View Full Version : problem with cmdservice
hi, my spybot s&d finds 3 cmdservices running, but I can't remove them
I read another thread here on the same topic, but I can't find the same files with hijackthis, this is my log
Logfile of HijackThis v1.99.1
Scan saved at 14:04:11, on 10/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janpieter\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ir8ol5l31.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
plz help!!
Hello Meteora.
I moved your topic from the Spybot-S&D forum as hjt logs are not analysed there. :)
Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
HJT should be in its own folder.
Also in that topic:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)
Cheers.
Hello Meteora.
I moved your topic from the Spybot-S&D forum as hjt logs are not analysed there. :)
Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
HJT should be in its own folder.
Also in that topic:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)
Cheers.
ok thx
can anyone help me?
these pop-ups in firefox are really annoying
LonnyRJones
2006-07-12, 16:54
C:\Documents and Settings\Janpieter\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
Your running Hijackthis from a temp and/Or it still hasnt been unzipped, neither is a good idea.
Create a new folder, for instance C:\AntiSpyware
Download the exe from here to that new folder.
http://www.merijn.org/files/HijackThis.exe
This is necessary to ensure you have backups should anything go wrong
Make and post a new log
ok here is new log:
Logfile of HijackThis v1.99.1
Scan saved at 19:14:55, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\AntiSpyWare\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\j00s0ad7ed0.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
LonnyRJones
2006-07-12, 21:56
Thanks
What do you use Serv-U for ?
Why dont i see an antivirus program in your logs
Please download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.
Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.
this is look2me sestoryer log
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 12/07/2006 22:59:06
Infected! C:\WINDOWS\system32\lvno0953e.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll
Infected! C:\WINDOWS\system32\e4jm0e11eh.dll
Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\WINDOWS\system32\k4pm0e71eh.dll
Infected! C:\WINDOWS\system32\l0l60a3sed.dll
Infected! C:\WINDOWS\system32\lvno0953e.dll
Infected! C:\WINDOWS\system32\mhcms.dll
Infected! C:\WINDOWS\system32\sjlwapi.dll
Infected! C:\WINDOWS\system32\wdpshell.dll
Infected! C:\WINDOWS\system32\wispdmod.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\lvno0953e.dll
C:\WINDOWS\system32\lvno0953e.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e4jm0e11eh.dll
C:\WINDOWS\system32\e4jm0e11eh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k4pm0e71eh.dll
C:\WINDOWS\system32\k4pm0e71eh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l0l60a3sed.dll
C:\WINDOWS\system32\l0l60a3sed.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lvno0953e.dll
C:\WINDOWS\system32\lvno0953e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mhcms.dll
C:\WINDOWS\system32\mhcms.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\sjlwapi.dll
C:\WINDOWS\system32\sjlwapi.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wdpshell.dll
C:\WINDOWS\system32\wdpshell.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wispdmod.dll
C:\WINDOWS\system32\wispdmod.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7C278533-9940-4580-9B74-8B516EA7F1FB}"
HKCR\Clsid\{7C278533-9940-4580-9B74-8B516EA7F1FB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9324E49C-B91D-427D-AC4A-ACC55790EB96}"
HKCR\Clsid\{9324E49C-B91D-427D-AC4A-ACC55790EB96}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A9B679E3-3975-4DC1-8ADD-88FE4DD9C312}"
HKCR\Clsid\{A9B679E3-3975-4DC1-8ADD-88FE4DD9C312}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{22C5BEE1-7199-4C94-A9BB-5292ACF6D3D6}"
HKCR\Clsid\{22C5BEE1-7199-4C94-A9BB-5292ACF6D3D6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36E5DD7F-1C0A-4E8F-96DF-8D08485A1549}"
HKCR\Clsid\{36E5DD7F-1C0A-4E8F-96DF-8D08485A1549}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{77B820C9-8F5E-4CF3-A741-DF8BBF227127}"
HKCR\Clsid\{77B820C9-8F5E-4CF3-A741-DF8BBF227127}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9BAB7D24-E603-4276-87CF-73E4AF853B92}"
HKCR\Clsid\{9BAB7D24-E603-4276-87CF-73E4AF853B92}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{233873D1-B392-4128-8236-5AF1E17986E0}"
HKCR\Clsid\{233873D1-B392-4128-8236-5AF1E17986E0}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A7C5B6A0-AD24-4FA7-8F1D-56685B9E7249}"
HKCR\Clsid\{A7C5B6A0-AD24-4FA7-8F1D-56685B9E7249}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{169083BD-0897-4991-A2D7-C8BBF578EA8C}"
HKCR\Clsid\{169083BD-0897-4991-A2D7-C8BBF578EA8C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6970F4B8-4E5E-4EF9-85E7-BCC637F7DCBC}"
HKCR\Clsid\{6970F4B8-4E5E-4EF9-85E7-BCC637F7DCBC}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
sry wrong button
Logfile of HijackThis v1.99.1
Scan saved at 23:04:05, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\AntiSpyWare\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [newname] C:\\nwnme_5.exe
O4 - HKLM\..\Run: [defender] C:\\dfndre_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrde_5.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll C:\WINDOWS\System32\mshta.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: Telephony - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
LonnyRJones
2006-07-13, 06:49
In addremove programs uninstall
Network Monitor
Answer these questions please.
What do you use Serv-U for ?
Why dont i see an antivirus program in your logs
Why havent you ever updated windows ?
In addremove programs uninstall
Network Monitor
Answer these questions please.
What do you use Serv-U for ?
Why dont i see an antivirus program in your logs
Why havent you ever updated windows ?
I use it at lanparty's to host an ftp server
I don't have an antivirus
Cuz I updated windows once and it resulted in me having to format
LonnyRJones
2006-07-13, 15:49
Well frankly theres no sence in cleaning a pc that isnt up to date and doesnt have an av program, it will definatly end up having to be formated.
Install, update and run an av program, if it has problems run it while in safe mode, there are several mentioned here
http://forums.spybot.info/showthread.php?t=279
Once thats accomplished post another hijackthis log
If your willing to update windows ? , hold on untill the cleaning process is complete
This topic is closed.
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.