Hi! Can ya'll help a newbie? =|

AardvarkAardvark
edited May 2004 in Spyware & Virus Removal
I'm having a lot of trouble sorting the junk out from the legitimate programs on my computer - I'd love some help getting them sorted out.



The attachments are two shots of my desk top, one showing the processes running on my system and the other showing my HiJackThis list. o_o

I'd love some insight into what some of these files are - I'm currentled infected (yes, infected) with some POS called OmegaSearch (wonderful article, btw!)

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited May 2004
    Please cut & paste the text of your HJT log and repost it here. Screenshots make it hard for us to help since we usually cut and paste entries into a new post, showing what to remove :)

    Welcome to short-media.
  • AardvarkAardvark
    edited May 2004
    Oh, ok. I'm sorry - I never thought to do it that way. =X

    Logfile of HijackThis v1.97.7
    Scan saved at 12:34:24 AM, on 5/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SysUpd.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\SHTCPIPW.exe
    C:\WINDOWS\System32\DMDBGV.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Stephen Klick\Desktop\HijackTHIS\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\c_g18030.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://www.cnn.com/
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SHTCPIPW] C:\WINDOWS\System32\SHTCPIPW.exe
    O4 - HKLM\..\Run: [DMDBGV] C:\WINDOWS\System32\DMDBGV.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [c_g18030] C:\WINDOWS\System32\c_g18030.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

    Better? =)
  • AardvarkAardvark
    edited May 2004
    >Bump<
  • mondimondi Icrontian
    edited May 2004
    boot into safe mode and use HJT to remove the following, then delete the referenced files.. ie: mxTarget.dll SHTCPIPW.exe DMDBGV.exe and c_g18030.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...://www.cnn.com/
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O4 - HKLM\..\Run: [SHTCPIPW] C:\WINDOWS\System32\SHTCPIPW.exe
    O4 - HKLM\..\Run: [DMDBGV] C:\WINDOWS\System32\DMDBGV.exe
    O4 - HKCU\..\Run: [c_g18030] C:\WINDOWS\System32\c_g18030.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?

    that should do it.

    m
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited May 2004
    If you do not use the things explained below you can tell HJT to delete the line that has igfxtray in it also:

    Source below quote

    igfxtray - igfxtray.exe - Process Information

    Process File: igfxtray or igfxtray.exe
    Process Name: igfxtray
    Description: Intel graphics system tray icon that gets installed with the drivers for onboard VGA cards based on the Intel 81x graphics chip set. Double-clicking the icon allows you to quickly change the display resolution, save your current display scheme, or configure your onboard graphics card. You can also configure keyboard hotkeys; shortcuts are handled by another background task called HKCMD. You can access the same features through the "Intel Graphics Technology" icon in the Control Panel.

    http://www.liutilities.com/products/wintaskspro/processlibrary/igfxtray/


    It is not a core part of the system itself, and is there to give you GUI ways to do things-- it takes up system resources, so if you do not use it and do use the builtin display manager in XP instead, you can delete it. BUT, if it does not slow down your box, then leave it as it is not a security risk. IF you want to have HJT give you a way to test how much you willl gain in system performance, then please tell HJT to quarantine this one and not to delete it, or backup everything you delete and keep backups until you know what happened that you do not like. In other words, this an optional delete that might help your box run a tib faster.

    John D.
Sign In or Register to comment.