Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I know there is at least 1 Trojan on my computer and I have used AVG and McAfee and adaware and none of them have worked. Here is a HJT file

Logfile of HijackThis v1.99.1
Scan saved at 3:08:59 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\ePOAgent\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\ePOAgent\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\ePOAgent\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\mhs2.exe
C:\WINDOWS\system32\winlogon.exe
C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\wlzs.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\alga.exe
C:\WINDOWS\rxs3.exe
C:\WINDOWS\wls3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\wmbose.exe
C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\zt3\SVCHQST.EXE
C:\WINDOWS\system32\Sy3\exp1orer.exe
C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\Rxa3\iexp1ore.exe
C:\WINDOWS\system32\expiorer.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
F:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbg.cascoproducts.intra/common/default.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cbg.cascoproducts.intra/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.cbg.intra/cobproxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.200.111:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flash 8 - {492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} - C:\WINDOWS\system\IceHBO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tpxhst32.exe] C:\WINDOWS\system32\tpxhst32.exe
O4 - HKLM\..\Run: [mhs2] C:\WINDOWS\mhs2.exe
O4 - HKLM\..\Run: [DxDialog] C:\WINDOWS\system32\dxdlg32.exe
O4 - HKLM\..\Run: [wlzs] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\wlzs.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [zts2] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [mytsf] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
O4 - HKLM\..\Run: [6j8540gy] C:\WINDOWS\alga.exe
O4 - HKLM\..\Run: [rxs3] C:\WINDOWS\rxs3.exe
O4 - HKLM\..\Run: [wls3] C:\WINDOWS\wls3.exe
O4 - HKLM\..\Run: [ll7s4df] C:\WINDOWS\iexpl0re.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [myMh2] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\mh2\iexpl0re.EXE
O4 - HKCU\..\Run: [myZt2] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
O4 - HKCU\..\Run: [myZt3] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\zt3\SVCHQST.EXE
O4 - HKCU\..\Run: [Syzmy3] C:\WINDOWS\system32\Sy3\exp1orer.exe
O4 - HKCU\..\Run: [myRx3] C:\DOCUME~1\WANGW~1.COV\LOCALS~1\Temp\Rxa3\iexp1ore.exe
O4 - HKCU\..\Run: [SyztMy] C:\WINDOWS\system32\expiorer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.cmsce.zju.edu.cn/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coveright.intra
O17 - HKLM\Software\..\Telephony: DomainName = coveright.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coveright.intra
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\ePOAgent\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RpcService - Unknown owner - C:\WINDOWS\SYSTEM32\EXPLORE.EXE (file missing)
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top