Hijack this log -anyone to look at please?

  adenuff 23:51 04 May 05
Locked

Logfile of HijackThis v1.99.1
Scan saved at 20:01:47, on 04/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

PART ONE

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\documents and settings\louise cook\local settings\temp\fsg_4203.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll

  adenuff 23:52 04 May 05

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\AcsUninstall.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\AcsUninstallRes.dll"
O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\shfolder.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - click here
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

  adenuff 23:56 04 May 05

This is the log of an 18 year old student.... out of date macafee anti virus..... no spyware software installed..... and insists on keeping kazaa! What can you do....not a lot...please can anyone help out as I know there are a lot of probs here, have already gotten rid of lots of spyware etc, but this "instafinder" search page is a pain.
Thank you , you are always my saviours....grovel grovel....

  p;3 07:02 05 May 05

how "out of date" is the AV?

will ask Nellie; but,I think , unless proper protection is installed and used ,.....:(

  GANDALF <|:-)> 10:01 05 May 05

Dump MacAfee and get AVG for starters click here It is free and excellent. Download Ccleaner click here, run and delte all it finds.

  adenuff 10:39 05 May 05

Thanks for that.
Well the macafee is now up to date, but is obviously not picking up some probs, (instafinder) The only reason they have it is cos it came with their new (Dell) Pc, and is only only 5 months old. I fiddled with the settings as they were a bit wonky, and have done a complete scan. It wont however accept the correct password when I try and enter it to access the update facility, so thats odd.
Have run ccleaner and got rid of loads of stuff. Also installed CWShredder, Spybot S+D,Adaware.
Was thinking of changing to AVG, but Macafee is free for the year! It does howver take up a massive amount of cpu resources sometimes-up to 95% !
Any help please!

  keith-236785 10:55 05 May 05

click here for a 30 day trial of Anti-Trojan Checker.

install and do a full scan, this free trial will not remove anything it finds but it will tell you if you have a trojan and where on the system it is.

if anyone suggests turning OFF system restore, please do not do this YET,,,, it might be the only way to sort out the problem short of a format and re-install.

good luck

  p;3 14:41 05 May 05

its only 5 months old. what have they been doing with it; perhaps shouldnt ask:(
AVG is free permanently; used by loads on forum ; if you are going to do all those scans, you will need to post another log for nellie to check as the original one will be pointless after all those changes


and Stinger from click here
might give some clues for infections:);

please post back a new log after you have done whatever it is you wish to do with the machine; then suggest change nowt until Nellie has seen it; I have asked her if she will kindly take a look:)

  GANDALF <|:-)> 16:26 05 May 05

An AV will not stop instafinder and the like. I would still download AVG and DUMP MaCafee. It is no good if it cannot be updated. Run a scan wiht AVG.

If you are running XP download MS Antispy from click here and this will get rind of the likes of instafinder and othe rbrowser assistants.

I usually find that a scan with AVG, a run of CCleaner and a run of MS Antispy clears out 99% of all computers.

G

  adenuff 19:36 05 May 05

Hello
Well the log was taken after I ran the scans, so it is current now. Havent done anything more, but am a bit anxious knowing it still has nasties! I am not in the same place as the machine either, so any help will be a bit truncated, until i can get to it again!
Think I will dump macafee anyway, more trouble than its worth.
I think the kazaa files are infected with "rapidblaster", which seems to be particularly nasty as it morphs? Have downloaded a removal tool, so will do that asap, after the log has been checked.

  GANDALF <|:-)> 19:48 05 May 05

You will need to turn off system restore at some point, rescan using MS Antispy and turn sys res. back on. Re-infections are usually caused by the programmes residing in the system restore files.

For others, the rapidblaster removal tool is at click here .

G

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

Where HTML5 is headed next

MacBook Pro v Surface Pro 5