HJT & stoof

zonda · October 5, 2006

Sup. K, unfortunetly I share a computer with my family who are all highly computer illiterate and enjoy filling it with spyware and virii day after day. Lately my connection has been timing out... wheneever I try to update my adaware definitions I get a "error connecting to server" and I've noticed connections on limewire timing out as well. I put it into safe-mode and scanned with adaware and mcaffee, (adaware says the definitions are as of 5-10-06, but I'm not too sure if it actually downloaded them)

Anyway, have a looksee for yourself, I know this version of HJT is old, and I didn't shut everything down that I could of, but that's life. <3

Logfile of HijackThis v1.99.1

Scan saved at 5:09:58 PM, on 10/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

c:\program files\mcafee.com\agent\mcagent[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

C:\Program Files\Razer\Copperhead\razerhid[Caution: Executable File]

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

C:\Program Files\Razer\Copperhead\razerofa[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\taskmgr[Caution: Executable File]

D:\Program Files\LimeWire\LimeWire[Caution: Executable File]

C:\Documents and Settings\Duenkel\Desktop\Davids Stuff\HijackThis[Caution: Executable File]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32[Caution: Executable File] NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid[Caution: Executable File]

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr[Caution: Executable File]

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 3.0.97.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

coltm4carbine · October 6, 2006

You have a CoolWebSearch infection.

Download CWShredder Here to its own folder.

Update CWShredder

[*:2hqtyfv5]Open CWShredder and click I AGREE

[*:2hqtyfv5]Click Check For Update

[*:2hqtyfv5]Close CWShredder

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

Post a new log and see if anything else comes up

zonda · October 17, 2006

Logfile of HijackThis v1.99.1

Scan saved at 7:21:39 AM, on 10/17/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

C:\Program Files\Razer\Copperhead\razerhid[Caution: Executable File]

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

C:\Program Files\Razer\Copperhead\razertra[Caution: Executable File]

C:\Program Files\Razer\Copperhead\razerofa[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]