

guestolo

I think I have a trojan

Zaundra Gray

I think I have a trojan

guestolo

I think I have a trojan