Author Topic: HJT Log - Help! (Read 710 times)

ummzee · « **on:** September 09, 2007, 07:23:45 PM »

Hello,

My CPU runs at 100% all the time and the hour glass stays up. All basic functions work however, the computer is slow.
Please look at my HJT. I am also having problems loading some software.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:35 PM, on 9/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\WINNT\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\1129383946\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL 9.0\wEmail Removedexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ytb3.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB3DD.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\YCOMP_~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1129383946\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [hwfutczk.exe] C:\Documents and Settings\All Users\Application Data\hwfutczk.exe
O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKLM\..\Run: [ppsmcs] sqvx5gamet2.exe
O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe
O4 - HKCU\..\Run: [netasv2] C:\WINNT\system32\cmdbzyln.exe
O4 - HKCU\..\Run: [vcmicrec] C:\WINNT\system32\msccsed.exe
O4 - HKCU\..\Run: [resvsio] C:\WINNT\system32\atsdisc.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\Email RemovedEXE" -b
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Launchpad.lnk = C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
O4 - Global Startup: SnapDetect.lnk = C:\WINNT\Twain_32\CA561A\SnapDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\tmwsock.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.grazemusic.com/install/network/install.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183255099528
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 85.255.114.70,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O21 - SSODL: gHexXZmUpDgi - {A80C390E-02A6-93A4-5EAC-E97C9D9C1F59} - C:\WINNT\system32\ue.dll (file missing)
O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINNT\system32\.exe (file missing)

--
End of file - 9573 bytes

guestolo · « **Reply #1 on:** September 09, 2007, 08:32:11 PM »

Wow, that didn't take long to get infected

Let's try the following, even if I duplicate some instructions
Ensure you do all the below
Download: CCleaner v1.40.520 - Slim from this link and install it
http://www.ccleaner.com/download/builds.aspx
We'll need this later

Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Don't do nothing with it yet,
We'll need this later also

download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Leave it on your desktop for now, we will need it later

Print the rest of these instructions or save them too a text file on desktop for reference

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKLM\..\Run: [ppsmcs] sqvx5gamet2.exe
O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe
O4 - HKCU\..\Run: [netasv2] C:\WINNT\system32\cmdbzyln.exe
O4 - HKCU\..\Run: [vcmicrec] C:\WINNT\system32\msccsed.exe
O4 - HKCU\..\Run: [resvsio] C:\WINNT\system32\atsdisc.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 85.255.114.70,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O21 - SSODL: gHexXZmUpDgi - {A80C390E-02A6-93A4-5EAC-E97C9D9C1F59} - C:\WINNT\system32\ue.dll (file missing)
O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Windows Management Service - Unknown owner - C:\WINNT\system32\.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Run CCleaner
Next: click Options click the Advanced button
Uncheck: "Only delete files in Windows temp folders older than 48 hrs."
NEXT: Click the Cleaner
Then click Run Cleaner (bottom right)
OK the prompt, when finished scanning, just exit the program

Remain in safe mode
SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

I'll need to see that log later, but for now
Fixwareout
Double click on Fixwareout.exe on desktop
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Back in Windows
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I need you to post back here all the following, even if it takes more than one reply to do so

1. Post the log from Combofix
2. Post a fresh HijackThis log
3. Post the report from Fixwareout>>report.txt in the C:\Fixwareout folder
4. Post the report from SDFix in the >>> C:\SDFix folder

NOTE: It will probably take more than one reply to post all the above logs, please do so if needed

ummzee · « **Reply #2 on:** September 14, 2007, 10:38:03 AM »

Hello,

I should have mentioned, this is not the same computer. Everyting is fine with the other, there are a few in the house.

I had a few problems but the hour glass that would not go away before when away with the first ticks you suggesred.

When using CCleaner - It locks up so I went through easy section and it locks on the cleaning of the temp files.
I manually deleted the temp files after searcking for *.tmp, deleted all but the temp folders found. CCleaner continues to lock when it get to the temp files.

SDFix could not load a file but continued. Logs below:

HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24, on 2007-09-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\WINNT\Twain_32\CA561A\SnapDetect.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\1129383946\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1129383946\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [ppsmcs] sqvx5gamet2.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Launchpad.lnk = C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
O4 - Global Startup: SnapDetect.lnk = C:\WINNT\Twain_32\CA561A\SnapDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183255099528
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 5714 bytes

Combo said I have internet connection problems and to let you know I have the "dnsbak.reg file, however, I am not having problems connecting to the internet.

Combo log:

ComboFix 07-09-14.2 - "Administrator" 09/14/2007 11:10:12.1 - [color=\"red\"]FAT32[/color]x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.48 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\APPLIC~1.\Ultimate Cleaner
C:\DOCUME~1\ADMINI~1\APPLIC~1.\Ultimate Cleaner\settings.dat
C:\DOCUME~1\ADMINI~1\APPLIC~1.\Ultimate Fixer
C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft\20509.dat
C:\DOCUME~1\ADMINI~1\APPLIC~1\microsoft\internet explorer\desktop.htt
C:\DOCUME~1\ADMINI~1\APPLIC~1\Ultimate Cleaner\settings.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1.\n.ini
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\UltimateCleaner 2007
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\bot.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Program Files\Common Files\winctl.dll
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Cleaner\com\ucsecuredelete.dll
C:\Program Files\Ultimate Cleaner\program.info
C:\Program Files\Ultimate Cleaner\UltimateCleaner.db
C:\Program Files\Ultimate Cleaner\Uninstall.exe
C:\Program Files\Ultimate Fixer
C:\Program Files\Ultimate Fixer\UltimateFixer.exe
C:\WINNT\system32\4_exception.nls
C:\WINNT\system32\mstsdsc.exe
C:\WINNT\system32\tmwsock.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_WINDBG48
-------\windbg48

((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-14 11:13   16,384   --a----t-   C:\WINNT\system32\Perflib_Perfdata_31c.dat
2007-09-14 11:11   0   --a------   C:\WINNT\system32\mstsdsc.exe
2007-09-14 11:09   51,200   --a------   C:\WINNT\NirCmd.exe
2007-09-14 09:41   <DIR>   d--------   C:\WINNT\ERUNT
2007-09-12 06:11   92,032   ---------   C:\WINNT\system32\dllcache\KRNL386.EXE
2007-09-12 06:11   35,648   ---------   C:\WINNT\system32\dllcache\ntio411.sys
2007-09-12 06:11   35,408   ---------   C:\WINNT\system32\dllcache\ntio412.sys
2007-09-12 06:11   34,544   ---------   C:\WINNT\system32\dllcache\ntio804.sys
2007-09-12 06:11   34,544   ---------   C:\WINNT\system32\dllcache\ntio404.sys
2007-09-12 06:11   33,824   ---------   C:\WINNT\system32\dllcache\NTIO.SYS
2007-09-10 09:26   <DIR>   d--------   C:\Program Files\CCleaner
2007-09-09 20:06   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-09 20:04   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-09 20:01   <DIR>   d--------   C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
99-12-07 12:00    32528   --a------   C:\WINNT\inf\wbfirdma.sys
07-07-30 19:19    92504   --a------   C:\WINNT\system32\dllcache\cdm.dll
07-07-30 19:19    92504   --a------   C:\WINNT\system32\cdm.dll
07-07-30 19:19    549720   --a------   C:\WINNT\system32\wuapi.dll
07-07-30 19:19    53080   --a------   C:\WINNT\system32\wuauclt.exe
07-07-30 19:19    53080   --a------   C:\WINNT\system32\dllcache\wuauclt.exe
07-07-30 19:19    43352   --a------   C:\WINNT\system32\wups2.dll
07-07-30 19:19    325976   --a------   C:\WINNT\system32\wucltui.dll
07-07-30 19:19    271224   --a------   C:\WINNT\system32\mucltui.dll
07-07-30 19:19    207736   --a------   C:\WINNT\system32\muweb.dll
07-07-30 19:19    203096   --a------   C:\WINNT\system32\wuweb.dll
07-07-30 19:19    1712984   --a------   C:\WINNT\system32\wuaueng.dll
07-07-30 19:19    1712984   --a------   C:\WINNT\system32\dllcache\wuaueng.dll
07-07-30 19:18    33624   --a------   C:\WINNT\system32\wups.dll
07-06-28 09:25    99072   --a------   C:\qchrqilr1.exe
07-06-28 09:25    94464   --a------   C:\qchrqilr3.exe
07-06-28 09:25    100096   --a------   C:\qchrqilr2.exe
07-06-25 13:15    23552   --a------   C:\op.dll
04-05-14 15:34    271   ---h-----   C:\Program Files\desktop.ini
04-05-14 15:34    21952   ---h-----   C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04-09-25 17:39 ]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [05-10-10 09:59 ]
"HostManager"="C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe" [06-09-25 19:52 ]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [06-11-20 15:42 ]
"sscRun"="C:\Program Files\Common Files\AOL\1129383946\ee\SSCRun.exe" [06-11-20 15:42 ]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [05-08-18 16:57 ]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [05-10-19 12:13 ]
"PPRT"="C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe" [06-12-19 13:45 ]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [06-03-07 15:05 ]
"ppsmcs"="sqvx5gamet2.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-09-25 20:03:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-10-23 17:46:02]
Broadband Support Center.lnk - C:\Program Files\Verizon Online\Support Center\bin\matcli.exe [2005-10-10 09:58:03]
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [2005-10-28 18:53:48]
SnapDetect.lnk - C:\WINNT\Twain_32\CA561A\SnapDetect.exe [2005-11-22 12:33:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S2 windev-1fe3-5087;windev-1fe3-5087;\??\C:\WINNT\system32\windev-1fe3-5087.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

Fixwareout log:

Username "Administrator" - 09/14/2007 10:59:59 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csdap.exe"
Service: "Windows Management Service" = C:\WINNT\System32\dmfzp.exe

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}86364320B5C5-5868-1844-6D54-98BA327D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3F54913211D1-B82A-B9B4-B088-C756187F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}AF204AF18ADA-154B-DBE4-23F6-0C08626F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3D80EFAD4B6C-09C8-2B34-1129-E0764371{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}18F03BD9D271-FB59-3814-8D5F-33DE179D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "pzfmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "padsc" Value deleted
HKCR\CLSID\{FF659A61-8DDA-4F83-977E-4C764E560D77}\_h\4 Deleted.
....
~~~~~ Misc files.
C:\Documents and Settings\Administrator\Application Data\Install.dat Deleted
C:\WINNT\System32\kernel32.exe Deleted
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINNT\TEMP\csdap.ren 52811 06/28/07
C:\WINNT\TEMP\dmfzp.ren 57901 06/19/03

C:\Program Files\Ultimate Fixer < Found
C:\Program Files\Ultimate Cleaner < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1129383946\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1129383946\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1129383946\\ee\\SSCRun.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"PPRT"="C:\\Program Files\\CA\\PPRT\\bin\\ITMRTSVC_Logon.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"ppsmcs"="sqvx5gamet2.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

SDFix log:

SDFix: Version 1.103

Run by Administrator on Fri 09/14/2007 at 9:42a

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
main1

ImagePath:
\??\C:\WINDOWS\system32\main.sys

main1 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

guestolo · « **Reply #3 on:** September 18, 2007, 11:01:07 PM »

Sorry for the delay, can I see a fresh hijackthis log and we'll take up where we left off

TheTechGuide Forum

News:

Author Topic: HJT Log - Help! (Read 710 times)

ummzee

HJT Log - Help!

guestolo

HJT Log - Help!

ummzee

HJT Log - Help!

guestolo

HJT Log - Help!