Spyware problem

Discussion in 'Video - Software discussion' started by GAH, Mar 5, 2005.

  1. GAH

    GAH Member

    Joined:
    Mar 5, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    I was hoping someone could help out with a possible spyware/virus problem. I ran Hijackthis and here is the log. Any help would be greatly appreciated:

    Scan saved at 11:45:35 AM, on 3/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\yrohsxgz.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\FRU\Remind32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.gsmls.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0F41E5BF-25FE-F3E9-A964-723EA74F16F9} - C:\WINDOWS\system32\jghqdrvs.dll
    O2 - BHO: (no name) - {AC6DD411-7102-16C4-028A-252F57B842BD} - C:\WINDOWS\System32\aceqmlcx.dll
    O2 - BHO: (no name) - {ACA9B91D-F473-7EAF-B209-D21D4EA82C1A} - C:\WINDOWS\System32\kqnwpmgn.dll
    O2 - BHO: (no name) - {BCD0AE23-CBFB-7CDE-07EB-FA5B876D4AE3} - C:\WINDOWS\system32\bjdpisnr.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
    O4 - HKLM\..\Run: [A] c:\WINDOWS\System32\Array
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
    O4 - HKCU\..\Run: [A] c:\WINDOWS\System32\Array
    O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\FRU\Remind32.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe
    O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
    O12 - Plugin for .asx: C:\Program Files\Netscape\Navigator\Program\PLUGINS\npdsplay.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin0501.0105/streetnoagent7.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/079006b509cda4cac023/netzip/RdxIE2.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4432/mcfscan.cab
    O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

     
    GAH, Mar 5, 2005
    #1
  2. rebootjim

    rebootjim Active member

    Joined:
    May 13, 2004
    Messages:
    2,630
    Likes Received:
    0
    Trophy Points:
    66
    These 4 are your problem. Everything else looks legit, even though it's a LOT of stuff you don't need, it's not spyware.

    O2 - BHO: (no name) - {0F41E5BF-25FE-F3E9-A964-723EA74F16F9} - C:\WINDOWS\system32\jghqdrvs.dll
    O2 - BHO: (no name) - {AC6DD411-7102-16C4-028A-252F57B842BD} - C:\WINDOWS\System32\aceqmlcx.dll
    O2 - BHO: (no name) - {ACA9B91D-F473-7EAF-B209-D21D4EA82C1A} - C:\WINDOWS\System32\kqnwpmgn.dll
    O2 - BHO: (no name) - {BCD0AE23-CBFB-7CDE-07EB-FA5B876D4AE3} - C:\WINDOWS\system32\bjdpisnr.dll
     
    rebootjim, Mar 5, 2005
    #2
  3. GAH

    GAH Member

    Joined:
    Mar 5, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Thanks a ton. I want to get rid of everything I can in this log. Is there anything you definitely recommend not deleting?
     
    GAH, Mar 5, 2005
    #3
  4. GAH

    GAH Member

    Joined:
    Mar 5, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    By the way, I'm trying to fix a problem that McAfee, Norton and Spybot couldn't fix. McAfee detects it as a virus(called Downloader-VA), deletes it but it keeps coming. That's why I think there is something in the registry
     
    GAH, Mar 5, 2005
    #4

Share This Page