lunchboxx

his PC is really getting slow here it is.

Logfile of HijackThis v1.99.1
Scan saved at 11:24:43 AM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\System32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\CTSvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system32\dla\tfswctrl.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\program files\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\DOCUME~1\TAYLOR~1.XT9\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\windows\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\windows\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\windows\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunOnce: [!c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll
O4 - HKLM\..\RunOnce: [!c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll
O4 - HKLM\..\RunOnce: [!c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19BA059C-F44A-45AD-90F4-B2FA211FDB95}: NameServer = 85.255.114.194,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{8823DEDE-F45F-4B3B-8E23-CEC53A17EF70}: NameServer = 85.255.114.194,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAFE9756-3CA6-415F-B9EF-BC10D2159512}: NameServer = 85.255.114.194,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.194 85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.194 85.255.112.129
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0242691185898277) (0242691185898277mcinstcleanup) - McAfee, Inc. - C:\windows\TEMP\024269~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\System32\CTSvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe




thanks,
Lunch

__________________
My PC
CPU: Core i7 920 OC'd@ 3.8
RAM: 6Gb DDR3 1600 G-Skill
GPU: EVGA Gtx 285 1Gb
HDD: 1TB WD Caviar
MOBO: EVGA x58 SLI-LE
PSU: Corsair 750TX
Sound: ASUS Xonar D2 w/ Logitech Z-5500
Case: Cooler Master HAF 932

alexandergre

He has some problems.
you can check them on http://www.hijackthis.de/en
just paste the log there. http://www.hijackthis.de/en is a very good site.

lunchboxx

Meh, id still like someone to respond. Thanks for the link though.

__________________
My PC
CPU: Core i7 920 OC'd@ 3.8
RAM: 6Gb DDR3 1600 G-Skill
GPU: EVGA Gtx 285 1Gb
HDD: 1TB WD Caviar
MOBO: EVGA x58 SLI-LE
PSU: Corsair 750TX
Sound: ASUS Xonar D2 w/ Logitech Z-5500
Case: Cooler Master HAF 932

Crimsonite

Same old worm just changed its file names.

A new installation will fix it. lol

__________________
GeIL 2x1GB Esoteria:910 3-3-3-8 4-23 1T 2.3v
GeIL 4x1GB Esoteria:1080 5-4-4-10 4-24 2T 2.35v
_____________________________________________
AMD A64 X2 5000+ 3.24GHz | ASUS M2R32-MVP 580X | Ninja Plus Rev.B x2 120mm | GeIL 4GB(4x1GB) DDR2-1080MHz 5-4-4-10 24 2T @2.35v | WD Raptor 150GB;Caviar 320GB | ATI Radaeon HD3870 512MB GDDR4CrossFire 835/2642 | X-Fi Fatal1tyXtremeGamer Pro | PC Power & Cooling 750W | Tt Armor Full ATX| ViewSonic 22" 1680x1050

lunchboxx

naw this is a new friend

__________________
My PC
CPU: Core i7 920 OC'd@ 3.8
RAM: 6Gb DDR3 1600 G-Skill
GPU: EVGA Gtx 285 1Gb
HDD: 1TB WD Caviar
MOBO: EVGA x58 SLI-LE
PSU: Corsair 750TX
Sound: ASUS Xonar D2 w/ Logitech Z-5500
Case: Cooler Master HAF 932

Crimsonite

lol

__________________
GeIL 2x1GB Esoteria:910 3-3-3-8 4-23 1T 2.3v
GeIL 4x1GB Esoteria:1080 5-4-4-10 4-24 2T 2.35v
_____________________________________________
AMD A64 X2 5000+ 3.24GHz | ASUS M2R32-MVP 580X | Ninja Plus Rev.B x2 120mm | GeIL 4GB(4x1GB) DDR2-1080MHz 5-4-4-10 24 2T @2.35v | WD Raptor 150GB;Caviar 320GB | ATI Radaeon HD3870 512MB GDDR4CrossFire 835/2642 | X-Fi Fatal1tyXtremeGamer Pro | PC Power & Cooling 750W | Tt Armor Full ATX| ViewSonic 22" 1680x1050

nick_koolkid

he has the same worm as me? well that bites

Buzz1927

Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

__________________
Son of Glyndwr
Mae hen wlad fy nhadau yn annwyl i mi