Results 1 to 4 of 4

Thread: Out of Control in Clearwater, FL.

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    1

    Angry Out of Control in Clearwater, FL.

    Thank you tashi for explaining the procedures. I really let something bad in this time! Normally I can find and fix problems that get into my system but this time it's out of hand. I am operating in "Safe Mode while Networking" because I can't even log into "Normal Mode" due to the problems I have. I ran Spybot, Ad-Aware SE Personal, and every other free program I could acquire including HiJack This. I may have deleted some files needed to get into normal mode in XP and don't have an XP disk but will handle that after I can get rid of these issues. I am currently running McAfree VirusScan as well. I have included my HiJack This log below and could use some help ASAP.

    THANK YOU ALL FOR ANY ASSISTANCE!

    Logfile of HijackThis v1.99.1
    Scan saved at 4:25:08 PM, on 9/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6UHTEKYI\Windows-KB890830-V1.20[1].exe
    c:\6019c1248597457d80\mrtstub.exe
    C:\WINDOWS\system32\MRT.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XM1R12SH\stng260[1].exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\katdc.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,uubhmlv.exe
    O2 - BHO: (no name) - {075738E0-4E91-949D-E247-086D6976722D} - C:\WINDOWS\system32\efuykhi.dll
    O2 - BHO: (no name) - {14CC93EB-4A0E-F4F1-57F1-091E3A487F08} - C:\WINDOWS\system32\rohhwrn.dll
    O2 - BHO: (no name) - {17C3B378-B76C-8217-3E2D-093B4F06E913} - C:\WINDOWS\system32\hlbsjxn.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {708DCA05-C114-8443-5508-0178C5969822} - C:\WINDOWS\system32\drculeb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\system32\clcbt.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...56/mcfscan.cab
    O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dnnm0151e.dll (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to the forum, I will see what I can do with these limitations. I see a Qoologic trojan and other junk, and suggest you proceed like this.

    1) You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas.com/malware/images/unsafefolder.gif
    Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

    2) Thanks to sUBs and anyone who helped with this fix.

    1. Download this file - combofix.exe
    http://download.bleepingcomputer.com/sUBs/combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    If the log is large You might need to post half in one reply half in another.

    3) Post a new HJT log also.

    Thanks

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Still with us drlaw?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Due to lack of responses this thread is closed
    If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •